Data recovery and Digital evidence controls in digital frensics.pdf
AbhijitBodhe1
711 views
45 slides
Feb 28, 2025
Slide 1 of 45
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
About This Presentation
This topic contain information about Data recovery and Digital evidence controls in cyber and digital awareness
Slide Content
Sanjivani Rural Education Society’s
Sanjivani College of Engineering, Kopargaon-423 603
(An Autonomous Institute, Affiliated to Savitribai Phule Pune University, Pune)
NAAC ‘A’ Grade Accredited, ISO 9001:2015 Certified
Department of Computer Engineering
(NBA Accredited)
Subject- Digital Forensics (DF) [CO 315A)]
Unit 2 :- Data recovery and Digital evidence controls
Prof. Abhijit S. Bodhe
Assistant Professor
Department of Computer Engineering
E-mail :
[email protected]
Contact No: 7709 340 570
Sanjivani College of Engineering, Kopargaon-423 603
(An Autonomous Institute, Affiliated to Savitribai Phule Pune University, Pune)
NAAC ‘A’ Grade Accredited, ISO 9001:2015 Certified
Department of Computer Engineering
(NBA Accredited)
Subject- Digital Forensics (DF) [CO 315A)]
Unit 2 :- Data recovery and Digital evidence controls
Prof. Abhijit S. Bodhe
Assistant Professor
Department of Computer Engineering
E-mail :
[email protected]
Contact No: 7709 340 570
Unit 1:- Introduction to Digital Forensics
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 2
•Digital Forensics: Definition, Process,
•Locard’s Principle of Exchange,
•Branches of Digital Forensics,
•Handling Digital Crime Scene,
•Important documents and Electronic Evidence,
•Introduction to Evidence Acquisition: Identification, Acquisition,
Labeling and Packaging, Transportation, Chainof-Custody.
•Structure of storage media/devices: windows/Macintosh/ Linux --
registry,
•boot process, file systems, file metadata.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 2
•Digital Forensics: Definition, Process,
•Locard’s Principle of Exchange,
•Branches of Digital Forensics,
•Handling Digital Crime Scene,
•Important documents and Electronic Evidence,
•Introduction to Evidence Acquisition: Identification, Acquisition,
Labeling and Packaging, Transportation, Chainof-Custody.
•Structure of storage media/devices: windows/Macintosh/ Linux --
registry,
•boot process, file systems, file metadata.
Unit 2:-Data recovery and Digital evidence controls
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 3
•Data recovery: identifying hidden data
•Encryption/Decryption, Steganography,
•Recovering deleted files.
• Digital evidence controls: uncovering attacks that evade Detection
by Event Viewer, Task Manager, and other Windows GUI tools,
•Data Acquisition: Disk Imaging, Recovering swap files, temporary
&cache files.
•Data Privacy, Data privacy usages, Data privacy usages tools.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 3
•Data recovery: identifying hidden data
•Encryption/Decryption, Steganography,
•Recovering deleted files.
• Digital evidence controls: uncovering attacks that evade Detection
by Event Viewer, Task Manager, and other Windows GUI tools,
•Data Acquisition: Disk Imaging, Recovering swap files, temporary
&cache files.
•Data Privacy, Data privacy usages, Data privacy usages tools.
Data recovery: Identifying hidden data
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 4
•Data recovery: Forensic data recovery is the extraction of data from
damaged, corrupted or lost evidence sources i.e. damaged or formatted hard
drives, removable media. The data are recovered in a manner that will make
the resulting evidence admissible in the law court.
•Data recovery is a process of salvaging, retrieving or restoring inaccessible,
lost, corrupted, damaged or formatted data from storage devices, such as hard
drives, USB drives, or memory cards. This process can be performed on
various systems, including computers, smartphones, and other digital devices.
•Data recovery is the process of restoring data that has been lost, accidentally
deleted, corrupted or made inaccessible. In enterprise IT, data recovery
typically refers to the restoration of data to a desktop, laptop, server or
external storage system from a backup.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 4
•Data recovery: Forensic data recovery is the extraction of data from
damaged, corrupted or lost evidence sources i.e. damaged or formatted hard
drives, removable media. The data are recovered in a manner that will make
the resulting evidence admissible in the law court.
•Data recovery is a process of salvaging, retrieving or restoring inaccessible,
lost, corrupted, damaged or formatted data from storage devices, such as hard
drives, USB drives, or memory cards. This process can be performed on
various systems, including computers, smartphones, and other digital devices.
•Data recovery is the process of restoring data that has been lost, accidentally
deleted, corrupted or made inaccessible. In enterprise IT, data recovery
typically refers to the restoration of data to a desktop, laptop, server or
external storage system from a backup.
Steps of Data Recovery (5)
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 5
How to recover data/ Steps of recovery of data in digital forensics
1.Diagnosis, where the cause and severity of data loss are identified.
2.Repair, where any damaged components or files are fixed;
3. Extraction, in which data is retrieved from the affected device or
storage medium
4.Validation, where the recovered data's integrity is checked
5. Restoration, where the data is returned to the user or restored onto a
new storage medium.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 5
How to recover data/ Steps of recovery of data in digital forensics
1.Diagnosis, where the cause and severity of data loss are identified.
2.Repair, where any damaged components or files are fixed;
3. Extraction, in which data is retrieved from the affected device or
storage medium
4.Validation, where the recovered data's integrity is checked
5. Restoration, where the data is returned to the user or restored onto a
new storage medium.
Types of data recovery (4)
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 6
• Logical data recovery, which addresses issues like file corruption,
formatting, and accidental deletion are resolved.
•Logical data recovery deals with situations where data is lost or
inaccessible due to logical errors, such as accidental deletion, file
system corruption, or virus attack. In these cases, the storage medium
is physically intact, but the data cannot be accessed through normal
methods.
•Techniques and tools used for logical data recovery include:
1.File recovery programs (EaseUS Data Recovery Wizard)
2.Data carving techniques
3.File system repair tools (Disk Drill, WinDirStat, CloneZilla)
4.RAID reconstruction tools ( DiskInternals RAID Recovery, R-Studio Technician)
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 6
• Logical data recovery, which addresses issues like file corruption,
formatting, and accidental deletion are resolved.
•Logical data recovery deals with situations where data is lost or
inaccessible due to logical errors, such as accidental deletion, file
system corruption, or virus attack. In these cases, the storage medium
is physically intact, but the data cannot be accessed through normal
methods.
•Techniques and tools used for logical data recovery include:
1.File recovery programs (EaseUS Data Recovery Wizard)
2.Data carving techniques
3.File system repair tools (Disk Drill, WinDirStat, CloneZilla)
4.RAID reconstruction tools ( DiskInternals RAID Recovery, R-Studio Technician)
Types of data recovery
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 7
2.Physical data recovery, which involves repairing hardware issues like
damaged drives or broken components;
•This recovery method is needed when the storage medium has suffered
physical damage, such as a broken hard drive or damaged flash storage. In
these cases, the data recovery process involves repairing or replacing the
damaged components.
•The techniques and equipment for physical data recovery include:
1.Head stack assembly replacement
2.PCB board replacement
3.Platter swap and alignment
4.Cleanroom data recovery services
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 7
2.Physical data recovery, which involves repairing hardware issues like
damaged drives or broken components;
•This recovery method is needed when the storage medium has suffered
physical damage, such as a broken hard drive or damaged flash storage. In
these cases, the data recovery process involves repairing or replacing the
damaged components.
•The techniques and equipment for physical data recovery include:
1.Head stack assembly replacement
2.PCB board replacement
3.Platter swap and alignment
4.Cleanroom data recovery services
Types of data recovery
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 8
3.Remote data recovery, which is the process of recovering data via a
network connection. You can even access systems on different
subnets, so you can repair systems across your company's
networked landscape. Remote Recover consists of host and client
components.
4. Disaster recovery, which aims to restore data and systems after
natural disasters or catastrophic events (such as avalanche,
earthquake, flood, forest fire, hurricane, lightning, tornado, tsunami
and volcanic eruption).
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 8
3.Remote data recovery, which is the process of recovering data via a
network connection. You can even access systems on different
subnets, so you can repair systems across your company's
networked landscape. Remote Recover consists of host and client
components.
4. Disaster recovery, which aims to restore data and systems after
natural disasters or catastrophic events (such as avalanche,
earthquake, flood, forest fire, hurricane, lightning, tornado, tsunami
and volcanic eruption).
Tools of data recovery
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 9
1.Data recovery software, which scans and retrieves lost files;
2.Disk imaging tools, which create an exact replica of a drive for safe
recovery;
3.File repair software, which fixes damaged files;
4.Backup and disaster recovery solutions, which enable data restoration in
case of hardware failure;
5.External storage devices, to store copies of important data;
6.Antivirus and malware protection tools, to protect data from threats; and
7.Hard drive health monitoring tools, to predict potential issues and
prevent data loss.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 9
1.Data recovery software, which scans and retrieves lost files;
2.Disk imaging tools, which create an exact replica of a drive for safe
recovery;
3.File repair software, which fixes damaged files;
4.Backup and disaster recovery solutions, which enable data restoration in
case of hardware failure;
5.External storage devices, to store copies of important data;
6.Antivirus and malware protection tools, to protect data from threats; and
7.Hard drive health monitoring tools, to predict potential issues and
prevent data loss.
Encryption/Decryption in digital forensics
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 10
•Encryption is the process by which a readable message is converted to an
unreadable form to prevent unauthorized parties from reading it.
•Decryption is a process that transforms encrypted information into its
original format.
•The process of encryption transforms information from its original format
— called plaintext — into an unreadable format — called ciphertext —
while it is being shared or transmitted.
•There are two types of encryption symmetric and asymmetric encryption.
•In symmetric encryption, there is only one key, and all communicating
parties use the same (secret) key for both encryption and decryption.
•In asymmetric, or public key, encryption, there are two keys: one key is used
for encryption, and a different key is used for decryption.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 10
•Encryption is the process by which a readable message is converted to an
unreadable form to prevent unauthorized parties from reading it.
•Decryption is a process that transforms encrypted information into its
original format.
•The process of encryption transforms information from its original format
— called plaintext — into an unreadable format — called ciphertext —
while it is being shared or transmitted.
•There are two types of encryption symmetric and asymmetric encryption.
•In symmetric encryption, there is only one key, and all communicating
parties use the same (secret) key for both encryption and decryption.
•In asymmetric, or public key, encryption, there are two keys: one key is used
for encryption, and a different key is used for decryption.
Importance of E/D in DF
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 11
1.Privacy: Encryption ensures that no one can read communications or data at rest except
the intended recipient or the rightful data owner. This prevents attackers, ad networks,
Internet service providers, and in some cases governments from intercepting and reading
sensitive data, protecting user privacy.
2.Security: Encryption helps prevent data breaches, whether the data is in transit or at rest.
If a corporate device is lost or stolen and its hard drive is properly encrypted, the data on
that device will still be secure. Similarly, encrypted communications enable the
communicating parties to exchange sensitive data without leaking the data.
3.Data integrity: Encryption also helps prevent malicious behavior such as on-path attacks.
When data is transmitted across the Internet, encryption ensures that what the recipient
receives has not been viewed or tampered with on the way.
4.Regulations: For all these reasons, many industry and government regulations require
companies that handle user data to keep that data encrypted. Examples of regulatory and
compliance standards that require encryption include HIPAA, PCI-DSS, and the GDPR.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 11
1.Privacy: Encryption ensures that no one can read communications or data at rest except
the intended recipient or the rightful data owner. This prevents attackers, ad networks,
Internet service providers, and in some cases governments from intercepting and reading
sensitive data, protecting user privacy.
2.Security: Encryption helps prevent data breaches, whether the data is in transit or at rest.
If a corporate device is lost or stolen and its hard drive is properly encrypted, the data on
that device will still be secure. Similarly, encrypted communications enable the
communicating parties to exchange sensitive data without leaking the data.
3.Data integrity: Encryption also helps prevent malicious behavior such as on-path attacks.
When data is transmitted across the Internet, encryption ensures that what the recipient
receives has not been viewed or tampered with on the way.
4.Regulations: For all these reasons, many industry and government regulations require
companies that handle user data to keep that data encrypted. Examples of regulatory and
compliance standards that require encryption include HIPAA, PCI-DSS, and the GDPR.
Common Encryption algorithms?
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 12
Problem Solving CIA:-
1.AES
2.3-DES
3.SNOW
4.RSA
5.Elliptic curve cryptography
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 12
Problem Solving CIA:-
1.AES
2.3-DES
3.SNOW
4.RSA
5.Elliptic curve cryptography
Steganography
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 13
•Steganography is the technique of hiding data within an ordinary, non
secret file or message to avoid detection; the hidden data is then
extracted at its destination.
•Steganography use can be combined with encryption as an extra step
for hiding or protecting data.
•Steganography is a means of concealing secret information within (or
even on top of) an otherwise non-secret document or other media to
avoid detection.
•It comes from the Greek words steganos, which means “covered” or
“hidden,” and graph, which means “to write.” Hence, “hidden
writing.”
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 13
•Steganography is the technique of hiding data within an ordinary, non
secret file or message to avoid detection; the hidden data is then
extracted at its destination.
•Steganography use can be combined with encryption as an extra step
for hiding or protecting data.
•Steganography is a means of concealing secret information within (or
even on top of) an otherwise non-secret document or other media to
avoid detection.
•It comes from the Greek words steganos, which means “covered” or
“hidden,” and graph, which means “to write.” Hence, “hidden
writing.”
Steganography
•Examples of steganography:
1.Hiding a message in the title and context of a shared video or image.
2.Misspelling names or words that are popular in the media in a given
week, to suggest an alternate meaning.
3.Hiding a picture that can be traced by using Paint or any other
drawing tool.
•Steganography can also be used to hide coded messages in images. A
cyber criminal may take a picture of a landscape, for instance, and
hide a message or malicious file in the empty spaces of that file. Then,
they can transmit the image to its intended recipient who knows to
decode it.
•https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/what-is-steganography-guide-meaning-
types-tools/ DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 14
•Examples of steganography:
1.Hiding a message in the title and context of a shared video or image.
2.Misspelling names or words that are popular in the media in a given
week, to suggest an alternate meaning.
3.Hiding a picture that can be traced by using Paint or any other
drawing tool.
•Steganography can also be used to hide coded messages in images. A
cyber criminal may take a picture of a landscape, for instance, and
hide a message or malicious file in the empty spaces of that file. Then,
they can transmit the image to its intended recipient who knows to
decode it.
•https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/what-is-steganography-guide-meaning-
types-tools/ DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 14
Types of Steganography(5)
•Text steganography. Text steganography conceals a secret message
inside a piece of text. The simplest version of text steganography
might use the first letter in each sentence to form the hidden message.
Other text steganography techniques might include adding meaningful
typos or encoding information through punctuation.
•Image steganography. secret information is encoded within a digital
image. This technique relies on the fact that small changes in image
color or noise are very difficult to detect with the human eye. For
example, one image can be concealed within another by using the least
significant bits of each pixel in the image to represent the hidden
image instead.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 15
•Text steganography. Text steganography conceals a secret message
inside a piece of text. The simplest version of text steganography
might use the first letter in each sentence to form the hidden message.
Other text steganography techniques might include adding meaningful
typos or encoding information through punctuation.
•Image steganography. secret information is encoded within a digital
image. This technique relies on the fact that small changes in image
color or noise are very difficult to detect with the human eye. For
example, one image can be concealed within another by using the least
significant bits of each pixel in the image to represent the hidden
image instead.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 15
Types of Steganography
•Video steganography, Video steganography is a more sophisticated
version of image steganography that can encode entire videos.
Because digital videos are represented as a sequence of consecutive
images, each video frame can encode a separate image, hiding a
coherent video in plain sight.
•Audio steganography, Audio files, like images and videos, can be used
to conceal information. One simple form of audio steganography is
“backmasking,” in which secret messages are played backwards on a
track (requiring the listener to play the entire track backwards). More
sophisticated techniques might involve the least significant bits of
each byte in the audio file, similar to image steganography.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 16
•Video steganography, Video steganography is a more sophisticated
version of image steganography that can encode entire videos.
Because digital videos are represented as a sequence of consecutive
images, each video frame can encode a separate image, hiding a
coherent video in plain sight.
•Audio steganography, Audio files, like images and videos, can be used
to conceal information. One simple form of audio steganography is
“backmasking,” in which secret messages are played backwards on a
track (requiring the listener to play the entire track backwards). More
sophisticated techniques might involve the least significant bits of
each byte in the audio file, similar to image steganography.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 16
Types of Steganography
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 17
•Network steganography, network steganography is a clever digital
steganography technique that hides information inside network traffic.
For example, data can be concealed within the TCP/IP headers or
payloads of network packets. The sender can even impart information
based on the time between sending different packets.
Hands On Tool:-
OpenStego is an open-source steganography tool that offers two main
functionalities: data hiding and watermarking (i.e., hiding an invisible
signature). As of this writing, OpenStego works only for image files.
Open url:- Check how it works https://www.openstego.com/
Download setup and you can do..
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 17
•Network steganography, network steganography is a clever digital
steganography technique that hides information inside network traffic.
For example, data can be concealed within the TCP/IP headers or
payloads of network packets. The sender can even impart information
based on the time between sending different packets.
Hands On Tool:-
OpenStego is an open-source steganography tool that offers two main
functionalities: data hiding and watermarking (i.e., hiding an invisible
signature). As of this writing, OpenStego works only for image files.
Open url:- Check how it works https://www.openstego.com/
Download setup and you can do..
Digital Evidence Controls
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 18
•Digital evidence is information stored or transmitted in binary form
that may be relied on in court.
• It can be found on a computer hard drive, a mobile phone, among
other place’s. Digital evidence is commonly associated with electronic
crime, or e-crime, such as Identity Theft, credit card fraud, phishing,
spreading hate and inciting terrorism or Software Piracy.
•8 Types of major Digital Evidence:-
1.Logs.
2.Archives.
3.Metadata.
4.Volatile Data.
5.Video Footage and Images.
6.Active Data.
7.Residual Data.
8.Replicate Data.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 18
•Digital evidence is information stored or transmitted in binary form
that may be relied on in court.
• It can be found on a computer hard drive, a mobile phone, among
other place’s. Digital evidence is commonly associated with electronic
crime, or e-crime, such as Identity Theft, credit card fraud, phishing,
spreading hate and inciting terrorism or Software Piracy.
•8 Types of major Digital Evidence:-
1.Logs.
2.Archives.
3.Metadata.
4.Volatile Data.
5.Video Footage and Images.
6.Active Data.
7.Residual Data.
8.Replicate Data.
Uncovering Attacks & Evade Detection (Win.OS)
•Evasive techniques include flooding, fragmentation, encryption, and
obfuscation are used by hackers to attack on machine for data.
•uncovering attacks that evade Detection:-
•Evade:-to manage to escape from OR avoid by skill or trick.
•Evade detection:- to avoid being found out or discovered.
•uncovering attacks that evade Detection :-उन हमल ो ो क उजागर करना
ज पहचान से बच जाते हैं.
•Most comman Tools used are :-
1.Event Viewer
2.Task Manager
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 19
•Evasive techniques include flooding, fragmentation, encryption, and
obfuscation are used by hackers to attack on machine for data.
•uncovering attacks that evade Detection:-
•Evade:-to manage to escape from OR avoid by skill or trick.
•Evade detection:- to avoid being found out or discovered.
•uncovering attacks that evade Detection :-उन हमल ो ो क उजागर करना
ज पहचान से बच जाते हैं.
•Most comman Tools used are :-
1.Event Viewer
2.Task Manager
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 19
Uncovering attacks by tool:- Event Viewer
•In Windows, the event logs are stored in the
C:\WINDOWS\system32\config\ folder. They are created for each system
access, operating system blip( used for updating data and applications),
security modification, hardware malfunction and driver issue.
•By default, Event Viewer log files use the . Evtx((Windows XML Event Log).
extension, Log file name and location information is stored in the registry of
windows.
• As the log files are saved in binary XML format, we need specialized
libraries to open and convert them to readable format.
•Event Viewer TT:-
https://www.youtube.com/watch?v=corhqJp_HNw&ab_channel=MDTechVideos
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 20
•In Windows, the event logs are stored in the
C:\WINDOWS\system32\config\ folder. They are created for each system
access, operating system blip( used for updating data and applications),
security modification, hardware malfunction and driver issue.
•By default, Event Viewer log files use the . Evtx((Windows XML Event Log).
extension, Log file name and location information is stored in the registry of
windows.
• As the log files are saved in binary XML format, we need specialized
libraries to open and convert them to readable format.
•Event Viewer TT:-
https://www.youtube.com/watch?v=corhqJp_HNw&ab_channel=MDTechVideos
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 20
Types of Information Stored in Windows Event Logs
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 21
1.Event time and date - Contains the time and date of the event.
2.ID of the event - The unique identification number of a specific event.
3.Log name - Name of the specific event, usually stored for security, system,
and applications.
4.Source - Contains the name of the software generating the event.
5.User - The name of the user the event was created or run by.
6.Level - Describes the seriousness of the recorded event.
7.Computer - Represents the computer name.
•Note:-The information stored in the Windows event logs will help you locate
the possible threats and help you improve your system's functionality.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 21
1.Event time and date - Contains the time and date of the event.
2.ID of the event - The unique identification number of a specific event.
3.Log name - Name of the specific event, usually stored for security, system,
and applications.
4.Source - Contains the name of the software generating the event.
5.User - The name of the user the event was created or run by.
6.Level - Describes the seriousness of the recorded event.
7.Computer - Represents the computer name.
•Note:-The information stored in the Windows event logs will help you locate
the possible threats and help you improve your system's functionality.
Accessing the Event Viewer
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 22
•Accessing the Event Viewer is simple. steps to open the Event Viewer:
1.Press the Windows key or access the search bar from the Taskbar.
2.Type Event Viewer in the search bar. 3. Click on Event Viewer to open the app.
Here is another way to open Event Viewer:
Hit Windows key + R to open the run window. , type eventvwr and click OK.
•In the Open barEvent Viewer includes four main folders you will see once you launch the
application for the first time:
1.Custom Views.
2.Windows Logs.
3.Application and Services logs.
4.Subscriptions.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 22
•Accessing the Event Viewer is simple. steps to open the Event Viewer:
1.Press the Windows key or access the search bar from the Taskbar.
2.Type Event Viewer in the search bar. 3. Click on Event Viewer to open the app.
Here is another way to open Event Viewer:
Hit Windows key + R to open the run window. , type eventvwr and click OK.
•In the Open barEvent Viewer includes four main folders you will see once you launch the
application for the first time:
1.Custom Views.
2.Windows Logs.
3.Application and Services logs.
4.Subscriptions.
Log Categories Generated in Event Viewer
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 23
1.Security - Logs related to various authentication requests, failed and
successful logins.
2.Application - System components logs and other logs related to drivers.
3.System - Logs created by the operating system, status change of the
various services, and uptime.
4.Setup - Logs regarding updates and installs on your Windows system.
5.Forwarded events - Logs generated on a remote server that were
forwarded to your server.
•All logs have an event level assigned. The event level implies the severity
or the level of the impact of any problems generated in the logs.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 23
1.Security - Logs related to various authentication requests, failed and
successful logins.
2.Application - System components logs and other logs related to drivers.
3.System - Logs created by the operating system, status change of the
various services, and uptime.
4.Setup - Logs regarding updates and installs on your Windows system.
5.Forwarded events - Logs generated on a remote server that were
forwarded to your server.
•All logs have an event level assigned. The event level implies the severity
or the level of the impact of any problems generated in the logs.
Event ID’s in Event Manager
• https://www.liquidweb.com/kb/where-are-the-windows-logs-stored/
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 24
•Event ID 4697 is a specific event log entry in Microsoft Windows
operating systems that is generated when a service on the system is
scheduled to start.
•In the context of cyber security, analyzing Event ID 4697 can be important
for several reasons
•Event ID 4697 is a valuable event log entry in Windows systems that can
help organizations detect and respond to security threats.
•List of event Id’s & Meaning:-
https://www.xplg.com/windows-server-security-events-list/
• https://www.liquidweb.com/kb/where-are-the-windows-logs-stored/
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 24
•Event ID 4697 is a specific event log entry in Microsoft Windows
operating systems that is generated when a service on the system is
scheduled to start.
•In the context of cyber security, analyzing Event ID 4697 can be important
for several reasons
•Event ID 4697 is a valuable event log entry in Windows systems that can
help organizations detect and respond to security threats.
•List of event Id’s & Meaning:-
https://www.xplg.com/windows-server-security-events-list/
Event ID’s in Event Manager
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 25
Event IDWhat it means
4624 Successful account log on
4625 Failed account log on
4634 An account logged off
4648 A logon attempt was made with explicit credentials
4719 System audit policy was changed.
4964 A special group has been assigned to a new log on
1102 Audit log was cleared. This can relate to a potential attack
4720 A user account was created
4722 A user account was enabled
4723 An attempt was made to change the password of an account
4725 A user account was disabled
4728 A user was added to a privileged global group
4732 A user was added to a privileged local group
Other EID’s
4738
4740
4767
4735
4737
4755
4772
4777
4782
4616
4657
4697
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 25
Event IDWhat it means
4624 Successful account log on
4625 Failed account log on
4634 An account logged off
4648 A logon attempt was made with explicit credentials
4719 System audit policy was changed.
4964 A special group has been assigned to a new log on
1102 Audit log was cleared. This can relate to a potential attack
4720 A user account was created
4722 A user account was enabled
4723 An attempt was made to change the password of an account
4725 A user account was disabled
4728 A user was added to a privileged global group
4732 A user was added to a privileged local group
Other EID’s
4738
4740
4767
4735
4737
4755
4772
4777
4782
4616
4657
4697
Uncovering attacks by tool:- 2.Task Manager
•The (Windows) Task Manager allows a user to view the performance of the
system. It contains views that show the overall performance, and the
performance per Package/Process. It also shows the currently logged on Users
and Services of the computer. These can be controlled by an Administrator.
•Task Manager (Microsoft Windows Task Manager), is a component of the
Windows operating system (OS) that helps administrators and end users monitor,
manage and troubleshoot tasks. A task is a basic unit of programming that an OS
controls. In the context of Task Manager, a task might be an application, a
Windows process or a background process.
•Video Link:-https://learn.microsoft.com/en-us/shows/inside/task-manager
•https://www.techtarget.com/searchenterprisedesktop/definition/Microsoft-Windows-Task-Manager
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 26
•The (Windows) Task Manager allows a user to view the performance of the
system. It contains views that show the overall performance, and the
performance per Package/Process. It also shows the currently logged on Users
and Services of the computer. These can be controlled by an Administrator.
•Task Manager (Microsoft Windows Task Manager), is a component of the
Windows operating system (OS) that helps administrators and end users monitor,
manage and troubleshoot tasks. A task is a basic unit of programming that an OS
controls. In the context of Task Manager, a task might be an application, a
Windows process or a background process.
•Video Link:-https://learn.microsoft.com/en-us/shows/inside/task-manager
•https://www.techtarget.com/searchenterprisedesktop/definition/Microsoft-Windows-Task-Manager
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 26
Task Manager
•IT professionals (Cyber Experts mostly) use Task Manager to quickly identify
system bottlenecks that might be responsible for performance or stability
problems, before such bottlenecks they deploy more comprehensive or intrusive
troubleshooting tools (Firewall) and tasks(Active Antivirus). Task Manager can
help IT professionals spot unusual or unexpected behavior that could
indicate malware or other unauthorized software.
•Task Manager also lets administrators terminate applications and processes,
adjust processing priorities and set processor for best computer performance.
•In addition, admin can view information about the users currently logged onto a
system, as well as disconnect any of those users when troubleshooting logon or
connectivity issues.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 27
•IT professionals (Cyber Experts mostly) use Task Manager to quickly identify
system bottlenecks that might be responsible for performance or stability
problems, before such bottlenecks they deploy more comprehensive or intrusive
troubleshooting tools (Firewall) and tasks(Active Antivirus). Task Manager can
help IT professionals spot unusual or unexpected behavior that could
indicate malware or other unauthorized software.
•Task Manager also lets administrators terminate applications and processes,
adjust processing priorities and set processor for best computer performance.
•In addition, admin can view information about the users currently logged onto a
system, as well as disconnect any of those users when troubleshooting logon or
connectivity issues.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 27
Task Manager Tabs(7)
1.Processes. This tab lists all live processes currently running on the system and the
resources they're using. By default, the processes are grouped into three
categories: Apps, Background processes and Windows processes.
2.Performance. This tab monitors hardware resources in real time, using
visualizations to display performance data about each resource. App history. This
tab displays the CPU and network resources that individual processes use. The
information is specific to the current user account and system accounts. one or more
disk resources and one or more network resources such as Ethernet or Wi-Fi.
3.Startup. This tab lists the processes that automatically load when the computer
boots up. Users can either enable or disable a startup process.
4.Users. This tab lists resource utilization information for each user currently
connected to the computer. The tab also lists utilization information about the
processes associated with each user. This tab is similar to the Processes tab,
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 28
1.Processes. This tab lists all live processes currently running on the system and the
resources they're using. By default, the processes are grouped into three
categories: Apps, Background processes and Windows processes.
2.Performance. This tab monitors hardware resources in real time, using
visualizations to display performance data about each resource. App history. This
tab displays the CPU and network resources that individual processes use. The
information is specific to the current user account and system accounts. one or more
disk resources and one or more network resources such as Ethernet or Wi-Fi.
3.Startup. This tab lists the processes that automatically load when the computer
boots up. Users can either enable or disable a startup process.
4.Users. This tab lists resource utilization information for each user currently
connected to the computer. The tab also lists utilization information about the
processes associated with each user. This tab is similar to the Processes tab,
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 28
Task Manager Tabs(7)
5.Details. This tab displays all current processes, However, the Details tab lets users
display a lot more information about each process, such as session ID, CPU time,
memory working set, base priority, handles, threads and I/O reads and writes.
6.Services. This tab, which is a pared-down version of the Services utility, lists all
actively running services. Users can start, stop or restart services. They can also
launch the Services utility.
•Windows includes a variety of methods for launching Task Manager, including:
1.Press Ctrl+Shift+Esc.
2.Press Ctrl+Alt+Del, and then click Task Manager on the Windows Security screen.
3.Right-click the Windows taskbar and then click Task Manager.
4.Right-click the Start button and then click Task Manager.
5.Type task manager in the Window search box and then click the Task Manager
app in the results.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 29
5.Details. This tab displays all current processes, However, the Details tab lets users
display a lot more information about each process, such as session ID, CPU time,
memory working set, base priority, handles, threads and I/O reads and writes.
6.Services. This tab, which is a pared-down version of the Services utility, lists all
actively running services. Users can start, stop or restart services. They can also
launch the Services utility.
•Windows includes a variety of methods for launching Task Manager, including:
1.Press Ctrl+Shift+Esc.
2.Press Ctrl+Alt+Del, and then click Task Manager on the Windows Security screen.
3.Right-click the Windows taskbar and then click Task Manager.
4.Right-click the Start button and then click Task Manager.
5.Type task manager in the Window search box and then click the Task Manager
app in the results.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 29
Digital evidence Controlling Tools
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 30
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 30
Data Acquisition
•The gathering and recovery of sensitive data during a digital forensic
investigation is known as data acquisition.
•Data acquisition is a process that involves collecting, measuring, and
storing information from various sources for further analysis or processing
•Cybercrimes often involve the hacking or corruption of data. Digital
forensic analysts need to know how to access, recover, and restore that data
as well as how to protect it for future management.
•The four methods of acquiring data for forensics analysis are, 1.Disk- to-
Image file, 2.Disk-to- Disk copy, 3.Logical disk- to- Disk 4.Disk- to- Data
file, or sparse data copy of a folder or file.
•Large disks might require using tape backup devices. With enough tapes,
any size drive or RAID drive can be backed up.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 31
•The gathering and recovery of sensitive data during a digital forensic
investigation is known as data acquisition.
•Data acquisition is a process that involves collecting, measuring, and
storing information from various sources for further analysis or processing
•Cybercrimes often involve the hacking or corruption of data. Digital
forensic analysts need to know how to access, recover, and restore that data
as well as how to protect it for future management.
•The four methods of acquiring data for forensics analysis are, 1.Disk- to-
Image file, 2.Disk-to- Disk copy, 3.Logical disk- to- Disk 4.Disk- to- Data
file, or sparse data copy of a folder or file.
•Large disks might require using tape backup devices. With enough tapes,
any size drive or RAID drive can be backed up.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 31
Disk Imaging
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 32
•Disk imaging involves creating a byte-by-byte archive of a hard drive,
resulting in a compressed file format (typically saved as an ISO file).
These compressed image files are often stored on external drives or in
the cloud due to their substantial size.
•In short, we can say that a Forensic Disk Image is an exact sector by
sector cloned copy of any computer system that is used for investigation
purposes to prevent data alteration on the actual system.
•The process entails copying all the data stored on the source drive,
including data like the master boot record and table allocation
information. This image, however, is a single file that can be stored in
any storage device and not necessarily an identical hard drive.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 32
•Disk imaging involves creating a byte-by-byte archive of a hard drive,
resulting in a compressed file format (typically saved as an ISO file).
These compressed image files are often stored on external drives or in
the cloud due to their substantial size.
•In short, we can say that a Forensic Disk Image is an exact sector by
sector cloned copy of any computer system that is used for investigation
purposes to prevent data alteration on the actual system.
•The process entails copying all the data stored on the source drive,
including data like the master boot record and table allocation
information. This image, however, is a single file that can be stored in
any storage device and not necessarily an identical hard drive.
Benefits Of Disk Imaging
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 33
1.Copy one system to a large number of identical computers. There is
no need to set up every computer separately, or setup the whole OS
from scratch. One image can be put on many machine. Solutions
today can put the same image onto thousands of machines at once
2.Incremental (differential) backups. You can make as many different
images as you want. This gives you flexibility to change back to any
preferred configuration.
3. Images are saved as files. Disk space today is cheaper than office
space! If an employee leaves the company, make an image of their
drive and keep it handy in case you need it again.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 33
1.Copy one system to a large number of identical computers. There is
no need to set up every computer separately, or setup the whole OS
from scratch. One image can be put on many machine. Solutions
today can put the same image onto thousands of machines at once
2.Incremental (differential) backups. You can make as many different
images as you want. This gives you flexibility to change back to any
preferred configuration.
3. Images are saved as files. Disk space today is cheaper than office
space! If an employee leaves the company, make an image of their
drive and keep it handy in case you need it again.
Disk Imaging Vs. Cloning
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 34
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 34
Imaging Vs. Cloning
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 35
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 35
Uses/Application of Disk Imaging
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 36
1.Corporate World:Small and medium-sized businesses, large scale companies, and
conglomerate corporate organizations use this software for back-up and other
purposes.
2.Government Institutions: Present-day Governments are creators of bulk data. The
data about their various departments, branches, citizens, and sensitive defense data
has to be stored carefully with multiple back-ups.
3.Forensics Department:The use of this software is not only limited to the
corporate world, government organizations, individuals
4.Data Recovery Firms:Data recovery firms that recover data from even damaged
hard disks use high-quality disk imaging software to complete the process.
5.Individuals: Individuals in professions like chartered accountancy, specialist
doctors, stockbrokers, real estate consultants, counselors, and others create data
that they require to be safe and secure.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 36
1.Corporate World:Small and medium-sized businesses, large scale companies, and
conglomerate corporate organizations use this software for back-up and other
purposes.
2.Government Institutions: Present-day Governments are creators of bulk data. The
data about their various departments, branches, citizens, and sensitive defense data
has to be stored carefully with multiple back-ups.
3.Forensics Department:The use of this software is not only limited to the
corporate world, government organizations, individuals
4.Data Recovery Firms:Data recovery firms that recover data from even damaged
hard disks use high-quality disk imaging software to complete the process.
5.Individuals: Individuals in professions like chartered accountancy, specialist
doctors, stockbrokers, real estate consultants, counselors, and others create data
that they require to be safe and secure.
Open-source Disk Imaging Software
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 37
1.Clonezilla
2.FOG:-. It is an open source Linux-based tool.
3.Do clone:-freecloning software written in C++ for disk imaging of
GNU/Linux systems.
4.Part clone
5.Mondo Rescue
6.AOMEI Backupper
7.Macrium Reflect
8.Drive image XML
9.Ease us
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 37
1.Clonezilla
2.FOG:-. It is an open source Linux-based tool.
3.Do clone:-freecloning software written in C++ for disk imaging of
GNU/Linux systems.
4.Part clone
5.Mondo Rescue
6.AOMEI Backupper
7.Macrium Reflect
8.Drive image XML
9.Ease us
Clonezilla
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 38
•Clonezilla is a free and open-source disk imaging software that comes in three
versions: a. Clonezilla live, b. Clonezilla lite server, and c. Clonezilla SE (server
edition).
•Clonezilla live is used for single computer back-up, while the Clonezilla lite server or
SE is for bulk computer deployments. Its reported cloning speed is 8GB per minute.
•Features: Multiple file systems are supported: ext2, ext4, ReiserFS,ext3, reiser4,
xfs, jfs, btrfs, f2fs and nilfs2 of GNU/Linux, FAT12, FAT16, FAT32, NTFS of MS
Windows, HFS+ of Mac OS,
•Supports multiple 32-bit (x86) or 64-bit (x86-64) Operating systems
•The Master boot record and GUID partition table formats of hard drives are
supported. AES-256 encryption for data security. The boot loader can be reinstalled.
One image can be restored to multiple local devices. Clonezilla takes all commands
and options. It can be booted on a BIOS or uEFI machine.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 38
•Clonezilla is a free and open-source disk imaging software that comes in three
versions: a. Clonezilla live, b. Clonezilla lite server, and c. Clonezilla SE (server
edition).
•Clonezilla live is used for single computer back-up, while the Clonezilla lite server or
SE is for bulk computer deployments. Its reported cloning speed is 8GB per minute.
•Features: Multiple file systems are supported: ext2, ext4, ReiserFS,ext3, reiser4,
xfs, jfs, btrfs, f2fs and nilfs2 of GNU/Linux, FAT12, FAT16, FAT32, NTFS of MS
Windows, HFS+ of Mac OS,
•Supports multiple 32-bit (x86) or 64-bit (x86-64) Operating systems
•The Master boot record and GUID partition table formats of hard drives are
supported. AES-256 encryption for data security. The boot loader can be reinstalled.
One image can be restored to multiple local devices. Clonezilla takes all commands
and options. It can be booted on a BIOS or uEFI machine.
Recovering swap files
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 39
•Recoveringswapfilesmeansretrievingdatafromatemporary
fileonyourcomputer'sharddrivecalleda"swapfile"which
storesdatathatwastemporarilymovedfromyourRAMwhenit
ranlowonspace,
•Itallowingyoutopotentiallyrecoverunsavedworkifyour
systemcrashesorunexpectedlyshutsdown;
•essentially,it'sawaytorestoredatathatwasinusebutnot
permanentlysavedtoyourharddrive
•Tools:-youcanusededicateddatarecoverysoftwarelikeDisk
Drill.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 39
•Recoveringswapfilesmeansretrievingdatafromatemporary
fileonyourcomputer'sharddrivecalleda"swapfile"which
storesdatathatwastemporarilymovedfromyourRAMwhenit
ranlowonspace,
•Itallowingyoutopotentiallyrecoverunsavedworkifyour
systemcrashesorunexpectedlyshutsdown;
•essentially,it'sawaytorestoredatathatwasinusebutnot
permanentlysavedtoyourharddrive
•Tools:-youcanusededicateddatarecoverysoftwarelikeDisk
Drill.
Temporary&Cachefiles
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 40
•Temporarycachefilesrefertotemporarydatastoredbyacomputersystem,
Example-webbrowsercache.
•whichcanholdvaluableevidenceaboutauser'srecentactivity,includingvisited
websites,downloadedfiles,andevenpartiallydownloaded(malicious)content.
•Thesefilesprovidescrucialinsightsforinvestigationsbypreservingasnapshotof
onlineinteractionsandactingasadigitalfootprintsthatcanbeanalyzedbyforensic
investigators.
•Typesofcacheddata
1.Webpages:HTMLcontent,images,andotherelementsofvisitedwebsites.
2.Downloadedfiles:Partiallydownloadedfilesthatmayrevealattempteddownloads,
evenifthedownloadwasinterrupted.
3.Cookies:Smalldatafilesthatstoreuserpreferencesandlogininformationon
websites
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 40
•Temporarycachefilesrefertotemporarydatastoredbyacomputersystem,
Example-webbrowsercache.
•whichcanholdvaluableevidenceaboutauser'srecentactivity,includingvisited
websites,downloadedfiles,andevenpartiallydownloaded(malicious)content.
•Thesefilesprovidescrucialinsightsforinvestigationsbypreservingasnapshotof
onlineinteractionsandactingasadigitalfootprintsthatcanbeanalyzedbyforensic
investigators.
•Typesofcacheddata
1.Webpages:HTMLcontent,images,andotherelementsofvisitedwebsites.
2.Downloadedfiles:Partiallydownloadedfilesthatmayrevealattempteddownloads,
evenifthedownloadwasinterrupted.
3.Cookies:Smalldatafilesthatstoreuserpreferencesandlogininformationon
websites
Data Privacy
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 41
•Dataprivacyindigitalforensicsreferstothepracticeofprotectingan
individual'spersonalinformationwhileconductingdigitalforensic
investigations,ensuringthatonlyrelevantdataisaccessedandanalyzed,
whileadheringtolegalandethicalguidelinestopreventunnecessary
intrusionintoprivatedataduringtheprocess.
•Individualrights:
Dataprivacyisafundamentalhumanright,whichmeansindividualshavethe
righttocontroltheirpersonalinformationandlimititsaccessanduse.
•Ethicalconcerns:
Evenwhenlegallypermissible,digitalforensicinvestigatorsmustexercise
ethicaljudgmenttoavoidaccessingirrelevantoroverlypersonaldataduring
aninvestigation.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 41
•Dataprivacyindigitalforensicsreferstothepracticeofprotectingan
individual'spersonalinformationwhileconductingdigitalforensic
investigations,ensuringthatonlyrelevantdataisaccessedandanalyzed,
whileadheringtolegalandethicalguidelinestopreventunnecessary
intrusionintoprivatedataduringtheprocess.
•Individualrights:
Dataprivacyisafundamentalhumanright,whichmeansindividualshavethe
righttocontroltheirpersonalinformationandlimititsaccessanduse.
•Ethicalconcerns:
Evenwhenlegallypermissible,digitalforensicinvestigatorsmustexercise
ethicaljudgmenttoavoidaccessingirrelevantoroverlypersonaldataduring
aninvestigation.
Dataprivacyusages
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 42
•Data privacy usage refers to the way in which an organization or individual
utilizes personal information, ensuring that it is handled responsibly,
securely, and in accordance with the individual's right to control their data
•It includes how data is collected, stored, accessed, and shared, often
adhering to specific data privacy laws and regulations (chain of custody).
•The primary focus is on giving individuals the power to decide how their
personal information is used.
•Example of data privacy usage:
1.A website asking users to agree to their privacy policy before collecting
their email address for any subscriptions.
2.An online store allowing customers to access and modify their personal
information stored on their account with access rights.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 42
•Data privacy usage refers to the way in which an organization or individual
utilizes personal information, ensuring that it is handled responsibly,
securely, and in accordance with the individual's right to control their data
•It includes how data is collected, stored, accessed, and shared, often
adhering to specific data privacy laws and regulations (chain of custody).
•The primary focus is on giving individuals the power to decide how their
personal information is used.
•Example of data privacy usage:
1.A website asking users to agree to their privacy policy before collecting
their email address for any subscriptions.
2.An online store allowing customers to access and modify their personal
information stored on their account with access rights.
Data privacy usages tools
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 43
•Dataprivacyusagetoolsaresoftwareapplicationsdesignedtohelp
organizationsmanageandprotectsensitiveuserdata.
•Dataprivacytools:
1.OneTrust:Comprehensiveprivacymanagementplatformwithfeaturesfor
datamapping,riskassessment,andcompliancereporting.
2.BigID:Usesmachinelearningtoautomaticallydiscoverandclassifysensitive
dataacrosstheenterprise.
3.Collibra:Datagovernanceplatformthathelpsmanagedataprivacyby
identifyingandclassifyingsensitivedata.
4.TrustArc:Offersasuiteoftoolsfordatainventory,mapping,andcompliance
management.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 43
•Dataprivacyusagetoolsaresoftwareapplicationsdesignedtohelp
organizationsmanageandprotectsensitiveuserdata.
•Dataprivacytools:
1.OneTrust:Comprehensiveprivacymanagementplatformwithfeaturesfor
datamapping,riskassessment,andcompliancereporting.
2.BigID:Usesmachinelearningtoautomaticallydiscoverandclassifysensitive
dataacrosstheenterprise.
3.Collibra:Datagovernanceplatformthathelpsmanagedataprivacyby
identifyingandclassifyingsensitivedata.
4.TrustArc:Offersasuiteoftoolsfordatainventory,mapping,andcompliance
management.
Unit 2:-Data recovery and Digital evidence controls
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 4
4
•Data recovery: identifying hidden data
•Encryption/Decryption, Steganography,
•Recovering deleted files.
• Digital evidence controls: uncovering attacks that evade Detection
by Event Viewer, Task Manager, and other Windows GUI tools,
•Data Acquisition: Disk Imaging, Recovering swap files, temporary
&cache files.
•Data Privacy, Data privacy usages, Data privacy usages tools.
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 4
4
•Data recovery: identifying hidden data
•Encryption/Decryption, Steganography,
•Recovering deleted files.
• Digital evidence controls: uncovering attacks that evade Detection
by Event Viewer, Task Manager, and other Windows GUI tools,
•Data Acquisition: Disk Imaging, Recovering swap files, temporary
&cache files.
•Data Privacy, Data privacy usages, Data privacy usages tools.
Unit 3:-Computer Forensics analysis and validation
ComputerForensicsanalysisandvalidation:Determiningwhatdatato
collectandanalyse,validatingforensicdata,addressingdata-hiding
techniques.
NetworkForensics:Networkforensicsoverview,performinglive
acquisitions,developingstandardproceduresfornetworkforensics,
usingnetworktools,examiningthehoneynetproject.
ComputerForensictools(CaseStudy):Encase,Helix,FTK,Autopsy,
SleuthkitForensicBrowser,FIRE,FoundstoneForensicToolKit,
WinHex,Linuxddandotheropensourcetools
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 45
ComputerForensicsanalysisandvalidation:Determiningwhatdatato
collectandanalyse,validatingforensicdata,addressingdata-hiding
techniques.
NetworkForensics:Networkforensicsoverview,performinglive
acquisitions,developingstandardproceduresfornetworkforensics,
usingnetworktools,examiningthehoneynetproject.
ComputerForensictools(CaseStudy):Encase,Helix,FTK,Autopsy,
SleuthkitForensicBrowser,FIRE,FoundstoneForensicToolKit,
WinHex,Linuxddandotheropensourcetools
DEPARTMENT OF COMPUTER ENGINEERING, Sanjivani COE, Kopargaon 45
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 711
- Slides 45
- Age 277 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
33 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
27 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views