lect 1 computer forensics

Intro to Computer Forensics

Mr. Islahuddin JalalMS (Cyber Security) – UKM Malaysia

Research Title – 3C-CSIRT Model for Afghanistan

BAKHTAR UNIVERSITY باخترپوهنتون د

Outline• Computer forensics• Evolution, objective, advantages and disadvantages of CF• Forensics Readiness Planning• Cybercrime and its types• Cybercrime investigation

Forensics Science• Forensics Science is a science which proves to a court that the suspected was

involved or not, in the criminal activities, in order to find out the truth that injustice shall not be occurred.

• Application of physical sciences to law • in the search for truth in

• civil,• criminal,• and social behavioral matters

• In order to end that injustice shall not be done to any member of society. [CHFI]

• To prove that a person was present or not at the place of crime

Computer Forensics• It is the combination of law and computer science• Computer forensics is a process of gathering related data or

information from the digital appliances involved in the crime and preserved those data or information in a way that is acceptable to court of law.• A methodical series of techniques and procedures for gathering

evidence, from computing equipment and various storage devices and digital media that can be presented in a court of law in a coherent and meaningful format. [Dr. H.B. Wolfe]

Computer Forensics• Forensics computing is thee science of capturing, processing, and

investigating data from computers using a methodology whereby any evidence discovered is acceptable in a court of law. [CHFI]• The preservation, identification, extraction, interpretation, and

documentation of computer evidence, to include the rules of evidence, legal processes, integrity of evidence, factual reporting of the information found, and providing of expert opinion in a court of law or other legal and/or administrative proceeding as to what was found [CSI]

Aspects of Organizational Security [CHFI]

Evolution of Computer Forensics• Francis Galton (1982 – 1911): Made the first recorded study of fingerprints• Leone Lattes (1887 – 1954): Discovered Blood groupings • Calvin Goddard (1891 – 1955): allowed firearms and bullet comparison for

solving many pending court cases• Albert Osborn (1858 – 1946): Developed essential feature of document

examination• Hans Gross (1847 – 1915): Made use of scientific study to head criminal

investigations• FBI (1932): A lab was set up to provide forensics services to all field agents

and other law authorities across the country.

Evolution of Computer Forensics [CHFI]

Objective of Computer Forensics• To find out the criminal which is directly or indirectly related to cyber

region.• To recover, analyze and preserve computer and related materials in

such a way that they can be presented as evidence in a court of law.

• To identify the evidence quickly, estimate the potential impact of the malicious activity on the victim, and assess the intent and identity of the perpetrator.

Advantages of Computer Forensics• Help to protect from and solve cases involving• Theft of intellectual property

• This is related to any act that allows access to customer data and any confidential information

• Financial Fraud• This is related to anything that uses fraudulent purchase of victims information to

conduct fraudulent transactions.

Disadvantages of Computer Forensics• Digital evidence accepted into court must prove that there is no

tampering• Costs• Producing electronic records and preserving them is extremely costly

• Legal practitioners must have extensive computer knowledge

Need for Computer Forensics [CHFI]

Forensics Readiness?

• It is defined as the ability of an organization to maximize its potential to use digital evidence whilst minimizing the costs of an investigation.

Benefits of Forensics Readiness [CHFI]• Evidence can be gathered to act in the company’s defense if subject to a law suit• In the event of a major incident, a fast and efficient investigation can be

conducted and corresponding actions can be followed with minimal disruption to the business.• Forensics readiness can extend the target of information security to the wider

threat from cybercrime such as intellectual property protection, fraud, or extortion.• Fixed and structured approach for storage of evidence can considerably reduce

the expense and time of an internal investigation• It can improve and simplify law enforcement interface• In case of a major incident, proper and in-depth investigation can be conducted

Goals of Forensics Readiness [CHFI]

Forensics Readiness Planning1) Define the business states that need digital evidence2) Identify the potential evidence available3) Determine the evidence collection requirement4) Decide the procedure for securely collecting the evidence that meets the requirement in a

forensically sound manner5) Establish a policy for securely handling and storing the collected evidence6) Ensure that the observation process is aimed to detect and prevent the important incidents7) Ensure investigative staff are capable to complete any task related to handling and

preserving the evidence8) Document all the activities performed and their impact9) Ensure authorized review to facilitate action in response to the incident

Cyber Crime• Cyber crime is an illegal action against any entity using computer, its

systems and its applications.• Crime directed against a computer• Crime where the computer contains evidence• Crime where the computer is used as a tool to commit the crime

• A cyber crime is intentional and not accidental

Cyber crime• Computer and networks make a healthy environment for the cyber

criminal to perform their illegal actions due to the following factors• Speed• Anonymity• Different cyber laws

• It is also a great challenges for the investigators as well.

Modes of Attacks• There are generally two main types of attacks• Internal Attacks

• Breach of trust from employees within the organization• External Attacks

• Attackers either hired by an insider or by an external entity to destroy the competitor’s reputation

Examples of Cyber crime1) Fraud achieved by the manipulation of the computer network2) Deliberate circumvention of the computer systems3) Unauthorized access to or modification of programs and data4) Intellectual property theft, including software piracy5) Industrial espionage by means of access to or theft of computer materials6) Identity theft, which is accomplished by the use of fraudulent computer7) Writing or spreading computer viruses or worms8) Salami slicing is the practice of stealing money repeatedly in small quantities9) Denial of service attack, where the company’s websites are flooded with service

requests and their website is overloaded and either slowed or is crashed completely10) Making and digitally distributing child pornography

CHFI

Cyber Crime Investigation [CHFI]

Key Steps in Forensics Investigation [CHFI]

Key Steps in Forensics Investigation [CHFI]

Thank YouFor Your Patience