cyber forensic 1
TRANSCRIPT
CYBER FORENSIC
OVERVIEW
Application of the scientific method to digital media in order to establish factual information for judicial review.
The process of extracting information and data from computer storage media and guaranteeing its accuracy and reliability.
Collection of people - processes – tools - measures that support or refute certain allegations or suspicions of misuse which involve a computer system.
"PLAUSIBLE DENIABILITY" DEFENSE
"My machine had a backdoor installed.Someone else must have loaded those
child pornography files on my system." Cyber forensics may determine the accuracy
of this statement.
CRIME & UNAUTHORIZED ACTIVITY
CrimeBreach of federal, state or other forms of
established law. Unauthorized Activity
Activities that are restricted by policies
ASPECTS OF ORGANIZATIONAL SECURITY
— IT Security‘• Application security• Computing security• Data security• Information security• Network security— Physical Security'• Facilities security• Human security— Financial Security• Security from frauds— Legal Security• National security• Public security
FORENSIC INVESTIGATION
Process of Computer Forensics
1. Preservation
2. Acquisition
3. Analysis
4. Discovery
5. Documentation
6. Presentation of Evidence
PRESERVATION
Making sure the evidence is un-tampered with and continues to be in the state in which it is found
ACQUISITION
The Process of acquiring or gaining the evidence
ANALYSIS
Going through and discovering what type of information and evidence that we have acquired
DISCOVERY
Breaking down the acquired evidence and isolating what is called relevant or interesting evidence.
Evidence that is relational to the investigations that you are going through.
DOCUMENTATION
Mostly for litigation purposes. Documentation serve to prove that we followed due
diligence when performing the investigations from beginning to the end.
Litigation: A controversy before a court or a "lawsuit”.
PRESENTATION OF EVIDENCE
Mostly for litigation purposes Convert everything that we have learned into
understandable terms when conveyed to an interesting party (corporation or court of law)
EVOLUTION OF COMPUTER FORENSICS
Francis Galton (1822-1911)•Made the first recorded study of fingerprints
Leone Lattes (1887-1954)•Discovered blood groupings (A,BAB, & o)
Calvin Goddard (1891-1955)•Allowed Firearms and bullet comparison for solving
many pending court casesAlbert Osborn (1858-1946)
•Developed essential features of document examinationHans Gross (1847-1915)
•Made use of scientific study to head criminal investigationsFBI (1932)
•A lab was set up to provide forensic sendees to all field agents and other law authorities across the country
EVOLUTION OF COMPUTER FORENSICS
CART (1984)•Computer Analysis and Response Team (CART) was
developed to provide support to FBI field offices in the search of computer evidence1993
•First International Conference on computer evidence heldIOCE(i995)
•International Organization on Computer Evidence (IOCE) formed1998
•International Forensic Science Symposium formed to provide forum for forensic manager2000
•First FBI Regional Computer Forensic Laboratory established
OBJECTIVES OF COMPUTER FORENSICS
NEED FOR COMPUTER FORENSICS
GOALS OF FORENSIC READINESS
CYBER CRIME
Cyber crime means any criminal activity in which a computer or network is the source,tool or target or place of crime.
The Cambridge English Dictionary defines cyber crimes as crimes committed with the use of computers or relating to computers, especially through internet.
Crimes involving use of information or usage of electronic means in furtherance of crime arecovered under the scope of cyber crime.
Cyber Crimes may be committed against persons,property and government
COMPUTER FACILITATED CRIMES
Dependency on the computer has given way to new crimes
Computers are used as a tool for committing crimes
Computer crimes pose new challenges for investigators due to their Speed Anonymity Fleeting nature of evidence
MODES OF ATTACK
1. Hacking - A hacker is an unauthorized user who attempts to or gains access to an informationsystem. Hacking is a crime even if there is no visible damage to the system, since it is an invasionin to the privacy of data. There are different classes of Hackers.a) White Hat Hackers - They believe that information sharing is good, and that it is their dutyto share their expertise by facilitating access to information. However there are some white hathackers who are just "joy riding" on computer systems.b) Black Hat Hackers - They cause damage after intrusion. They may steal or modify data orinsert viruses or worms which damage the system. They are also called 'crackers'.
MODES OF ATTACK
c) Grey Hat Hackers - Typically ethical but occasionally violates hacker ethics Hackers willhack into networks, stand-alone computers and software. Network hackers try to gain unauthorized access to private computer networks just for challenge, curiosity, and distribution of information. Crackers perform unauthorized intrusion with damage like stealing or changing of information or inserting malware (viruses or worms)
MODES OF ATTACK
2. Cyber Stalking - This crime involves use of internet to harass someone. The behavior includes false accusations, threats etc. Normally, majority of cyber stalkers are men and the majority of victims are women.3. Spamming - Spamming is sending of unsolicited bulk and commercial messages over the internet. Although irritating to most email users, it is not illegal unless it causes damage such as overloading network and disrupting service to subscribers or creates .negative impact on consumer attitudes towards Internet Service Provider.
MODES OF ATTACK
4. Cyber Pornography - Women and children are victims of sexual exploitation throughinternet. Pedophiles use the internet to send photos of illegal child pornography to targetedchildren so as to attract children to such funs. Later they are sexually exploited for gains.5. Phishing - It is a criminally fraudulent process of acquiring sensitive information such asusername, passwords and credit card details by disguising as a trustworthy entity in an electronic communication.
MODES OF ATTACK
6. Software Piracy - It is an illegal reproduction and distribution of software for business orpersonal use. This is considered to be a type of infringement of copy right and a violation of alicense agreement. Since the unauthorized user is not a party to the license agreement it isdifficult to find out remedies.7. Corporate Espionage - It means theft of trade secrets through illegal means such as wire tapsor illegal intrusions.
MODES OF ATTACK
9. Embezzlement - Unlawful misappropriation of money, property or any other thing of valuethat has been entrusted to the offender's care, custody or control is called embezzlement. Internet facilities are misused to commit this crime.10. Password Sniffers - Password sniffers are programmes that monitor and record the name and password of network users as they log in, jeopardizing security at a site. Whoever installs the sniffer can impersonate an authorized user and log in to access on restricted documents.
MODES OF ATTACK
12. Credit Card Fraud - In U.S.A. half a billion dollars have been lost annually by consumers who have credit cards and calling card numbers. These are stolen from on-line databases.13. Web Jacking - The term refers to forceful taking of control of a web site by cracking the password.14. Cyber terrorism - The use of computer resources to intimidate or coerce government, the civilian population or any segment thereof in furtherance of political or social objectives is called cyber terrorism. Individuals and groups quite often try to exploit anonymous character of the internet to threaten governments and terrorize the citizens of the country.
CYBER LAW Cyber law refers to all the legal and regulatory aspects
of internet and the World Wide Web. Cyber space is governed by a system of law and
regulations called cyber law. Cyber law is needed because of the following reasons
(a) Today millions of people are using the internet all over the world.
Because of global communications, internet is misused for criminal activities which require regulation.
Today many disturbing and unethical things are happening in the cyber space which are known as cyber crimes.
People with intelligence and having bad intensions are misusing the aspect of internet.
EXAMPLE OF CYBER CRIME
Fraud achieved by the manipulation of the computer records
Spamming wherever outlawed completely or where regulations controlling it are violated
Deliberate circumvention of the computer security systems
Unauthorized access to or modification of computer programs (see software cracking and hacking) or data.
Intellectual property theft, including software piracy
Industrial espionage by means of access to or theft of computer materials
TYPES OF COMPUTER CRIMES
Identity Theft
Hacking Computer Viruses
Cyber stalking
Drug Trafficking
Phishing/Spoofing
Wrongful Programming
Credit Card Fraud
On-Line Auction Fraud
Email bombing and SPAM
Theft of Intellectual Property'
TYPES OF COMPUTER CRIMES
Denial of Service attack
Debt Elimination
Web Jacking
Internet Extortion
Investment Fraud
Escrow Services Fraud
Cyber defamation
Software piracy
Counterfeit Cashier's Check
Escrow Services Fraud
Embezzlement
KEY STEPS IN FORENSIC INVESTIGATION
Computer crime is suspected Collect preliminary evidence Obtain court warrant for seizure (if required) Perform first responder procedures Seize evidence at the crime scene Transport them to the forensic laboratory Create 2 bit stream copies of the evidence