digita forensic
TRANSCRIPT
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 1/17
An Introduction to DigitalForensics
Submitted by:
Afroz khanNeelam sharma
Sneha jain
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 2/17
Digital forensics
Digital forensics is a branch of forensic science encompassing
the recovery and investigation of material found in digital devices,this devices include computers, PDAs, cellular phones etc.
Digital forensics is the application of computer investigation and
analysis techniques in the interests of determining potential legalevidence .
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 3/17
Digital forensics
The term digital forensics was originally used as a
synonym for computer forensics but has expanded to cover
all devices capable of storing digital data .
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 4/17
Examples of Digital Evidence
Computers increasingly involved in criminal and corporateinvestigations
Digital evidence may play a supporting role or be the ³smoking
gun´ Email
Harassment or threats
Blackmail
Illegal transmission of internal corporate documents
Meeting points/times for drug deals Suicide letters
Technical data for bomb making
Evidence of inappropriate use of computer resources or attacks
Use of a machine as a spam email generator
Use of a machine to distribute illegally copied software
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 5/17
Forensics are categorization
The technical side of investigations is divided into several
sub-branches like«
� Computer forensics
� Network forensics
� Database forensics
� Mobile device forensics
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 6/17
Network forensics
Network forensics relates to the monitoring and analysis of
computer network (both local network and WAN/internet)
traffic for the purposes of information gathering, legalevidence or intrusion detection.
Traffic is intercepted (usually at the packet level) and either
stored for later analysis with specialist tools or filtered in real
time for relevant information.
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 7/17
Network forensics
The digital forensic process encompasses the seizure,
forensic imaging (acquisition) and analysis of digital
media. Finally producing a report of the digital
evidence & then computer devices tend to store largeamounts of information in cache/log files and deleted
space and forensic examiners can recover this data as
part of the analysis process.
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 8/17
Investigations & Result
Intrusion
� data theft or misuse
� gathering evidence for
other legal cases
(warez, porn, blackmail, ..)
� intelligence
The investigation should
answer
� who did
� what
� when
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 9/17
Secure and investigate the scene
None intrusive
physical location
Network topology IP addresses
state of the computer or device
( power on/off, network, etc)
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 10/17
Gather information
Information about the victim
Name, IP addresses, OS and version
� system time!� uptime
� file system, mount points or volumes
� hardware
� User and groups
� Port Scan from externalcompare to net stat output
� running processe
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 11/17
What is Packet Sniffer ?
� A packet sniffer is a program that can see all of the informationpassing over the network it is connected to. As data streams back and forth on the network, the program looks at, or ³sniffs,´ eachpacket.
� A packet is a part of a message that has been broken up.Normally, a computer only looks at packets addressed to it andignores the rest of the traffic on the network.
But when a packetsniffer is set up on a computer, the sniffer¶s network interface is
set to promiscuous mode. This means that it is looking ateverything that comes through.
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 12/17
Packet Sniffer
A packet sniffer can usually be set up in one of two
ways:
1. Unfiltered ± captures all of the packets
2. Filtered ± captures only those packets containing
specific data elements
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 13/17
Advantage of the system
� Analyze network problems
� Detect network intrusion attempts
� Detect network misuse by internal and external users
� Gain information for effecting a network intrusion
� Isolate exploited systems
� Monitor network usage (including internal and external
users and systems)
� Monitor data-in-motion
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 14/17
Technology used
S/w used
� JpC
ap0.6� WinpCap
� Internet Explor
� Windows O.S
H/W used
� RAM� Wireless Network
� NIC Card
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 15/17
What is WinPcap
WinPcap is an open source library for packet capture andnetwork analysis for the Win32 platforms.
The purpose of WinP cap is to give this kind of access to
Win32 applications; it provides facilities to:-
1) capture raw packets, both the ones destined to the machinewhere it's running and the ones exchanged by other hosts (onshared media)
2) filter the packets according to user-specified rules beforedispatching them to the application
3) transmit raw packets to the network
4) gather statistical information on the network traffic
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 16/17
What kind of programs use WinPcap
� The WinPcap programming interface can be used by manytypes of network tools for analysis, troubleshooting, securityand monitoring. In particular, classical tools that rely onWinPcap are:
� network and protocol analyzers
� network monitors
� traffic loggers
� traffic generators
� user-level bridges and routers� network intrusion detection systems (NIDS)
� network scanners
� security tools
8/7/2019 digita forensic ..
http://slidepdf.com/reader/full/digita-forensic- 17/17
CONCLUSTION
This project gives you each and every information
about the packet that you have send through the
network.
This project will recovery and investigation of material
found in digital devices, often in relation to computer
crime