Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Hacking Forensics Investigator Module I Computer Forensics in Today’s World.

Similar presentations


Presentation on theme: "Computer Hacking Forensics Investigator Module I Computer Forensics in Today’s World."— Presentation transcript:

1 Computer Hacking Forensics Investigator Module I Computer Forensics in Today’s World

2 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Scenario Steven is the managing director of a respected software company. After finding pornography downloaded on his network server and a number of individual office computers, he decided to hire a computer forensics investigator to build a case for employee dismissal. The Investigator was hired to locate deleted files if any and verify certain non-work related contents of the hard drives in question. The investigator was able to locate spy software, pornography, illegal file-sharing software from the hard drive of the suspicious employee. This led to employee dismissal.

3 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Module objective  Introduction to computer forensics  History of computer forensics  Computer forensics flaws and risks  Cyber crime  Role of computer forensics  Reason for cyber attacks  Modes of attacks  Cyber war

4 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Module Flow Introduction Cyber crime Forensics flaws and risks Cyber warModes of attacks Reason for cyber attacks Role of computer forensics History

5 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Introduction  Cyber activity has become an important part of everyday life of the general public  Importance of computer forensics: 85% of business and government agencies detected security breaches FBI estimates that the United States loses up to $10 billion a year to cyber crime

6 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited History of Forensics  Francis Galton ( ) Made the first recorded study of fingerprints  Leone Lattes ( ) Discovered blood groupings (A,B,AB, & 0)  Calvin Goddard ( ) Allowed Firearms and bullet comparison for solving many pending court cases  Albert Osborn ( ) Developed essential features of document examination  Hans Gross ( ) Made use of scientific study to head criminal investigations  FBI (1932) A Lab was set up to provide forensic services to all field agents and other law authorities throughout the country

7 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Definition of Forensic Science Definition: –“ Application of physical sciences to law in the search for truth in civil, criminal and social behavioral matters to the end that injustice shall not be done to any member of society ” (Source: Handbook of Forensic Pathology College of American Pathologists 1990) –Aim: determining the evidential value of crime scene and related evidence

8 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Definition of Computer Forensics Definition: “ A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and meaningful format ” - Dr. H.B. Wolfe

9 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited What Is Computer Forensics?  According to Steve Hailey, Cybersecurity Institute “ The preservation, identification, extraction, interpretation, and documentation of computer evidence, to include the rules of evidence, legal processes, integrity of evidence, factual reporting of the information found, and providing expert opinion in a court of law or other legal and/or administrative proceeding as to what was found.”

10 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited  “Computer forensics is equivalent of surveying a crime scene or performing an autopsy on a victim”. {Source: James Borek 2001}  Presence of a majority of electronic documents nowadays  Search and identify data in a computer  Digital Evidence is delicate in nature  For recovering Deleted, Encrypted or, Corrupted files from a system Need for Computer Forensics

11 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Evolution of Computer Forensics  FBI Computer Analysis and Response Team (CART) emerged  International Law Enforcement meeting was conducted to discuss computer forensics & the need for standardized approach  Scientific Working Group on Digital Evidence (SWGDE) was established to develop standards  Digital Forensic Research Workshop (DFRWS) was held

12 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Computer Forensics Flaws and Risks  Computer forensics is in its early or development stages  It is different from other forensic sciences as digital evidence is examined  There is a little theoretical knowledge based up on which empirical hypothesis testing is done  Designations are not entirely professional  There is a lack of proper training  There is no standardization of tools  It is still more of an “Art” than a “Science”

13 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Corporate Espionage Statistics  Corporate computer security budgets increased at an average of 48% in 2002  62% of the corporate companies had their systems compromised by virus  FBI statistics reveal that more than 100 nations are engaged in corporate espionage against US companies  More than 2230 documented incidents of corporate espionage by the year 2003

14 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Modes of Attacks  Cyber crime falls into two categories depending on the ways attack take place  Following are the two types of attacks 1.Insider Attacks 2.External Attacks

15 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Cyber Crime  Cyber crime is defined as “Any illegal act involving a computer, its systems, or its applications”  The crime must be intentional and not accidental.  Cyber crime is divided into 3 T’s Tools of the crime Target of the crime Tangential to the crime

16 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Examples of Cyber Crime  A few examples of cyber crime include: Theft of intellectual property Damage of company service networks Financial fraud Hacker system penetrations Denial of Service Attacks Planting of virus and worms

17 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Reason for Cyber Attacks  Motivation for cyber attacks 1.Experimentation and a desire for script kiddies to learn 2.Psychological needs 3.Misguided trust in other individuals 4.Revenge and malicious reasons 5.Desire to embarrass the target 6.Espionage - corporate and governmental

18 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Role of Computer Forensics in Tracking Cyber Criminals  Identifying the crime  Gathering the evidence  Building a chain of custody  Analyzing the evidence  Presenting the evidence  Testifying  Prosecution

19 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited  Minimize the option of examining the original evidence  Obey rules of evidence  Never exceed the knowledge base  Document any changes in evidence Rules of Computer Forensics

20 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited The 3 A’s  Acquire evidence without modification or corruption  Authenticate that the recovered evidence is same as the originally seized data  Analyze data without any alterations Computer Forensics Methodologies

21 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Accessing Computer Forensics Resources  Resources can be referred by joining various discussion groups such as: –Computer Technology Investigators Northwest –High Technology Crime Investigation Association  Joining a network of computer forensic experts and other professionals  News services devoted to computer forensics can also be a powerful resource  Other resources: Journals of forensic investigators Actual case studies

22 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Preparing for Computing Investigations  Computing investigations fall under two distinct categories: 1.Public Investigation 2.Corporate Investigation

23 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Maintaining professional conduct  Professional conduct determines the credibility of a forensic investigator  Investigators must display the highest level of ethics and moral integrity  Confidentiality is an essential feature which all forensic investigators must display  Discuss the case at hand only with person who has the right to know

24 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Understanding Enforcement Agency Investigations Enforcement agency investigations include: 1. Tools used to commit the crime 2. Reason for the crime 3. Type of crime 4. Infringement on someone else’s rights by cyberstalking

25 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Understanding Corporate Investigations  Involve private companies who address company policy violations and litigation disputes  Company procedures should continue without any interruption from the investigation  After the investigation the company should minimize or eliminate similar litigations  Industrial espionage is the foremost crime in corporate investigations

26 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Investigation Process  Identification Detecting/identifying the event/crime.  Preservation Chain of Evidence, Documentation.  Collection Data recovery, evidence collection.  Examination Tracing, Filtering, Extracting hidden data.  Analysis Analyzing evidence  Presentation Investigation report, Expert witness  Decision Report

27 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Digital Forensics The use of scientifically unexpressed and proven methods towards the  Preserving  Collecting  Confirming  Identifying  Analyzing  Recording  Presenting Digital evidence extracted from digital sources

28 EC-Council Copyright © by EC-Council All rights reserved. Reproduction is strictly prohibited Summary  The need for computer forensics has grown to a large extent due to the presence of a majority of digital documents  A computer can be used as a tool for investigation or as evidence  Minimize the option of examining the original evidence  3A’s of Computer forensics methodologies are – Acquire, Authenticate, and Analyze  A computer forensic investigator must be aware of the steps involved in the investigative process


Download ppt "Computer Hacking Forensics Investigator Module I Computer Forensics in Today’s World."

Similar presentations


Ads by Google