Presentation is loading. Please wait.

Presentation is loading. Please wait.

Study of Comparison of Digital Forensic Investigation Models.

Published byJodie Cox Modified over 8 years ago

Similar presentations

Presentation on theme: "Study of Comparison of Digital Forensic Investigation Models."— Presentation transcript:

1 Study of Comparison of Digital Forensic Investigation Models

2 What is Digital Forensics? Forensics - The use of science and technology to investigate and establish facts in criminal or civil courts of law. Forensics - The use of science and technology to investigate and establish facts in criminal or civil courts of law. Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums. Computer forensics is also known as Digital Forensics. Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums. Computer forensics is also known as Digital Forensics. Ref: http://en.wikipedia.org/wiki/Computer_forensics

3 ► Inculpatory Evidence – Supports a given theory ► Exculpatory Evidence – Contradicts a given theory ► Evidence of Tampering – Shows that the system was tampered with to avoid identification Types of Evidence Ref: T. Lillard Consulting, Inc. Copyright @ 2002

4 Computer Forensics Methodologies consist of Three Basic Components ► Acquiring the evidence while ensuring that the integrity is preserved; ► Authenticating the validity of the extracted data, which involves making sure that it is as valid as the original ► Analyzing the data while keeping its integrity. Ref: Kruse II, Warren and Jay, G. Heiser (2002) Computer Forensics: Incident Response Essentials. Addison-Wesley

5 The Forensics Process Model ► Collection ► Examination ► Analysis ► Reporting Ref: National Institute of Justice. (July 2001) Electronic Crime Scene Investigation. A Guide for First Responders. http://www.ncjrs.org/pdffiles1/nij/187736.pdf. http://www.ncjrs.org/pdffiles1/nij/187736.pdf

6 The Abstract Digital Forensics Model ► Identification ► Preparation ► Approach strategy ► Preservation ► Collection ► Examination ► Analysis ► Presentation ► Returning evidence Ref: Mark Reith, Clint Carr and Gregg Gunsch.(2002)An Examination of Digital Forensic Models International Journal of Digital Evidence, Fall 2002,Volume 1, Issue 3

7 Pollitt 1995 Ref: Pollitt, M. “Computer Forensics: an Approach to Evidence in Cyberspace”, Proceedings (Vol. II, pp 487-491) of the National Information Systems Security Conference, Baltimore, MD. 1995

8 Noblett, et al 2000 Ref: Noblett, M., Pollitt, M., Presley, L. “Recovering and Examining Computer Forensic Evidence”, Forensic Science Communications, Volume 2 Number 4 2000

9 Digital Forensic Research Workshop 2001 Ref: Digital Forensic Research Workshop (DFRWS) Research Road Map, Utica, NY. (2001)

10 Reith, Carr and Gunsch 2002 They offer a model comprised of nine steps: ► Identification ► Preparation ► Approach Strategy ► Preservation ► Collection ► Examination ► Analysis ► Presentation ► Returning Evidence. Ref: Reith, M., Carr C. and Gunsch, G. “An Examination of Digital Forensic Models”, IJDE Fall 2002 Volume 1, Issue 3.

11 Carrier and Spafford 2003 ► Readiness ► Deployment ► Physical Crime Scene Investigation ► Digital Crime Scene Investigation ► Review Phases Ref: Carrier, B. and Spafford, E. “Getting Physical with the Digital Investigation Process”, International Journal of Digital Evidence Fall 2003, Volume 2, Issue 2.

12 Carrier 2003 ► In Carrier’s outlines the layers of abstraction that constitute Forensic Examination Ref: Carrier, B. “Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers”, International Journal of Digital Evidence Winter 2003, Volume 1, Issue 4.

13 Mocas 2003 She identified multiple contexts for digital forensics: ► Law Enforcement Context ► A Military Context ► Business System Security Context. Ref: Mocas, S. (2003) “Building Theoretical Underpinnings for Digital Forensics”,

14 Baryamueeba and Tushabe 2004 They suggested a modification to Carrier and Spafford’s Integrated Digital Investigation Model of 2003. ► They describes two additional phases  Trace back  Dynamite They seek to separate the investigation into primary crime scene (the computer) and the secondary crime scene (the physical crime scene). The goal is to reconstruct the two crime scenes concurrently to avoid inconsistencies Ref: Baryamureeba V. and Tushabe, F. “The Enhanced Digital Investigation Process Model”, DFRWS 2004, Baltimore, MD.

15 Beebe and Clark 2004 He proposes previous models were single tier, in fact the process tends to be multi-tiered. He proposes SEE approach: ► Survey ► Extract ► Examine They introduce the concept of objectives-based tasks. Ref: Beebe, N. and Clark, J. “A Hierarchical, Objectives-Based Framework for the Digital Investigations Process”, DFRWS 2004 Baltimore, MD.

16 Carrier and Spafford 2004 ► Carrier and Spafford add new elements to the digital forensic framework  Events and  Event Reconstruction Ref: Carrier, B. and Spafford, E. “An Event-based Digital Forensic Investigation Framework”, DFRWS 2004, Baltimore, MD

17 Ruibin, Yun and Gaertner 2005 Ref: Pollitt, M. “Six Blind Men from Indostan”, DFRWS, 2004, Baltimore, MD.

18 Erbacher, Christensen and Sundberg Ref: Robert F. Erbacher, Kim Christensen, and Amanda Sundberg, "Visual Forensic Techniques and Processes," Proceedings of the 9th Annual NYS Cyber Security Conference Symposium on Information Assurance, Albany, NY, June 2006, pp. 72-80.

19 Kent, Chevalier, Grance and Dang 2006 ► Collection ► Examination ► Analysis ► Reporting Ref: Kent, K., Chevalier, S., Grance, T. and Dang, H. “ Guide to Integrating Forensics into Incident Response”, Special Publication 800-86, Computer Security Division Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD August 2006

20 Project Goals ► Study all existing digital forensic investigation models. ► Capture their timeline and basis for development. ► Compare them for their use in various situations and their pro and cons for those situations. ► Suggest drawbacks and need for further development. ► Evaluate their scalability and growth and technology adaptation. ► Find various important parameters to rate compare the existing and upcoming models. ► Tell their usage in Indian and Global context.

Download ppt "Study of Comparison of Digital Forensic Investigation Models."

Similar presentations

Fieldwork assessment The difference between AS and A2 David Redfern

Fieldwork assessment The difference between AS and A2 David Redfern
Six Blind Men from Indostan Mark M. Pollitt Digital Evidence Professional Services, Inc.

Six Blind Men from Indostan Mark M. Pollitt Digital Evidence Professional Services, Inc.
Mapping Studies – Why and How Andy Burn. Resources The idea of employing evidence-based practices in software engineering was proposed in (Kitchenham.

Mapping Studies – Why and How Andy Burn. Resources The idea of employing evidence-based practices in software engineering was proposed in (Kitchenham.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
Crime Scene Basics. The Crime Scene Crime Scene- any physical location in which a crime has occurred or is suspected of having occurred – Classifications:

Crime Scene Basics. The Crime Scene Crime Scene- any physical location in which a crime has occurred or is suspected of having occurred – Classifications:
MSc in Business Information Technology

MSc in Business Information Technology
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Forensic and Investigative Accounting

Forensic and Investigative Accounting
1.  The term ballistics refers to the science of the travel of a projectile in flight.  The flight path of a bullet includes: travel down the barrel,

1.  The term ballistics refers to the science of the travel of a projectile in flight.  The flight path of a bullet includes: travel down the barrel,
Technology for Computer Forensics by Alicia Castro.

Technology for Computer Forensics by Alicia Castro.
1. True or False? When testing for DNA, investigators must use all of the sample to make sure they get an accurate test. 2. Where do we find DNA in a cell?

1. True or False? When testing for DNA, investigators must use all of the sample to make sure they get an accurate test. 2. Where do we find DNA in a cell?
Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.

Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.
The Next Step in Biometric Data Fusion Ged Griffin APCOA Melbourne 23 February 2011.

The Next Step in Biometric Data Fusion Ged Griffin APCOA Melbourne 23 February 2011.
Crime Analysis/Mapping Crime Analysis is the process of analyzing crime to identify patterns and suspects. –Who is doing what to whom, where, and when.

Crime Analysis/Mapping Crime Analysis is the process of analyzing crime to identify patterns and suspects. –Who is doing what to whom, where, and when.
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
Presented by Dorian S. Conger Conger-Elsea, Inc. 2000 Riveredge Parkway, Suite 740 Atlanta, GA 30328 800-875-8709 phone 770-926-8305 fax

Presented by Dorian S. Conger Conger-Elsea, Inc Riveredge Parkway, Suite 740 Atlanta, GA phone fax
T OWARDS S TANDARDS IN D IGITAL F ORENSICS E DUCATION.

T OWARDS S TANDARDS IN D IGITAL F ORENSICS E DUCATION.
An Event-based Digital Forensic Investigation Framework Brian D. Carrier Eugene H. Spafford DFRWS 2004.

An Event-based Digital Forensic Investigation Framework Brian D. Carrier Eugene H. Spafford DFRWS 2004.

Similar presentations

Ads by Google