Presentation is loading. Please wait.

Presentation is loading. Please wait.

Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael JonesDigital Forensic Investigations2.

Published byDennis Murphy Modified over 8 years ago

Similar presentations

Presentation on theme: "Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael JonesDigital Forensic Investigations2."— Presentation transcript:

1 Forensic Investigation Techniques Michael Jones

2 Overview Purpose People Processes Michael JonesDigital Forensic Investigations2

3 The (Digital) Forensic Process Photographs Faraday bags Photographs Faraday bags Imaging - forensically sound copying Analyse file system and analyse files Produce Report Scene Store Laboratory Chain of Custody Michael Jones3Digital Forensic Investigations

4 Review: Logical and Physical Views Logical view – As seen via the file manager Physical view – What is (physically) on the device Questions – What might these be different? – What is ‘striping’? – Is ‘physical’ really physical? Michael JonesDigital Forensic Investigations4

5 Imaging Low (device) level – Duplicating the bit sequence – Output is a file – Multiple copies may be taken Verification – Applying (hashing) algorithms to device and copy MD5, SHA1 If device and copy hashes match then copy is forensically sound Devices and copies returned to (case) store Michael JonesDigital Forensic Investigations5

6 Analysing the Image Before: apply hashing algorithms Processes: – Identify file system – Scan for known file types – Compare with logical view – Match logical and physical views and identify deleted files – Deeper analysis After: apply hashing algorithms Michael JonesDigital Forensic Investigations6

7 Digital Forensics Triage Triage – Quick analysis to identify priorities – why? Focus on logical view – Plus deleted files Ideal outcomes of triage Michael JonesDigital Forensic Investigations7

8 Main Analysis That which is actually there – File dates and times – File and directory (folder) names – Metadata That which might require interpretation – Examples encoding and encryption File manipulation (e.g., changing first byte of a jpeg) Michael JonesDigital Forensic Investigations8

9 Deeper Analysis Can be time consuming Secondary data – Additional processes needed Examples – Use of slack space, unused space – Encoding and encryption – Steganography E.g., Snow Michael JonesDigital Forensic Investigations9

10 Summary Rigorous processes need to be followed – E.g., ACPO guidelines All investigations produce documentation All documents and artefacts must be labelled and stored appropriately Chain of custody must be unbroken Michael JonesDigital Forensic Investigations10

Download ppt "Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael JonesDigital Forensic Investigations2."

Similar presentations

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Computer Forensics.

Computer Forensics.
Computer Forensics BACS 371

Computer Forensics BACS 371
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Pinpoint Labs Software Presented by: Jonathan P. Rowe President and CEO Certified Computer Examiner Member: The International Society of Forensic Computer.

Pinpoint Labs Software Presented by: Jonathan P. Rowe President and CEO Certified Computer Examiner Member: The International Society of Forensic Computer.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Computer & Network Forensics

Computer & Network Forensics
Guide to Computer Forensics and Investigations Third Edition

Guide to Computer Forensics and Investigations Third Edition
COS/PSA 413 Day 16. Agenda Lab 7 Corrected –2 A’s, 1 B and 2 F’s –Some of you need to start putting more effort into these labs –I also expect to be equal.

COS/PSA 413 Day 16. Agenda Lab 7 Corrected –2 A’s, 1 B and 2 F’s –Some of you need to start putting more effort into these labs –I also expect to be equal.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.

COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
Applying Digital Forensic techniques to AIM Gareth Knight, FIDO Project Manager Anatomy Theatre & Museum, King’s College London 15 th August 2011.

Applying Digital Forensic techniques to AIM Gareth Knight, FIDO Project Manager Anatomy Theatre & Museum, King’s College London 15 th August 2011.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.
July 9, 2004 www.nsrl.nist.gov 1 National Software Reference Library Douglas White Information Technology Laboratory July 2004.

July 9, National Software Reference Library Douglas White Information Technology Laboratory July 2004.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
11 Games and Content Session 4.1. Session Overview  Show how games are made up of program code and content  Find out about the content management system.

11 Games and Content Session 4.1. Session Overview  Show how games are made up of program code and content  Find out about the content management system.

Similar presentations

Ads by Google