Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Forensics By: Chris Rozic.

Published byRandell Arnold Modified over 6 years ago

Similar presentations

Presentation on theme: "Computer Forensics By: Chris Rozic."— Presentation transcript:

1 Computer Forensics By: Chris Rozic

2 What is Computer Forensics?
The use of Computer Science and engineering principles and practices to investigate unauthorized computer use or the use of a computer to support illegal activities.

3 What warrants the investigation?
The cost/benefit analysis Internet/ Usage Theft of information Child pornography Web page defacement Murder Network used as a jump-off point to attack other networks Cost of the investigation outweighs the benefits, then no investigation needed Internet usage is higher than the a tolerable level. Offencive material sent through An individual in a company illegaly taking confidentail information and/or individuals obtaining personal information through spoofed web pages, which can result in identity theft Child pornography thrives over the internet, due to this a thorough investigation is needed in order for law enforcement to properly prosecute.

4 Steps to follow as a Computer Crime investigator
Secure the Scene Collect evidence Interview Witnesses Plant sniffers Obtain analysis of collected evidence Turn findings into the proper authority If the attacker is still online, initiate backtrace, as an attempt to obtain the geographical locations. Unplug the system. Document and label every piece taken from the scene as well as photograph if permitted. Establish a chain of command for the transportation of the evidence. This should be well documented. The person or persons that were on the machine at the time of the incident If no intrusion detection system is in place Through special software, the hard drive can be thoroughly searched and analyzed. Encase

5 Encase Software produced by Guidance Software
A forensic data acquisition and analysis program based on the specifications and requirements of law enforcement Allows for a digital snapshot of the storage medium under investigation

6 MD5 Hash File Integrity: Completely Verified, 0 Errors.
Acquisition Hash: 340C8B5EF96DCCEE4B552CE084CCF941 Verification Hash: 340C8B5EF96DCCEE4B552CE084CCF941

7 Encase Report Example Drive Geometry: Total Size 1.4MB (2,880 sectors)
Volume “3” Parameters File System: FAT12 Drive Type: Removable Sectors Per Cluster: 1 Bytes Per Sector: 512 Total Sectors: 2,880 Total Capacity: 1,457,664 bytes (1.4MB) Total Clusters: 2,847 Unallocated: 219,136 bytes (214.0KB) Free Clusters: 428 Allocated: 1,238,528 bytes (1.2MB) Volume Name: NO NAME Volume Offset: 0 OEM Version: *zQ9FIHC Volume Serial #: Heads: 2 Sectors Per Track: 18 Unused Sectors: 0 Number of FATs: 2 Sectors Per FAT: 9 Boot Sectors: 1 +-0 3 +-0 Hawaii - The Islands of Aloha_files

8 Example of Search Session 5 Start: 03/28/03 11:43:46AM
Stop: 03/28/03 11:45:14AM Time: 0:01:28 Size: 4.0GB processed 4697 Files scanned 127 Signature mismatches detected 0 Hash values computed Hits New Keyword 12 12 (GREP)

9 Conclusion Computer dependency will continue to grow resulting in more opportunities for crimes to be committed through the use of computers. Software is not for sale to the general public. The retail value of Encase is 3,500 dollars, and specialized versions can cost upwards of 5,000 dollars per liscence.

Download ppt "Computer Forensics By: Chris Rozic."

Similar presentations

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
August 19, 2014 watch me!.  Describe the steps to take when processing a crime scene  Describe how to package evidence  Explain the importance of preserving.

August 19, 2014 watch me!.  Describe the steps to take when processing a crime scene  Describe how to package evidence  Explain the importance of preserving.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.

Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.
Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona.

Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Digital Forensics Module 11 CS 996. 4/26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.

Digital Forensics Module 11 CS /26/2004Module 112 Outline of Module #11 Overview of Windows file systems Overview of ProDiscover Overview of UNIX.
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.

COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.

COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
Hard Drive / Hard Disk Functions of hard disk

Hard Drive / Hard Disk Functions of hard disk
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
Data Acquisition Chao-Hsien Chu, Ph.D.

Data Acquisition Chao-Hsien Chu, Ph.D.
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.

Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
Role of Technology in Combating Crime Against Woman and Children Presented by Detective Constable Janelle Blackadar Child Exploitation Section Toronto.

Role of Technology in Combating Crime Against Woman and Children Presented by Detective Constable Janelle Blackadar Child Exploitation Section Toronto.

Similar presentations

Ads by Google