Presentation is loading. Please wait.

Presentation is loading. Please wait.

Technology for Computer Forensics by Alicia Castro.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Technology for Computer Forensics by Alicia Castro."— Presentation transcript:

1 Technology for Computer Forensics by Alicia Castro

2 Introduction The objective of Computer forensics is to find legal evidence in computers and digital storage mediums. The goal of computer forensics is to explain the current state of a digital artifact. There are many reasons to employ the techniques of computer forensics like legal cases, data recovery, gathering evidence against an employee, debugging, performance optimization, or reverse-engineering Computer scientists can take steps to move computer forensics into a more rigorous position as a science by being able to make well-reasoned and concrete claims about the accuracy and validity of conclusions presented in court

3 Computer Forensics Areas of Law These are the areas of law related to computer security that are important to know about. Anyone concerned with computer forensics must know how these laws affect them: Fourth Amendment of the US Constitution. Wiretap Act (18 U.S.C. 2510-22) Pen Registers and Trap and Trace Devices Statute (18 U.S.C. 3121-27) Stored Wired and Electronic Communications Act (18 U.S.C. 2701-120)

4 Study of cases Devices subject to Forensic examination Digital storage Study of cases that have been prosecuted using computer forensics. Forensic examination of erased or deleted files, slack spaces and steganography Types of evidence

5 Forensic Tool Galleta is an Internet Explorer Cookie Forensic Analysis Tool that may be used to recover critical electronic evidence that is often found in the suspect's web browsing history in the form of received emails, sites visited and attempted Internet searches. Galleta will parse the information in a cookie file Why Galleta? A lot of child pornography cases involves web browsing, so improving this tool can be beneficial to the law enforcement agencies

6 Testing Galleta

7 Galleta Output

8 Galleta Limitations - With Galleta you can only parse one cookie at a time and this only creates one parsed export file per cookie. GUI - No user friendly

9 Galleta Proposed Improvements With the new Galleta you can tell it a cookie directory and it will parse all cookies in the directory and include them all in one file or one file per cookie date. Allow user to enter parameters for search Expand it to work with other browsers GUI – User friendly

Download ppt "Technology for Computer Forensics by Alicia Castro."

Similar presentations

1 www.vita.virginia.gov Computer Forensics Michael Watson Director of Security Incident Management NSAA Conference 10/2/09 www.vita.virginia.gov 1.

1 Computer Forensics Michael Watson Director of Security Incident Management NSAA Conference 10/2/
1 SANS Technology Institute - Candidate for Master of Science Degree 1 Assessing Privacy Risks of Flash Cookies Kevin Fuller and Stacy Jordan February.

1 SANS Technology Institute - Candidate for Master of Science Degree 1 Assessing Privacy Risks of Flash Cookies Kevin Fuller and Stacy Jordan February.
Complex Recovery/ Data Reduction DFRWS 2002. Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.

Complex Recovery/ Data Reduction DFRWS Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.
OC RIMS Cyber Safety & Security Incident Response.

OC RIMS Cyber Safety & Security Incident Response.
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202) 353-7848.

Responding to Cybercrime in the Post-9/11 World Scott Eltringham Computer Crime and Intellectual Property Section U.S. Department of Justice (202)
Internet Artifacts Dr. John Abraham Professor UTPA.

Internet Artifacts Dr. John Abraham Professor UTPA.
Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.

Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.

Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.
What is meant by computer forensics?  Principle, Function of computer forensics.  History about computer forensics.  Needs of computer forensics.

What is meant by computer forensics?  Principle, Function of computer forensics.  History about computer forensics.  Needs of computer forensics.
Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.

Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.
11 CONFIGURE INTERNET EXPLORER Chapter 5. Chapter 5: Configure Internet Explorer2 CHAPTER OVERVIEW AND OBJECTIVES  Configuring Accessibility and Language.

11 CONFIGURE INTERNET EXPLORER Chapter 5. Chapter 5: Configure Internet Explorer2 CHAPTER OVERVIEW AND OBJECTIVES  Configuring Accessibility and Language.
Capturing Computer Evidence Extracting Information.

Capturing Computer Evidence Extracting Information.
CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.

CJ © 2011 Cengage Learning Chapter 17 Cyber Crime and The Future of Criminal Justice.
Jared Cinque Section 6.  Internet tracking is the process of following internet activity backwards from recipient to user through a special type of software.

Jared Cinque Section 6.  Internet tracking is the process of following internet activity backwards from recipient to user through a special type of software.
Forensic analysis of Windows hosts using UNIX-based tools Source : Digital Investigation (2004) 1, 197-212 Writer : Cory Altheide Reporter : Yao Professor.

Forensic analysis of Windows hosts using UNIX-based tools Source : Digital Investigation (2004) 1, Writer : Cory Altheide Reporter : Yao Professor.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 E-mail Investigations.

Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.
Extended Learning Module I

Extended Learning Module I
“Breach of Privacy” nPresented by Sumit Yadav. Computer Science and Engineering Computer security Aspects nPrivacy (confidentiality ) n integrity n availability.

“Breach of Privacy” nPresented by Sumit Yadav. Computer Science and Engineering Computer security Aspects nPrivacy (confidentiality ) n integrity n availability.

Similar presentations

Ads by Google