SlideShare a Scribd company logo

Digital Forensics best practices with the use of open source tools and admissibility of digital evidence in courts

Download as PPTX, PDF
Sagar Rahurkar
Sagar Rahurkar

This document discusses digital forensics best practices using open source tools and the admissibility of digital evidence in courts. It provides an overview of digital forensics processes including acquisition, analysis, documentation and reporting of digital evidence from devices, networks and online activities. It compares open source and proprietary forensic tools and lists examples of each. The document also discusses requirements for digital evidence admissibility in Indian courts under the Evidence Act and the role of expert witnesses in digital forensics cases.

Technology
1 of 31
Digital Forensics Best Practices with the use of Open Source Tools and Admissibility of Digital Evidence in Courts Mr. Ninad Nawaghare CFE CFAP DEA CSIR Mr. Sagar Rahurkar CFE BLS LLB LLM CCI
The boy is accused of sending an obscene sms As per National Crime Research Bureau, during 2012, 587 cases were registered under cyber crime category for eve teasing / harassment Illustration 1 Source: National Crime Research Bureau - http://ncrb.gov.in/
The origin of threatening email was traced back to a cyber café. Illustration 2 As per National Crime Research Bureau, during 2012 , total 135 cases were registered under cyber crime category for extortion & revenge settling. Source: National Crime Research Bureau - http://ncrb.gov.in/
Illustration 3 Accounting software is stolen from a server located in Country A. With minor alterations, same software is sold at a cheaper cost in Country B As per National Crime Research Bureau, during 2012, total 624 cases were registered under cyber crime category for greed of money and 668 cases were registered for fraud/ illegal gain. Source: National Crime Research Bureau - http://ncrb.gov.in/
Illustration 4 With an intention to revenge the management, disgruntled employee sends a fake mail to the stake holders mentioning irregularities in the company affairs. As per National Crime Research Bureau, during 2012, total 117 cases were registered under cyber crime category for causing disrepute either to an individual, government or organizations Source: National Crime Research Bureau - http://ncrb.gov.in/
Vexing Questions with respect to the illustrations Where is the evidence? How do I investigate? How to prove the crime? What is the evidence?
Solution is “Digital Forensics” 2‘Digital’ is defined in Oxford Dictionary as: (of signals or data) expressed as series of the digits 0 and 1, typically represented by values of a physical quantity such as voltage or magnetic polarization. Often contrasted with analogue. • involving or relating to the use of computer technology: the digital revolution 3‘Forensics’ is defined in Oxford Dictionary as: Scientific tests or techniques used in connection with the detection of crime Thus Digital Forensics can be defined as: Discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications and storage devices in a way that is admissible as evidence in a court of law. Source: 2http://oxforddictionaries.com/definition/english/digital?q=Digital / 3http://oxforddictionaries.com/definition/english/forensic
Expected outcome of “Digital Forensics” is “Digital Evidence” Digital evidence can be defined as : Information and data of value to an investigation that is stored on, received, or transmitted by an electronic device. This evidence is acquired when data or electronic devices are seized and secured for examination. Traits of Digital Evidence May be found in Storage devices like hard disc, CD, DVD, memory card, USB drive, mobile phones & SIM card & Online resource like mail servers & cloud servers Can be hidden in Password protected files, Encrypted files , Steganography files, Formatted hard disc , HPA (Host Protected Area) or DCO (Device Configuration Overlay) of the hard drives Can relate to Online fraud , Organized crime , Identity theft , Data theft , Unauthorized access, Malicious files (Virus attack) , Data alteration , Cyber defamation , Cyber pornography, Online gambling ,Sale of illegal items etc..
Phases in “Digital Forensics” process Phase 1: Identification of storage media for potential evidence Phase 2: Acquisition of the storage media Phase 3: Forensic analysis of the acquired media Phase 4: Documentation & Reporting
Forensic analysis of the acquired media involves…. Analyzing digital information Identifying traces of network / computer intrusion Identifying & examining malicious files. Employing techniques to crack file & system passwords. Detecting steganography Recovering deleted, fragmented & corrupted data Maintaining evidence custody procedures Courtroom PresentationAnalyzing Online Activities
Digital Forensics Process Subjected To Storage Media Digital Evidence Acquires Digital Forensics Process can be implemented either by using commercial tools a.k.a. proprietary tools or open source free tools. Commercial / Proprietary Tools are software applications designed with a commercial objective. The source code & the internal working of the software application is privileged and concealed from the user. Open Source Free Tools are software applications available for usage at no cost. The source code & the internal working of the software application is known to the user. Further more, user has the liberty of altering the source code as per the requirements. To Recapitulate
ISSUES with Commercial / Proprietary Tools  High capital cost  High operational cost  High maintenance cost (Paid updates or bugs fixing)  Algorithm/logic not known  Source code is strictly privileged  Heavy dependency on the software manufacturer  Restricted usage ADVANTAGES with Open Source Tools  Zero capital cost  Minimal / No operational cost  Minimal / No maintenance cost  Algorithm/logic is known to the user  Source code is freely available for access , editing & customization  Extensive support from the open source community  Free usage to any number of users
Law Enforcement initiative in “Open Source Digital Forensics Tools” By: Belgian Federal Computer Crime Unit (FCCU) http://www.lnx4n6.be/index.php An advanced network forensic framework By: Australian Federal Police, Brisbane, Australia http://sourceforge.net/projects/pyflag/files/ Project in The Software and Systems Division supported by Law Enforcement Standards Office and Department of Homeland Security. http://www.cftt.nist.gov/index.html
The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency Law Enforcement initiative in “Open Source Digital Forensics Tools” cont. http://ocfa.sourceforge.net/ ForeIndex: A Framework for Analysis and Triage of Data Forensics By: Forensic Expert of Brazilian Federal Police & Researcher of the Brazilian Space Agency http://www.basistech.com/about-us/events/open-source-forensics-conference/2011/presentations/
Proprietary Tools EnCase Forensic - Guidance Software www.guidancesoftware.com/encase-forensic.htm FTK – AccessData www.accessdata.com/products/digital-forensics/ftk WinHex - X-Ways Software Technology AG www.x-ways.net/winhex/ Forensics Apprentice www.registryforensics.com/ BlackLight www.blackbagtech.com/blacklight-1.html Cellebrite - Mobile Forensics and Data transfer solutions www.cellebrite.com/ Paraben – Handheld Digital Forensics http://www.paraben.com/handheld-forensics.html Open Source Tools Digital Forensics Framework www.digital-forensic.org CAINE www.caine-live.net/ DEFT www.deftlinux.net/ Open source tools listed below may not be limited to the same Commercial / Proprietary & Open Source Tools for Imaging in Acquisition Phase
Proprietary Tools EnCase Forensic - Guidance Software www.guidancesoftware.com/encase- forensic.htm FTK – AccessData www.accessdata.com/products/digital- forensics/ftk WinHex - X-Ways Software Technology AG www.x-ways.net/winhex/ Forensics Apprentice www.registryforensics.com/ BlackLight www.blackbagtech.com/blacklight-1.html Cellebrite - Mobile Forensics and Data transfer solutions www.cellebrite.com/ Paraben – Handheld Digital Forensics http://www.paraben.com/handheld- forensics.html Open Source Tools Digital Forensics Framework www.digital-forensic.org CAINE www.caine-live.net/ DEFT www.deftlinux.net/ SAFT Mobile Forensics www.signalsec.com/saft/ Analyzing digital information Identifying & examining malicious files Recovering deleted, fragmented, corrupted data Analyzing Online Activities Open source tools listed below may not be limited to the same Commercial / Proprietary & Open Source Tools for Forensic Analysis Analyzing mobiles
Analyzing RAM Free Tools CMAT http://sourceforge.net/projects/cmat Volafox https://www.volatilesystems.com/default/volatility Volatile https://www.volatilesystems.com/default/volatility Proprietary Tools Second Look http://secondlookforensics.com/ Windows Scope http://windowsscope.com/ Memoryze http://www.mandiant.com/resources/download/memoryze/ Network Forensics : capturing / analyzing network packets Free Tools WireShark http://www.wireshark.org/ NetworkMinor http://networkminer.en.malavida.com/ Proprietary Tools NetIntercept http://www.securitywizardry.com/index.php/produ cts/forensic-solutions/network-forensic- tools/niksun-netintercept.html Registry analysis Free Tools Registry Decoder http://www.digitalforensicssolutions.com/registrydecoder/ Proprietary Tools Registry Recon http://arsenalrecon.com/apps/ Open source tools listed below may not be limited to the same Commercial / Proprietary & Open Source Tools for Forensic Analysis cont. Identifying traces of network / computer intrusion
Password cracking Free Tools John the Ripper www.openwall.com/john Cracking Passwords for Windows, PDF, Word RAR , ZIP & Excel http://pcsupport.about.com/od/toolsofthetrade/t p/password-cracker-recovery.htm Proprietary Tools Password Recovery www.elcomsoft.com/products.html Passware http://www.lostpassword.com/ Detecting Pornography Free Tools Redlight Porn Scanner http://dfcsc.uri.edu/research/redLightTrial [NIJ Funded Project: http://www.nij.gov/topics/technology/software- tools.htm] Proprietary Tools SurfRecon http://www.surfrecon.com/products/home-edition.php Open source tools listed below may not be limited to the same Employing techniques to crack file & system passwords Commercial / Proprietary & Open Source Tools for Forensic Analysis cont.
Admissibility of Digital Evidence in Courts
Orientation • Digital Evidence - Meaning • Requirements U/Sec. 65B of the Indian Evidence Act • Expert Examiner of Electronic Evidence • Daubert Principle for Expert Witness
Digital Evidence Evidence as defined U/Sec. 3 of the Indian Evidence Act means and includes – All statements and all documents including electronic records produced for the inspection of the Court.
Requirement U/Sec. 65B of the Indian Evidence Act Sec. 65B - Admissibility of electronic records • Any information contained in an electronic record, • If printed on a paper, stored, recorded or copied in optical or magnetic media produced by a computer shall deemed to be a document, • If the conditions mentioned in this section are satisfied in relation to the information and computer in question and • Shall be admissible in any proceedings, without further proof or production of the original, as evidence of any contents of the original or of any fact stated therein or which direct evidence would be admissible.
Conditions U/Sec. 65B (a) Regular use of Computer by the authorised person The computer output containing the information was produced by the computer during the period over which the computer was used regularly to store or process information for the purposes of any activities regularly carried on over that period by the person having lawful control over the use of the computer. (b) Regular feeding of information in the system in the ordinary course of Business During the said period, information of the kind contained in the electronic record or of the kind from which the information so contained is derived was regularly fed into the computer in the ordinary course of the said activities;
Conditions U/Sec. 65B (c) Working state of the media Throughout the material part of the said period, the computer was operating properly or, if not, then in respect of any period in which it was not operating properly or was out operation during that part of the period, was not such as to affect the electronic record or the accuracy of its contents; and (d) The information contained in the electronic record reproduces or is derived from such information fed into the computer in the ordinary course of the said activities.
Requirement of an Affidavit • To demonstrate compliance with the requirements of conditions, a statement in form of affidavit is required to be made in the court. • It should be signed by a person occupying a responsible official position in relation to the operation of the relevant device or the management of the relevant activities • Section 65B(4).
Is it really necessary ? • The requirement to file an affidavit under Sec. 65B is not absolute. Supreme Court, in the case of State v. Navjot Sandhu , while examining Section 65B, held that, even when an affidavit/certificate under Sec. 65B is not filed it would not foreclose the Court from examining such evidence provided it complies with the requirements of Section 63 and 65 of the Evidence Act (refer to Para 150 of the judgement). • Vodafone Essar Ltd. Vs. Raju Sud the Bombay High Court dispensed with the requirement under Sec. 65B.
Expert Witness • Witness, who by virtue of education, training, skill, or experience, is believed to have knowledge in a particular subject beyond an average person. • In a famous Scottish case, Davie v Edinburgh Magistrates (1953), the function of an expert witness is discussed as, ‘to furnish the judge with the necessary scientific criteria for testing the accuracy of their conclusions, so as to enable them to form their own independent judgment by the application of these criteria to the facts provided in evidence’.
If scientific, technical, or other specialized knowledge will assist the trier of fact to understand the evidence or to determine a fact in issue, a witness qualified as an expert by knowledge, skill, experience, training, or education and may testify his opinion. Criteria for expert U/the principle – 1) Whether the expert has used scientific methods/discovery techniques? 2) Whether method/s used by the expert in the case has ever been used by any other expert or same expert in any other case? 3) Whether the testimony is the product of reliable principles and methods? 4) Whether the expert has applied the principles and methods reliably to the facts of the case? Daubert Principle for Expert Witness
Sec. 79A – The Information Technology Act, 2000 • The Central Government may, for the purposes of providing expert opinion on electronic evidence before any court or other authority specify, by notification in the official Gazette, any department, body or agency of the Central Government or a State Government as an Examiner of Electronic Evidence. Examiner of Electronic Evidence
Sagar Rahurkar @ - contact@sagarrahurkar.com # - +91-9623444448 Ninad Nawaghare @ - ninad.nawaghare@gmail.com # - +91-9004094463

Recommended

Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
computer forensics
computer forensicscomputer forensics
computer forensicsVaibhav Tapse
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 

Recommended

Digital forensics
Digital forensicsDigital forensics
Digital forensicsRoberto Ellis
 
01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - Notes01 Computer Forensics Fundamentals - Notes
01 Computer Forensics Fundamentals - NotesKranthi
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Mobile Forensics
Mobile Forensics Mobile Forensics
Mobile Forensics abdullah roomi
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
computer forensics
computer forensicscomputer forensics
computer forensicsVaibhav Tapse
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Incident response process
Incident response processIncident response process
Incident response processBhupeshkumar Nanhe
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
Network forensic
Network forensicNetwork forensic
Network forensicManjushree Mashal
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Digital investigation
Digital investigationDigital investigation
Digital investigationunnilala11
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Digital Forensic
Digital ForensicDigital Forensic
Digital ForensicCleverence Kombe
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics00heights
 

More Related Content

What's hot

Mobile forensics
Mobile forensicsMobile forensics
Mobile forensicsnoorashams
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenesprimeteacher32
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsFilip Maertens
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - NotesKranthi
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Digital investigation
Digital investigationDigital investigation
Digital investigationunnilala11
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System ForensicsArunJS5
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDr Raghu Khimani
 

What's hot (20)

Mobile forensics
Mobile forensicsMobile forensics
Mobile forensics
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
 
Processing Crimes and Incident Scenes
Processing Crimes and Incident ScenesProcessing Crimes and Incident Scenes
Processing Crimes and Incident Scenes
 
Incident response process
Incident response processIncident response process
Incident response process
 
Digital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic InvestigationsDigital Evidence in Computer Forensic Investigations
Digital Evidence in Computer Forensic Investigations
 
Network forensic
Network forensicNetwork forensic
Network forensic
 
05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes05 Duplication and Preservation of Digital evidence - Notes
05 Duplication and Preservation of Digital evidence - Notes
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Digital investigation
Digital investigationDigital investigation
Digital investigation
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Operating System Forensics
Operating System ForensicsOperating System Forensics
Operating System Forensics
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Digital Evidence by Raghu Khimani
Digital Evidence by Raghu KhimaniDigital Evidence by Raghu Khimani
Digital Evidence by Raghu Khimani
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 

Viewers also liked

Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics00heights
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierThe Lorenzi Group
 
Advances in File Carving
Advances in File CarvingAdvances in File Carving
Advances in File CarvingRob Zirnstein
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emamahmad abdelhafeez
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftDamir Delija
 
Dennis Rader
Dennis RaderDennis Rader
Dennis Radermabrandt
 
Data recovery from storage device
Data recovery from storage deviceData recovery from storage device
Data recovery from storage deviceMohit Shah
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
Ethics in cyber space
Ethics in cyber spaceEthics in cyber space
Ethics in cyber spacenitss007
 

Viewers also liked (17)

Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next Frontier
 
Advances in File Carving
Advances in File CarvingAdvances in File Carving
Advances in File Carving
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Digital forensics ahmed emam
Digital forensics ahmed emamDigital forensics ahmed emam
Digital forensics ahmed emam
 
Remote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draftRemote forensics fsec2016 delija draft
Remote forensics fsec2016 delija draft
 
Dennis Rader
Dennis RaderDennis Rader
Dennis Rader
 
encase enterprise
encase enterprise encase enterprise
encase enterprise
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
File Carving
File CarvingFile Carving
File Carving
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
 
Cyber Law And Ethics
Cyber Law And EthicsCyber Law And Ethics
Cyber Law And Ethics
 
Data recovery from storage device
Data recovery from storage deviceData recovery from storage device
Data recovery from storage device
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 
Ethics in cyber space
Ethics in cyber spaceEthics in cyber space
Ethics in cyber space
 

Similar to Digital Forensics best practices with the use of open source tools and admissibility of digital evidence in courts

An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Stepsgamemaker762
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Kolluru N Rao
 
Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)CA.Kolluru Narayanarao
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
Conceptual Study of Mobile Forensics
Conceptual Study of Mobile ForensicsConceptual Study of Mobile Forensics
Conceptual Study of Mobile Forensicsijtsrd
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics SlidesVarun Sehgal
 
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsParaben Corporation
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensiknewbie2019
 
Digital forensic
Digital forensicDigital forensic
Digital forensicChandan Sah
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop newforensicsnation
 
Evidence and data
Evidence and dataEvidence and data
Evidence and dataAtul Rai
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshopforensicsnation
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsSamantha Vargas
 

Similar to Digital Forensics best practices with the use of open source tools and admissibility of digital evidence in courts (20)

An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
 
Digital forensics Steps
Digital forensics StepsDigital forensics Steps
Digital forensics Steps
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Sued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital ForensicsSued or Suing: Introduction to Digital Forensics
Sued or Suing: Introduction to Digital Forensics
 
Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]Lessons v on fraud awareness (digital forensics) [autosaved]
Lessons v on fraud awareness (digital forensics) [autosaved]
 
Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)Lessons v on fraud awareness (digital forensics)
Lessons v on fraud awareness (digital forensics)
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
Conceptual Study of Mobile Forensics
Conceptual Study of Mobile ForensicsConceptual Study of Mobile Forensics
Conceptual Study of Mobile Forensics
 
Computer forensics Slides
Computer forensics SlidesComputer forensics Slides
Computer forensics Slides
 
Uncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic toolsUncover important digital evidence with digital forensic tools
Uncover important digital evidence with digital forensic tools
 
Fundamental digital forensik
Fundamental digital forensikFundamental digital forensik
Fundamental digital forensik
 
cyber forensics
cyber forensicscyber forensics
cyber forensics
 
Computer forensic
Computer forensicComputer forensic
Computer forensic
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
 
03.fnc corporate protect workshop new
03.fnc corporate protect workshop new03.fnc corporate protect workshop new
03.fnc corporate protect workshop new
 
FNC Corporate Protect
FNC Corporate ProtectFNC Corporate Protect
FNC Corporate Protect
 
Evidence and data
Evidence and dataEvidence and data
Evidence and data
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
FNC Corporate Protect Workshop
FNC Corporate Protect WorkshopFNC Corporate Protect Workshop
FNC Corporate Protect Workshop
 
A Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis ToolsA Literature Review On Cyber Forensic And Its Analysis Tools
A Literature Review On Cyber Forensic And Its Analysis Tools
 

Recently uploaded

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Digital Forensics best practices with the use of open source tools and admissibility of digital evidence in courts

  • 1. Digital Forensics Best Practices with the use of Open Source Tools and Admissibility of Digital Evidence in Courts Mr. Ninad Nawaghare CFE CFAP DEA CSIR Mr. Sagar Rahurkar CFE BLS LLB LLM CCI
  • 2. The boy is accused of sending an obscene sms As per National Crime Research Bureau, during 2012, 587 cases were registered under cyber crime category for eve teasing / harassment Illustration 1 Source: National Crime Research Bureau - http://ncrb.gov.in/
  • 3. The origin of threatening email was traced back to a cyber café. Illustration 2 As per National Crime Research Bureau, during 2012 , total 135 cases were registered under cyber crime category for extortion & revenge settling. Source: National Crime Research Bureau - http://ncrb.gov.in/
  • 4. Illustration 3 Accounting software is stolen from a server located in Country A. With minor alterations, same software is sold at a cheaper cost in Country B As per National Crime Research Bureau, during 2012, total 624 cases were registered under cyber crime category for greed of money and 668 cases were registered for fraud/ illegal gain. Source: National Crime Research Bureau - http://ncrb.gov.in/
  • 5. Illustration 4 With an intention to revenge the management, disgruntled employee sends a fake mail to the stake holders mentioning irregularities in the company affairs. As per National Crime Research Bureau, during 2012, total 117 cases were registered under cyber crime category for causing disrepute either to an individual, government or organizations Source: National Crime Research Bureau - http://ncrb.gov.in/
  • 6. Vexing Questions with respect to the illustrations Where is the evidence? How do I investigate? How to prove the crime? What is the evidence?
  • 7. Solution is “Digital Forensics” 2‘Digital’ is defined in Oxford Dictionary as: (of signals or data) expressed as series of the digits 0 and 1, typically represented by values of a physical quantity such as voltage or magnetic polarization. Often contrasted with analogue. • involving or relating to the use of computer technology: the digital revolution 3‘Forensics’ is defined in Oxford Dictionary as: Scientific tests or techniques used in connection with the detection of crime Thus Digital Forensics can be defined as: Discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications and storage devices in a way that is admissible as evidence in a court of law. Source: 2http://oxforddictionaries.com/definition/english/digital?q=Digital / 3http://oxforddictionaries.com/definition/english/forensic
  • 8. Expected outcome of “Digital Forensics” is “Digital Evidence” Digital evidence can be defined as : Information and data of value to an investigation that is stored on, received, or transmitted by an electronic device. This evidence is acquired when data or electronic devices are seized and secured for examination. Traits of Digital Evidence May be found in Storage devices like hard disc, CD, DVD, memory card, USB drive, mobile phones & SIM card & Online resource like mail servers & cloud servers Can be hidden in Password protected files, Encrypted files , Steganography files, Formatted hard disc , HPA (Host Protected Area) or DCO (Device Configuration Overlay) of the hard drives Can relate to Online fraud , Organized crime , Identity theft , Data theft , Unauthorized access, Malicious files (Virus attack) , Data alteration , Cyber defamation , Cyber pornography, Online gambling ,Sale of illegal items etc..
  • 9. Phases in “Digital Forensics” process Phase 1: Identification of storage media for potential evidence Phase 2: Acquisition of the storage media Phase 3: Forensic analysis of the acquired media Phase 4: Documentation & Reporting
  • 10. Forensic analysis of the acquired media involves…. Analyzing digital information Identifying traces of network / computer intrusion Identifying & examining malicious files. Employing techniques to crack file & system passwords. Detecting steganography Recovering deleted, fragmented & corrupted data Maintaining evidence custody procedures Courtroom PresentationAnalyzing Online Activities
  • 11. Digital Forensics Process Subjected To Storage Media Digital Evidence Acquires Digital Forensics Process can be implemented either by using commercial tools a.k.a. proprietary tools or open source free tools. Commercial / Proprietary Tools are software applications designed with a commercial objective. The source code & the internal working of the software application is privileged and concealed from the user. Open Source Free Tools are software applications available for usage at no cost. The source code & the internal working of the software application is known to the user. Further more, user has the liberty of altering the source code as per the requirements. To Recapitulate
  • 12. ISSUES with Commercial / Proprietary Tools  High capital cost  High operational cost  High maintenance cost (Paid updates or bugs fixing)  Algorithm/logic not known  Source code is strictly privileged  Heavy dependency on the software manufacturer  Restricted usage ADVANTAGES with Open Source Tools  Zero capital cost  Minimal / No operational cost  Minimal / No maintenance cost  Algorithm/logic is known to the user  Source code is freely available for access , editing & customization  Extensive support from the open source community  Free usage to any number of users
  • 13. Law Enforcement initiative in “Open Source Digital Forensics Tools” By: Belgian Federal Computer Crime Unit (FCCU) http://www.lnx4n6.be/index.php An advanced network forensic framework By: Australian Federal Police, Brisbane, Australia http://sourceforge.net/projects/pyflag/files/ Project in The Software and Systems Division supported by Law Enforcement Standards Office and Department of Homeland Security. http://www.cftt.nist.gov/index.html
  • 14. The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency Law Enforcement initiative in “Open Source Digital Forensics Tools” cont. http://ocfa.sourceforge.net/ ForeIndex: A Framework for Analysis and Triage of Data Forensics By: Forensic Expert of Brazilian Federal Police & Researcher of the Brazilian Space Agency http://www.basistech.com/about-us/events/open-source-forensics-conference/2011/presentations/
  • 15. Proprietary Tools EnCase Forensic - Guidance Software www.guidancesoftware.com/encase-forensic.htm FTK – AccessData www.accessdata.com/products/digital-forensics/ftk WinHex - X-Ways Software Technology AG www.x-ways.net/winhex/ Forensics Apprentice www.registryforensics.com/ BlackLight www.blackbagtech.com/blacklight-1.html Cellebrite - Mobile Forensics and Data transfer solutions www.cellebrite.com/ Paraben – Handheld Digital Forensics http://www.paraben.com/handheld-forensics.html Open Source Tools Digital Forensics Framework www.digital-forensic.org CAINE www.caine-live.net/ DEFT www.deftlinux.net/ Open source tools listed below may not be limited to the same Commercial / Proprietary & Open Source Tools for Imaging in Acquisition Phase
  • 16. Proprietary Tools EnCase Forensic - Guidance Software www.guidancesoftware.com/encase- forensic.htm FTK – AccessData www.accessdata.com/products/digital- forensics/ftk WinHex - X-Ways Software Technology AG www.x-ways.net/winhex/ Forensics Apprentice www.registryforensics.com/ BlackLight www.blackbagtech.com/blacklight-1.html Cellebrite - Mobile Forensics and Data transfer solutions www.cellebrite.com/ Paraben – Handheld Digital Forensics http://www.paraben.com/handheld- forensics.html Open Source Tools Digital Forensics Framework www.digital-forensic.org CAINE www.caine-live.net/ DEFT www.deftlinux.net/ SAFT Mobile Forensics www.signalsec.com/saft/ Analyzing digital information Identifying & examining malicious files Recovering deleted, fragmented, corrupted data Analyzing Online Activities Open source tools listed below may not be limited to the same Commercial / Proprietary & Open Source Tools for Forensic Analysis Analyzing mobiles
  • 17. Analyzing RAM Free Tools CMAT http://sourceforge.net/projects/cmat Volafox https://www.volatilesystems.com/default/volatility Volatile https://www.volatilesystems.com/default/volatility Proprietary Tools Second Look http://secondlookforensics.com/ Windows Scope http://windowsscope.com/ Memoryze http://www.mandiant.com/resources/download/memoryze/ Network Forensics : capturing / analyzing network packets Free Tools WireShark http://www.wireshark.org/ NetworkMinor http://networkminer.en.malavida.com/ Proprietary Tools NetIntercept http://www.securitywizardry.com/index.php/produ cts/forensic-solutions/network-forensic- tools/niksun-netintercept.html Registry analysis Free Tools Registry Decoder http://www.digitalforensicssolutions.com/registrydecoder/ Proprietary Tools Registry Recon http://arsenalrecon.com/apps/ Open source tools listed below may not be limited to the same Commercial / Proprietary & Open Source Tools for Forensic Analysis cont. Identifying traces of network / computer intrusion
  • 18. Password cracking Free Tools John the Ripper www.openwall.com/john Cracking Passwords for Windows, PDF, Word RAR , ZIP & Excel http://pcsupport.about.com/od/toolsofthetrade/t p/password-cracker-recovery.htm Proprietary Tools Password Recovery www.elcomsoft.com/products.html Passware http://www.lostpassword.com/ Detecting Pornography Free Tools Redlight Porn Scanner http://dfcsc.uri.edu/research/redLightTrial [NIJ Funded Project: http://www.nij.gov/topics/technology/software- tools.htm] Proprietary Tools SurfRecon http://www.surfrecon.com/products/home-edition.php Open source tools listed below may not be limited to the same Employing techniques to crack file & system passwords Commercial / Proprietary & Open Source Tools for Forensic Analysis cont.
  • 19. Admissibility of Digital Evidence in Courts
  • 20. Orientation • Digital Evidence - Meaning • Requirements U/Sec. 65B of the Indian Evidence Act • Expert Examiner of Electronic Evidence • Daubert Principle for Expert Witness
  • 21. Digital Evidence Evidence as defined U/Sec. 3 of the Indian Evidence Act means and includes – All statements and all documents including electronic records produced for the inspection of the Court.
  • 22. Requirement U/Sec. 65B of the Indian Evidence Act Sec. 65B - Admissibility of electronic records • Any information contained in an electronic record, • If printed on a paper, stored, recorded or copied in optical or magnetic media produced by a computer shall deemed to be a document, • If the conditions mentioned in this section are satisfied in relation to the information and computer in question and • Shall be admissible in any proceedings, without further proof or production of the original, as evidence of any contents of the original or of any fact stated therein or which direct evidence would be admissible.
  • 23. Conditions U/Sec. 65B (a) Regular use of Computer by the authorised person The computer output containing the information was produced by the computer during the period over which the computer was used regularly to store or process information for the purposes of any activities regularly carried on over that period by the person having lawful control over the use of the computer. (b) Regular feeding of information in the system in the ordinary course of Business During the said period, information of the kind contained in the electronic record or of the kind from which the information so contained is derived was regularly fed into the computer in the ordinary course of the said activities;
  • 24. Conditions U/Sec. 65B (c) Working state of the media Throughout the material part of the said period, the computer was operating properly or, if not, then in respect of any period in which it was not operating properly or was out operation during that part of the period, was not such as to affect the electronic record or the accuracy of its contents; and (d) The information contained in the electronic record reproduces or is derived from such information fed into the computer in the ordinary course of the said activities.
  • 25. Requirement of an Affidavit • To demonstrate compliance with the requirements of conditions, a statement in form of affidavit is required to be made in the court. • It should be signed by a person occupying a responsible official position in relation to the operation of the relevant device or the management of the relevant activities • Section 65B(4).
  • 26. Is it really necessary ? • The requirement to file an affidavit under Sec. 65B is not absolute. Supreme Court, in the case of State v. Navjot Sandhu , while examining Section 65B, held that, even when an affidavit/certificate under Sec. 65B is not filed it would not foreclose the Court from examining such evidence provided it complies with the requirements of Section 63 and 65 of the Evidence Act (refer to Para 150 of the judgement). • Vodafone Essar Ltd. Vs. Raju Sud the Bombay High Court dispensed with the requirement under Sec. 65B.
  • 27. Expert Witness • Witness, who by virtue of education, training, skill, or experience, is believed to have knowledge in a particular subject beyond an average person. • In a famous Scottish case, Davie v Edinburgh Magistrates (1953), the function of an expert witness is discussed as, ‘to furnish the judge with the necessary scientific criteria for testing the accuracy of their conclusions, so as to enable them to form their own independent judgment by the application of these criteria to the facts provided in evidence’.
  • 28. If scientific, technical, or other specialized knowledge will assist the trier of fact to understand the evidence or to determine a fact in issue, a witness qualified as an expert by knowledge, skill, experience, training, or education and may testify his opinion. Criteria for expert U/the principle – 1) Whether the expert has used scientific methods/discovery techniques? 2) Whether method/s used by the expert in the case has ever been used by any other expert or same expert in any other case? 3) Whether the testimony is the product of reliable principles and methods? 4) Whether the expert has applied the principles and methods reliably to the facts of the case? Daubert Principle for Expert Witness
  • 29. Sec. 79A – The Information Technology Act, 2000 • The Central Government may, for the purposes of providing expert opinion on electronic evidence before any court or other authority specify, by notification in the official Gazette, any department, body or agency of the Central Government or a State Government as an Examiner of Electronic Evidence. Examiner of Electronic Evidence
  • 30.
  • 31. Sagar Rahurkar @ - contact@sagarrahurkar.com # - +91-9623444448 Ninad Nawaghare @ - ninad.nawaghare@gmail.com # - +91-9004094463