SlideShare a Scribd company logo

Digital forensics ahmed emam

Download as PPTX, PDF
ahmad abdelhafeez
ahmad abdelhafeez

network,security

Engineering
1 of 27
Digital Forensics Presented by: Ahmed Emam Presented to: Dr. Ashraf Tammam
Outline • Introduction • Categories • History • Review • Types of computer crimes and investigations. • Anti-forensics • Future Challenges • Real life cases • Conclusion • References
Introduction • Your computer will betray you. • Change is inevitable. • digital forensics is still in its infancy.
Introduction – cntd’ According to a study by University of California – Berkeley in 2001. It was found that 93% of all new information at that time was created entirely in digital format.
What? • Forensics is the application of science to solve a legal problem. • Digital Forensics is the preservation, identification, extraction, interpretation and documentation of computer evidence which can be used in the court of law. • In Forensic Magazine, Ken Zatyko defined digital forensics this way: “The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation.”
Digital Forensics Categories
History • The field started to emerge in the 1980’s. • Since the late 1970s the amount of crime involving computers has been growing very quickly, creating a need for constantly developing forensic tools and practices. • The first computer crimes were recognized in the 1978 Florida Computer Crimes Act, which included legislation against the unauthorized modification or deletion of data on a computer system. • In the 1980’s, the federal laws began to incorporate computer offences and Canada was the first country to pass legislation in 1983. • Starting 2000, in response to the need for standardization, various bodies and agencies have published guidelines for digital forensics. • Many of the early members were computer hobbyists and became responsible for the field's initial research and direction. • One of the first practical (or at least publicized) examples of digital forensics was Cliff Stoll's pursuit of hacker Markus Hess in 1986.
Review – Why and Who? • Why? - Due to the growth in computer crime law enforcement agencies began establishing specialized groups to handle the technical aspects of investigations. • Who? - Criminal Prosecutors & law enforcement agencies, Insurance Companies, Private Corporations.
Review – How?
Types of Computer Crimes and Investigations • Types of Computer Crimes:  Computer based crimes.  Computer facilitated crimes. • Types of Investigations:  Criminal forensics.  Intelligence gathering.  civil litigation – Also known as Electronic discovery (eDiscovery).  Intrusion investigation.  administrative matters.
Conditions of Reliability • The “conditions of reliability” are generally the same for most jurisdictions and it was stated that electronic copies of data are admissible provided that:  They were from the indicated source.  They were acquired using proven tools and techniques.  They have not been altered since the time of acquisition.
Challenges – Digital Forensics • Digital evidence accepted into court. • Costs. • Presents the potential for exposing privileged documents. • Legal practitioners must have extensive computer knowledge.
Locard’s Exchange Principle • “Wherever he steps, whatever he touches, whatever he leaves, even unconsciously, will serve as a silent witness against him. Not only his fingerprints or his footprints, but his hair, the fibers from his clothes, the glass he breaks, the tool mark he leaves, the paint he scratches, the blood or semen he deposits or collects. All of these and more, bear mute witness against him. This is evidence that does not forget. It is not confused by the excitement of the moment. It is not absent because human witnesses are. It is factual evidence. Physical evidence cannot be wrong, it cannot perjure itself, it cannot be wholly absent. Only human failure to find it, study and understand it, can diminish its value.” • It can be interpreted as follows: In the physical world, when perpetrators enter or leave a crime scene, they will leave something behind and take something with them. Examples include DNA, latent prints, hair, and fibers
Locard’s Analogy for Digital Forensics • Registry keys and log files can serve as the digital equivalent to hair and fiber. • Like DNA, our ability to detect and analyze these artifacts relies heavily on the technology available at the time. • Viewing a device or incident through the “lens” of Locard’s principle can be very helpful in locating and interpreting not only physical but digital evidence as well.
The field of Anti-forensics • To counter the relatively new forensic advances, anti- forensic tools and techniques are cropping up in significant numbers. • They are being used by criminals, terrorists, and corporate executives. • Definition: “an approach to manipulate, erase, or obfuscate digital data or to make its examination difficult, time consuming, or virtually impossible”
Several Techniques for Anti-forensics • Hiding Data:  Changing file names and extensions.  Burying files deep within seemingly unrelated directories.  Hiding files within files.  Encryption.  Steganography. • Destroying Data:  Drive wiping  “Darik’s Boot and Nuke”  “DiskWipe”  “CBL Data Shredder”  “Webroot Window Washer”  “Evidence Eliminator”
Concerns about Data wiping • From an evidentiary or investigative perspective, the presence or use of these applications can serve as the next best thing to the original evidence. • As Seen, some tales are left in the registry
More concerns • When looking at the drive at the bit level, a distinct repeating pattern of data may be seen. This is completely different from what would normally be found on a hard drive in everyday use.
More concerns • Some operating systems, Apple OSX Lion for example, ship with a drive wiping utility installed. Called Secure Erase, this utility offers multiple options for data destruction.
Future Challenges and POR • Standards and Controls: Standards and controls are a fundamental part of scientific analysis, including forensic science. Its relevance to digital forensics is a matter of dispute. Standard Control A prepared sample that has known properties that is used as a control during forensic analyses. A test performed in parallel with experimental samples that is designed to demonstrate that a procedure is working correctly and the results are valid.
Future Challenges and POR • Standards and Control – cntd’:  Two opinions exist. John Barbra Scientific Working Group on Digital Evidence “In the end, closely following these established scientific practices ensures that any results gained are accurate, reliable, and repeatable. He further argued that without the use of standards and controls, it would be “extremely difficult or impossible to scientifically assess the validity of the results obtained from the analysis of the physical evidence” “Their position is that standards are being used in digital forensics, but controls are “not applicable in the computer forensics sub-discipline”  SWGDE’s position centers on false positives.  Tools and processes may miss evidence, but they will never find evidence that doesn’t exist.
Future Challenges and POR • CLOUD FORENSICS  Technically: Deleted files on a magnetic drive remain on the disk until they are overwritten. In the cloud, when a file is deleted the mapping is removed immediately, usually within a matter of seconds. This means that there is no remote access to the deleted data.  Legally: Dealing with multiple jurisdictions can significantly frustrate efforts to get to the relevant data • SOLID STATE DRIVES (SSD) • SPEED OF CHANGE
Case Scenarios – Case 1 Italian Case Law on Digital Evidence • Digital evidence could be altered and can contain countless pieces of information. The “Garlasco” case is a clear example of this.
Case Scenarios – Case 2 BTK Killer • The case of Dennis Rader, better known as the BTK killer. • It was solved thirty years later with the help of digital forensics. • He murdered ten people in Kansas from 1974 to 1991. Rader managed to avoid capture for over thirty years until technology betrayed him. • A floppy disk was received from the BTK killer. • The disc contained a file named “Test A.rtf.” (The .rtf extension stands for “Rich Text File”). A forensic exam of the file struck gold. The file’s metadata (the data about the data) gave investigators the leads they had been waiting over thirty years for. Aside from the “Date Created” (Thursday, February 10, 2005 6:05:34 PM) and the “Date Modified” (Monday, February 14, 2005 2:47:44 PM) were the “Title” (Christ Lutheran Church) and “Last Saved By:” (Dennis).
Conclusion • Digital Forensics field is an emerging field and it faces lots of challenges that are still POR. However, the intense research makes it viable to be taken into consideration in house of court.
Thank You Any Questions?
References • The Basics of Digital Forensics, by Johm Sammons • http://www.cert.org/digital-intelligence/history.cfm • http://www.cert.org/about/ • http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=59056 • http://resources.sei.cmu.edu/asset_files/TechnicalNote/2013_004_001_40234.pdf • http://resources.sei.cmu.edu/asset_files/WhitePaper/2012_019_001_52449.pdf • http://resources.sei.cmu.edu/asset_files/CERTResearchReport/2009_013_001_51315.pdf • http://resources.sei.cmu.edu/asset_files/TechnicalNote/2008_004_001_14948.pdf • http://resources.sei.cmu.edu/asset_files/Handbook/2005_002_001_14429.pdf • http://resources.sei.cmu.edu/asset_files/Handbook/2005_002_001_14432.pdf • http://www.cert.org/digital-intelligence/case-studies/tjx-heartland.cfm • http://www.cert.org/digital-intelligence/case-studies/iceman.cfm • http://www.us-cert.gov/sites/default/files/publications/infosheet_Cyber%20Exercises.pdf • http://en.wikipedia.org/wiki/Digital_forensics • http://www.techopedia.com/definition/27805/digital-forensics • http://www.forensicswiki.org/wiki/Main_Page • http://www.tees.ac.uk/undergraduate_courses/Crime_Scene_&_Forensic_Science/BSc_(Hons)_Computer_ and_Digital_Forensics.cfm • https://eforensicsmag.com • http://www.dfrws.org • http://en.wikibooks.org/wiki/Introduction_to_Digital_Forensics/Acquisition • http://researchrepository.murdoch.edu.au/14422/2/02Whole.pdf • http://prezi.com/4_azs1ecvq4y/crimes-solved-using-digital-forensics/ • Slide Share presentations.

Recommended

cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicNovizul Evendi
 

Recommended

cyber security and forensic tools
cyber security and forensic toolscyber security and forensic tools
cyber security and forensic toolsSonu Sunaliya
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentationSomya Johri
 
Lecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptLecture2 Introduction to Digital Forensics.ppt
Lecture2 Introduction to Digital Forensics.pptSurajgroupsvideo
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
CS6004 Cyber Forensics
CS6004 Cyber ForensicsCS6004 Cyber Forensics
CS6004 Cyber ForensicsKathirvel Ayyaswamy
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicNovizul Evendi
 
Digital investigation
Digital investigationDigital investigation
Digital investigationunnilala11
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics pptOECLIB Odisha Electronics Control Library
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Difference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxDifference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxApplied Forensic Research Sciences
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Drone forensics
Drone forensics Drone forensics
Drone forensics AdityaWibisono14
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & ChallengesDeepak Kumar (D3)
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imagingDINESH KAMBLE
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsMithileysh Sathiyanarayanan
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPDDavide Gabrini
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Dennis Rader
Dennis RaderDennis Rader
Dennis Radermabrandt
 

More Related Content

What's hot

Digital investigation
Digital investigationDigital investigation
Digital investigationunnilala11
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxBhupeshkumar Nanhe
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidenceOnline
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic pptSuchita Rawat
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Anpumathews
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigationedwardbel
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidenceOnline
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensicOnline
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPDDavide Gabrini
 

What's hot (20)

Digital investigation
Digital investigationDigital investigation
Digital investigation
 
Computer Forensics ppt
Computer Forensics pptComputer Forensics ppt
Computer Forensics ppt
 
L6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptxL6 Digital Forensic Investigation Tools.pptx
L6 Digital Forensic Investigation Tools.pptx
 
Preserving and recovering digital evidence
Preserving and recovering digital evidencePreserving and recovering digital evidence
Preserving and recovering digital evidence
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Digital Forensic ppt
Digital Forensic pptDigital Forensic ppt
Digital Forensic ppt
 
Anti forensic
Anti forensicAnti forensic
Anti forensic
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
 
Difference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptxDifference between Cyber and digital Forensic.pptx
Difference between Cyber and digital Forensic.pptx
 
Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1Introduction to Cyber Forensics Module 1
Introduction to Cyber Forensics Module 1
 
E-mail Investigation
E-mail InvestigationE-mail Investigation
E-mail Investigation
 
Drone forensics
Drone forensics Drone forensics
Drone forensics
 
Cyber Forensics & Challenges
Cyber Forensics & ChallengesCyber Forensics & Challenges
Cyber Forensics & Challenges
 
Forensic imaging
Forensic imagingForensic imaging
Forensic imaging
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Collecting and preserving digital evidence
Collecting and preserving digital evidenceCollecting and preserving digital evidence
Collecting and preserving digital evidence
 
Introduction to computer forensic
Introduction to computer forensicIntroduction to computer forensic
Introduction to computer forensic
 
2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD2022-05-12 Live Forensics for Law Enforcement @UniPD
2022-05-12 Live Forensics for Law Enforcement @UniPD
 

Viewers also liked

Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Dennis Rader
Dennis RaderDennis Rader
Dennis Radermabrandt
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudGoutama Bachtiar
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logsanilinvns
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics IntroJake K.
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsGovind Maheswaran
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network ForensicsSavvius, Inc
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensicsanupriti
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 

Viewers also liked (14)

Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Dennis Rader
Dennis RaderDennis Rader
Dennis Rader
 
Conducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and FraudConducting Digital Forensics against Crime and Fraud
Conducting Digital Forensics against Crime and Fraud
 
Cloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit PlanningCloud Breach - Forensics Audit Planning
Cloud Breach - Forensics Audit Planning
 
Network forensics1
Network forensics1Network forensics1
Network forensics1
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Network forensics and investigating logs
Network forensics and investigating logsNetwork forensics and investigating logs
Network forensics and investigating logs
 
Network Forensics Intro
Network Forensics IntroNetwork Forensics Intro
Network Forensics Intro
 
Network Forensics
Network ForensicsNetwork Forensics
Network Forensics
 
Cloud Computing : Security and Forensics
Cloud Computing : Security and ForensicsCloud Computing : Security and Forensics
Cloud Computing : Security and Forensics
 
Wired and Wireless Network Forensics
Wired and Wireless Network ForensicsWired and Wireless Network Forensics
Wired and Wireless Network Forensics
 
Cloud-forensics
Cloud-forensicsCloud-forensics
Cloud-forensics
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 

Similar to Digital forensics ahmed emam

Social Issues in Computing : Forensics
Social Issues in Computing : ForensicsSocial Issues in Computing : Forensics
Social Issues in Computing : ForensicsKaruna Kak
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Damir Delija
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensicsJohnson Ubah
 
Digital&computforensic
Digital&computforensicDigital&computforensic
Digital&computforensicRahul Badekar
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Muzzammil Wani
 
Legal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud ComputingLegal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud ComputingNeal Axton
 
CS426_forensics.ppt
CS426_forensics.pptCS426_forensics.ppt
CS426_forensics.pptOkviNugroho1
 
CS426_forensics_tools to analyse and deve
CS426_forensics_tools to analyse and deveCS426_forensics_tools to analyse and deve
CS426_forensics_tools to analyse and devevikashagarwal874473
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemsMayank Diwakar
 
Digital forensic
Digital forensicDigital forensic
Digital forensicChandan Sah
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draftDamir Delija
 
Computer forensics 1
Computer forensics 1Computer forensics 1
Computer forensics 1Jinalkakadiya
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 

Similar to Digital forensics ahmed emam (20)

Social Issues in Computing : Forensics
Social Issues in Computing : ForensicsSocial Issues in Computing : Forensics
Social Issues in Computing : Forensics
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Network and computer forensics
Network and computer forensicsNetwork and computer forensics
Network and computer forensics
 
Computer forencis
Computer forencisComputer forencis
Computer forencis
 
Digital&computforensic
Digital&computforensicDigital&computforensic
Digital&computforensic
 
Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014Cyber forensics 02 mit-2014
Cyber forensics 02 mit-2014
 
Legal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud ComputingLegal Research in the Age of Cloud Computing
Legal Research in the Age of Cloud Computing
 
CS426_forensics.ppt
CS426_forensics.pptCS426_forensics.ppt
CS426_forensics.ppt
 
CS426_forensics_tools to analyse and deve
CS426_forensics_tools to analyse and deveCS426_forensics_tools to analyse and deve
CS426_forensics_tools to analyse and deve
 
CS426_forensics.ppt
CS426_forensics.pptCS426_forensics.ppt
CS426_forensics.ppt
 
CYBERFORENSICS
CYBERFORENSICSCYBERFORENSICS
CYBERFORENSICS
 
cyber law and forensics,biometrics systems
cyber law and forensics,biometrics systemscyber law and forensics,biometrics systems
cyber law and forensics,biometrics systems
 
Digital forensics by vimal priya.s
Digital forensics by vimal priya.sDigital forensics by vimal priya.s
Digital forensics by vimal priya.s
 
Digital forensic
Digital forensicDigital forensic
Digital forensic
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draft
 
Computer forensics 1
Computer forensics 1Computer forensics 1
Computer forensics 1
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
The Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptxThe Scope of Cyber Forensic.pptx
The Scope of Cyber Forensic.pptx
 

More from ahmad abdelhafeez

Surveying cross layer protocols in ws ns
Surveying cross layer protocols in ws nsSurveying cross layer protocols in ws ns
Surveying cross layer protocols in ws nsahmad abdelhafeez
 
Energy harvesting sensor nodes
Energy harvesting sensor nodes Energy harvesting sensor nodes
Energy harvesting sensor nodes ahmad abdelhafeez
 
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...ahmad abdelhafeez
 
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...ahmad abdelhafeez
 
Energy conservation in wireless sensor networks
Energy conservation in wireless sensor networksEnergy conservation in wireless sensor networks
Energy conservation in wireless sensor networksahmad abdelhafeez
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksahmad abdelhafeez
 
Malewareanalysis presentation
Malewareanalysis presentationMalewareanalysis presentation
Malewareanalysis presentationahmad abdelhafeez
 

More from ahmad abdelhafeez (20)

Surveying cross layer protocols in ws ns
Surveying cross layer protocols in ws nsSurveying cross layer protocols in ws ns
Surveying cross layer protocols in ws ns
 
Service level management
Service level managementService level management
Service level management
 
Energy harvesting sensor nodes
Energy harvesting sensor nodes Energy harvesting sensor nodes
Energy harvesting sensor nodes
 
V5I3_IJERTV5IS031157
V5I3_IJERTV5IS031157V5I3_IJERTV5IS031157
V5I3_IJERTV5IS031157
 
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
 
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
Robust Breast Cancer Diagnosis on Four Different Datasets Using Multi-Classif...
 
Energy conservation in wireless sensor networks
Energy conservation in wireless sensor networksEnergy conservation in wireless sensor networks
Energy conservation in wireless sensor networks
 
Localization in wsn
Localization in wsnLocalization in wsn
Localization in wsn
 
Routing
RoutingRouting
Routing
 
Wsn security issues
Wsn security issuesWsn security issues
Wsn security issues
 
Trusted systems
Trusted systemsTrusted systems
Trusted systems
 
opnet
opnetopnet
opnet
 
Wsn security issues
Wsn security issuesWsn security issues
Wsn security issues
 
Sdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networksSdn pres v2-Software-defined networks
Sdn pres v2-Software-defined networks
 
Intrusion prevension
Intrusion prevensionIntrusion prevension
Intrusion prevension
 
Digital forensics.abdallah
Digital forensics.abdallahDigital forensics.abdallah
Digital forensics.abdallah
 
Cloud computing final show
Cloud computing final showCloud computing final show
Cloud computing final show
 
Incident handling.final
Incident handling.finalIncident handling.final
Incident handling.final
 
Malewareanalysis presentation
Malewareanalysis presentationMalewareanalysis presentation
Malewareanalysis presentation
 
pentration testing
pentration testingpentration testing
pentration testing
 

Recently uploaded

Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfKamal Acharya
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...ranjana rawat
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations120cr0395
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college projectTonystark477637
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfankushspencer015
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 

Recently uploaded (20)

Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdfONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
ONLINE FOOD ORDER SYSTEM PROJECT REPORT.pdf
 
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
The Most Attractive Pune Call Girls Manchar 8250192130 Will You Miss This Cha...
 
Extrusion Processes and Their Limitations
Extrusion Processes and Their LimitationsExtrusion Processes and Their Limitations
Extrusion Processes and Their Limitations
 
result management system report for college project
result management system report for college projectresult management system report for college project
result management system report for college project
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
AKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdfAKTU Computer Networks notes --- Unit 3.pdf
AKTU Computer Networks notes --- Unit 3.pdf
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 

Digital forensics ahmed emam

  • 1. Digital Forensics Presented by: Ahmed Emam Presented to: Dr. Ashraf Tammam
  • 2. Outline • Introduction • Categories • History • Review • Types of computer crimes and investigations. • Anti-forensics • Future Challenges • Real life cases • Conclusion • References
  • 3. Introduction • Your computer will betray you. • Change is inevitable. • digital forensics is still in its infancy.
  • 4. Introduction – cntd’ According to a study by University of California – Berkeley in 2001. It was found that 93% of all new information at that time was created entirely in digital format.
  • 5. What? • Forensics is the application of science to solve a legal problem. • Digital Forensics is the preservation, identification, extraction, interpretation and documentation of computer evidence which can be used in the court of law. • In Forensic Magazine, Ken Zatyko defined digital forensics this way: “The application of computer science and investigative procedures for a legal purpose involving the analysis of digital evidence after proper search authority, chain of custody, validation with mathematics, use of validated tools, repeatability, reporting, and possible expert presentation.”
  • 7. History • The field started to emerge in the 1980’s. • Since the late 1970s the amount of crime involving computers has been growing very quickly, creating a need for constantly developing forensic tools and practices. • The first computer crimes were recognized in the 1978 Florida Computer Crimes Act, which included legislation against the unauthorized modification or deletion of data on a computer system. • In the 1980’s, the federal laws began to incorporate computer offences and Canada was the first country to pass legislation in 1983. • Starting 2000, in response to the need for standardization, various bodies and agencies have published guidelines for digital forensics. • Many of the early members were computer hobbyists and became responsible for the field's initial research and direction. • One of the first practical (or at least publicized) examples of digital forensics was Cliff Stoll's pursuit of hacker Markus Hess in 1986.
  • 8. Review – Why and Who? • Why? - Due to the growth in computer crime law enforcement agencies began establishing specialized groups to handle the technical aspects of investigations. • Who? - Criminal Prosecutors & law enforcement agencies, Insurance Companies, Private Corporations.
  • 10. Types of Computer Crimes and Investigations • Types of Computer Crimes:  Computer based crimes.  Computer facilitated crimes. • Types of Investigations:  Criminal forensics.  Intelligence gathering.  civil litigation – Also known as Electronic discovery (eDiscovery).  Intrusion investigation.  administrative matters.
  • 11. Conditions of Reliability • The “conditions of reliability” are generally the same for most jurisdictions and it was stated that electronic copies of data are admissible provided that:  They were from the indicated source.  They were acquired using proven tools and techniques.  They have not been altered since the time of acquisition.
  • 12. Challenges – Digital Forensics • Digital evidence accepted into court. • Costs. • Presents the potential for exposing privileged documents. • Legal practitioners must have extensive computer knowledge.
  • 13. Locard’s Exchange Principle • “Wherever he steps, whatever he touches, whatever he leaves, even unconsciously, will serve as a silent witness against him. Not only his fingerprints or his footprints, but his hair, the fibers from his clothes, the glass he breaks, the tool mark he leaves, the paint he scratches, the blood or semen he deposits or collects. All of these and more, bear mute witness against him. This is evidence that does not forget. It is not confused by the excitement of the moment. It is not absent because human witnesses are. It is factual evidence. Physical evidence cannot be wrong, it cannot perjure itself, it cannot be wholly absent. Only human failure to find it, study and understand it, can diminish its value.” • It can be interpreted as follows: In the physical world, when perpetrators enter or leave a crime scene, they will leave something behind and take something with them. Examples include DNA, latent prints, hair, and fibers
  • 14. Locard’s Analogy for Digital Forensics • Registry keys and log files can serve as the digital equivalent to hair and fiber. • Like DNA, our ability to detect and analyze these artifacts relies heavily on the technology available at the time. • Viewing a device or incident through the “lens” of Locard’s principle can be very helpful in locating and interpreting not only physical but digital evidence as well.
  • 15. The field of Anti-forensics • To counter the relatively new forensic advances, anti- forensic tools and techniques are cropping up in significant numbers. • They are being used by criminals, terrorists, and corporate executives. • Definition: “an approach to manipulate, erase, or obfuscate digital data or to make its examination difficult, time consuming, or virtually impossible”
  • 16. Several Techniques for Anti-forensics • Hiding Data:  Changing file names and extensions.  Burying files deep within seemingly unrelated directories.  Hiding files within files.  Encryption.  Steganography. • Destroying Data:  Drive wiping  “Darik’s Boot and Nuke”  “DiskWipe”  “CBL Data Shredder”  “Webroot Window Washer”  “Evidence Eliminator”
  • 17. Concerns about Data wiping • From an evidentiary or investigative perspective, the presence or use of these applications can serve as the next best thing to the original evidence. • As Seen, some tales are left in the registry
  • 18. More concerns • When looking at the drive at the bit level, a distinct repeating pattern of data may be seen. This is completely different from what would normally be found on a hard drive in everyday use.
  • 19. More concerns • Some operating systems, Apple OSX Lion for example, ship with a drive wiping utility installed. Called Secure Erase, this utility offers multiple options for data destruction.
  • 20. Future Challenges and POR • Standards and Controls: Standards and controls are a fundamental part of scientific analysis, including forensic science. Its relevance to digital forensics is a matter of dispute. Standard Control A prepared sample that has known properties that is used as a control during forensic analyses. A test performed in parallel with experimental samples that is designed to demonstrate that a procedure is working correctly and the results are valid.
  • 21. Future Challenges and POR • Standards and Control – cntd’:  Two opinions exist. John Barbra Scientific Working Group on Digital Evidence “In the end, closely following these established scientific practices ensures that any results gained are accurate, reliable, and repeatable. He further argued that without the use of standards and controls, it would be “extremely difficult or impossible to scientifically assess the validity of the results obtained from the analysis of the physical evidence” “Their position is that standards are being used in digital forensics, but controls are “not applicable in the computer forensics sub-discipline”  SWGDE’s position centers on false positives.  Tools and processes may miss evidence, but they will never find evidence that doesn’t exist.
  • 22. Future Challenges and POR • CLOUD FORENSICS  Technically: Deleted files on a magnetic drive remain on the disk until they are overwritten. In the cloud, when a file is deleted the mapping is removed immediately, usually within a matter of seconds. This means that there is no remote access to the deleted data.  Legally: Dealing with multiple jurisdictions can significantly frustrate efforts to get to the relevant data • SOLID STATE DRIVES (SSD) • SPEED OF CHANGE
  • 23. Case Scenarios – Case 1 Italian Case Law on Digital Evidence • Digital evidence could be altered and can contain countless pieces of information. The “Garlasco” case is a clear example of this.
  • 24. Case Scenarios – Case 2 BTK Killer • The case of Dennis Rader, better known as the BTK killer. • It was solved thirty years later with the help of digital forensics. • He murdered ten people in Kansas from 1974 to 1991. Rader managed to avoid capture for over thirty years until technology betrayed him. • A floppy disk was received from the BTK killer. • The disc contained a file named “Test A.rtf.” (The .rtf extension stands for “Rich Text File”). A forensic exam of the file struck gold. The file’s metadata (the data about the data) gave investigators the leads they had been waiting over thirty years for. Aside from the “Date Created” (Thursday, February 10, 2005 6:05:34 PM) and the “Date Modified” (Monday, February 14, 2005 2:47:44 PM) were the “Title” (Christ Lutheran Church) and “Last Saved By:” (Dennis).
  • 25. Conclusion • Digital Forensics field is an emerging field and it faces lots of challenges that are still POR. However, the intense research makes it viable to be taken into consideration in house of court.
  • 27. References • The Basics of Digital Forensics, by Johm Sammons • http://www.cert.org/digital-intelligence/history.cfm • http://www.cert.org/about/ • http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=59056 • http://resources.sei.cmu.edu/asset_files/TechnicalNote/2013_004_001_40234.pdf • http://resources.sei.cmu.edu/asset_files/WhitePaper/2012_019_001_52449.pdf • http://resources.sei.cmu.edu/asset_files/CERTResearchReport/2009_013_001_51315.pdf • http://resources.sei.cmu.edu/asset_files/TechnicalNote/2008_004_001_14948.pdf • http://resources.sei.cmu.edu/asset_files/Handbook/2005_002_001_14429.pdf • http://resources.sei.cmu.edu/asset_files/Handbook/2005_002_001_14432.pdf • http://www.cert.org/digital-intelligence/case-studies/tjx-heartland.cfm • http://www.cert.org/digital-intelligence/case-studies/iceman.cfm • http://www.us-cert.gov/sites/default/files/publications/infosheet_Cyber%20Exercises.pdf • http://en.wikipedia.org/wiki/Digital_forensics • http://www.techopedia.com/definition/27805/digital-forensics • http://www.forensicswiki.org/wiki/Main_Page • http://www.tees.ac.uk/undergraduate_courses/Crime_Scene_&_Forensic_Science/BSc_(Hons)_Computer_ and_Digital_Forensics.cfm • https://eforensicsmag.com • http://www.dfrws.org • http://en.wikibooks.org/wiki/Introduction_to_Digital_Forensics/Acquisition • http://researchrepository.murdoch.edu.au/14422/2/02Whole.pdf • http://prezi.com/4_azs1ecvq4y/crimes-solved-using-digital-forensics/ • Slide Share presentations.