Professional Documents
Culture Documents
Zunera Jalil
Email: zunera.jalil@mail.au.edu.pk
Your Previous Home Task
• https://www.journals.elsevier.com/forensic-science-international-
digital-investigation
• https://link.springer.com/chapter/10.1007/978-981-15-1480-7_20
• https://www.nist.gov/news-events/news/2020/06/nist-digital-
forensics-experts-show-us-what-you-got
• https://www.computer.org/publications/tech-
news/research/digital-forensics-security-challenges-cybercrime
• www.nr3c.gov.pk
• www.fbi.gov
Digital Forensics 3
Methodology:
Acquire the evidence without altering or damaging the
original.
Authenticate that the recovered evidence is the same as
the original seized.
Analyze the data without modifying it.
Cyber Attacks in Top 10 Risks (WEF Report 2020)
https://guardian.ng/technology/cfin-seeks-partnership-in-implementation-of-cybercrime-act/
https://reports.weforum.org/global-risks-report-2020/wild-wide-web/
90 % of All Criminal Cases Have One Form of Electronic
Evidence or The Other
https://guardian.ng/technology/cfin-seeks-partnership-in-implementation-of-cybercrime-act/
Digital Forensics Market to Hit 4.8 Billion USD in
Revenues by 2020
The definition of digital forensics has also evolved over the years from
simply involving “securing and analyzing digital information stored on a
computer for use as evidence in civil, criminal, or administrative cases”.
The “application of computer science and investigative procedures for
a legal purpose involving the analysis of digital evidence (that is stored
or transmitted in binary form) after proper search authority, chain of
custody, validation with mathematics (hash function), use of validated
tools, repeatability, reporting and possible expert presentation”
Criminal Prosecutors
Rely on evidence obtained from a computer to prosecute suspects and
use as evidence
Civil Litigations
Personal and business data discovered on a computer can be used in
fraud, divorce, harassment, or discrimination cases
Insurance Companies
Evidence discovered on computer can be
used to mollify costs (fraud, worker’s
compensation, arson, etc)
Why Use Computer Forensics?... 14
Private Corporations
Obtained evidence from employee computers can
be used as evidence in harassment, fraud, and embezzlement cases
Law Enforcement Officials
Rely on computer forensics to backup search warrants and post-seizure
handling
Individual/Private Citizens
Obtain the services of professional computer forensic specialists to
support claims of harassment, abuse, or wrongful termination from
employment
Digital Investigations 15
INTRUSION ANALYSIS
• Who gained entry?
• What did they do?
• When did this Happen?
• How did they do this?
DAMAGE ASSESMENT
• What was available for the intruder to see?
• What did he take?
Types of Forensics Requests…
TOOL ANALYSIS What tools were used?
How were they executed?
EVIDENCE SEARCH
Deleted Files
Hidden Files, Encrypted Files
Known Remote Access Tools
Hidden partitions
Types of Digital Investigations
Two categories:
• One way that businesses can reduce the risk of litigation is to publish
and maintain policies that employees find easy to read and follow. In
addition, these policies can make internal investigations go more
smoothly.
• The most important policies are those defining rules for using the
company‟s computers and networks; this type of policy is commonly
known as an “acceptable usage policy.” Organizations should have all
employees sign this acceptable use agreement.
Sources of Evidence???
Sources of Evidence 27
Sources of Evidence 28
Device Identification
Evidence Collection
2. Identification
This step involves identifying what data could be recovered and electronically
retrieving it by running various Computer Forensic tools and software suites
3. Evaluation
Evaluating the information/data recovered to determine if and how it could be used
again the suspect for employment termination or prosecution in court
4. Presentation
This step involves the presentation of evidence discovered in a manner which is
understood by lawyers, non-technically staff/management, and suitable as evidence
as determined by United States and internal laws
Digital Investigation Process
Cybercrimes
Cyber crimes
Definition
Learn Python
Home Task 42