Professional Documents
Culture Documents
Forensics
Computer Forensics
Module Description
Chapter Table of Contents
Aim
Instructional Objectives
Learning Outcomes
1
1.1.1 Introduction
(i) History
3.
2
Year Phase Development
3
(ii) Basic Terminology
What is Cyber Crime?
4
(iii) Myths about Computer Forensics
Myth #1
Reality
Myth #2
Reality
Myth #3
5
Reality
6
(v) Rules of Computer Forensics
7
Self-assessment Questions
8
1.1.2 Computer Forensics Evidence
9
Where can we find evidence?
10
Self-assessment Questions
11
1.1.3 Forms of Cyber-crime
Intellectual Property (IP) Theft
12
Industrial Espionage
Bankruptcy
13
E-mail related crimes
14
Regulatory Compliance
Cyber Stalking
15
16
(ii) Types of Hacks
17
18
19
Self-assessment Questions
20
1.1.4 Computer Forensics Tools
1. Acquisition
21
3. Extraction and Analysis
4. Reporting
22
Self-assessment Questions
23
Summary
o
24
Terminal Questions
25
Answer Keys
Self-assessment Questions
Question No. Answer
26
Activity
27
Bibliography
e-References
Image Credits
28
External Resources
Video Links
Topic Link
29
Notes:
30
Chapter Table of Contents
Aim
Instructional Objectives
Learning Outcomes
31
1.2.1 Introduction
32
Computer Forensics Principles
33
(i) First Responder Procedures
34
Case Example
35
36
Potential places of evidence
Computer and
Phone devices
37
Preparation for the first response
First responder Tool kit
38
39
1. Documentation tools
4. Notebook computers
5. Software tools
6. Hardware tools
40
Self-assessment Questions
41
1.2.3 Incident Responses in Different Situations
42
(iii) Non-Technical Staff
43
Working with Powered-Off Systems
44
Evidence Preservation
45
46
Self-assessment Questions
47
1.2.4 Computer Forensics Investigation Procedure
48
Scoping
Acquire evidence
49
50
2. Investigation and Analysis
a) Timeline Analysis:
b) Media Analysis:
51
c) String Searching:
52
d) Data Recovery:
3. Reporting Phase
53
54
Self-assessment Questions
55
Summary
o
56
Terminal Questions
57
Answer Keys
Self-assessment Questions
Question No. Answer
58
Activities
59
Bibliography
e-References
60
External Resources
Video Links
Topic Link
61
Notes:
62
Storage Devices
and Data Recovery
Methods
Storage Devices and Data Recovery
Methods
Module Description
Chapter Table of Contents
Aim
Instructional Objectives
Learning Outcomes
63
2.1.1 Introduction to Storage Devices
64
No need to carry files of physical storage devices wherever you go
Store and retrieve audio, video, text and graphics files anytime and from
anywhere
Floppy Disks
65
Tape drives
Advantages Disadvantages
66
67
Blu-ray Disc
68
CD/DVD Drive Maximum Data Transfer RPMs (revolutions per
Speed Rate minute)
69
Self-assessment Questions
70
2.1.2 Working of Storage Devices
71
Optical storage devices
(i) Platters
72
(ii) Head Assembly
Head Assembly/read write head in magnetic storage devices
73
(iii) Spindle Motor
Spindle motors in magnetic devices
74
Spindle motors in optical storage devices
Self-assessment Questions
75
2.1.3 File Conversion and Numbering Formats
76
Decimal number system
× × ×
× ×
× × × ×
× × ×
× × × × × ×
=∑ ×
77
Binary Number System
× ×
× ×
× × ×
=∑ ×
78
Octal number system
79
Binary
Step Decimal Number
Number
Shortcut method - Binary to Octal
80
Shortcut method - Octal to Binary
81
Shortcut method - Hexadecimal to Binary
82
Self-assessment Questions
83
2.1.4 Windows Registry and Boot Process
Windows Registry
84
Root keys
85
Root Key Description
Registry Editors
86
Demonstrate the boot process
87
Self-assessment Questions
88
2.1.5 Hard Disk Drives and Removable Memory
Hard Disc Drive
Advantages Disadvantages
89
Media layer
Tracks
Cylinders
90
Sectors and clusters
Read/write heads
91
Removable Memory Devices
92
a) FTK
b) Moonsols
93
c) DD
d) Belka soft
EnCase
94
CAINE
Volatility
95
Self-assessment Questions
96
Summary
o
97
Terminal Questions
Answer Keys
Self-assessment Questions
Question No. Answer
98
Activity
99
Bibliography
e-References
Image Credits
100
External Resources
Video Links
Topic Link
101
Notes:
102
Chapter Table of Contents
Aim
Instructional Objectives
Learning Outcomes
103
2.2.1 Introduction to Forensics Data Recovery
1. Intentional action
2. Unintentional action
104
3. Disc failure
4. Natural disaster
5. Criminal action
105
Self-assessment Questions
106
2.2.2 Data Acquisition
1. Raw Format
107
Advantages
Disadvantages
Proprietary Formats
mat
Advantages
108
Disadvantages
109
Advantages
Types of acquisitions
Commonly used methods
110
111
112
113
A typical use example
114
(iii) Validating Data Acquisitions
Raid Types
115
RAID Acquisition methods
116
Self-assessment Questions
117
2.2.3 Data Deletion
Trash/Recycle bin
118
Physical damage
119
Physical Recovery Techniques
Logical damage
120
Overwritten data
121
.
File carving
122
Tips for data recovery
Data recovery software
123
Step 1
Step 2
124
Magnetic Force Microscopy (MFM)
125
Did you Know?
126
Self-assessment Questions
127
Summary
o
128
Abbreviation
129
Terminal Questions
130
Answer Keys
Self-assessment Questions
Question No. Answer
Activity
131
Bibliography
e-References
Image Credits
132
External Resources
Video Links
Topic Link
133
Notes:
134
Forensic
Techniques
Forensic Techniques
Module Description
Chapter Table of Contents
Aim
Instructional Objectives
Learning Outcomes
135
3.1.1 Introduction to Windows Forensic
136
(i) Windows File System
137
Block Entry
138
FAT16 FAT32 exFAT
139
140
2. Use data recover software to recover deleted files
141
Windows File Systems (MFT) attributes
Windows Registry
142
Windows Registry Structure
143
Windows Event Logs
Prefetch Files
144
Self-assessment Questions
145
3.1.3 Linux Forensics
146
(i) Linux File System
EXT2 features
Pros:
147
Cons:
Block Size 1k 2k 3k 4k
Pros
148
Cons:
149
Directory Structure
Quick Hits
Hidden Files
150
File Integrity Verification
Hash Databases
151
Tools
152
Self-assessment Questions
153
154
Wireless forensics
155
156
157
158
159
(iv) Procedures for Handling Handset Evidence
160
161
Self-assessment Questions
162
Summary
o
163
Terminal Questions
164
Answer Keys
Self-assessment Questions
Question No. Answer
Activity
165
Bibliography
e-References
166
External Resources
Video Links
Topic Link
167
Notes:
168
Chapter Table of Contents
Aim
Instructional Objectives
Learning Outcomes
169
3.2.1 Introduction
3.2.2 Steganography
170
Steganography
Technical Linguistic
Steganography Steganography
171
172
(i) Information Hiding
173
174
(ii) Cryptography
175
(iii) Algorithms in Steganography
176
Image Audio Video
• Image steganlysis • Audio steganalysis • Video steganalysis
algorithms study the algorithms are based algorithms are based
inter-pixel on some of the on the spatial and
dependencies that are characteristic aspects temporal
a characteristic of of audio data files redundancies of the
natural images. namely - distortion data signals inherent
measure of the audio in the video file,
signal, high order within individual
statistics, etc. frames and the inter-
frame level.
IMAGE STEGANALYSIS
Specific Generic
•The specific type, represents a •The generic type, represents a
category of image steganalysis category of image steganalysis
techniques that are dependent techniques that are not
on the underlying dependent on the underlying
steganographic algorithms steganographic algoritms used
used on the image. They have a for hiding the message. They
high success rate in detecting produce a good result while
the presence of a secret detecting the presence of a
message in the image, if the secret message hidden in the
message is concealed with the image using new or unusual
algorithms for which the steganographic algorithms.
techniques are meant.
177
AUDIO STEGANOGRAPHY
VIDEO STEGANALYSIS
EMBEDDING ALGORITHM
178
179
180
Self-assessment Questions
181
Dictionary Attack Software:
182
Cain and Abel:
183
Forensic Toolkit (FTK):
Crack:
Aircrack-ng:
184
Airodump-ng:
L0phtcrack:
Metasploit Project:
Ophcrack:
185
(ii) Brute Force
186
187
188
189
190
Self-assessment Questions
191
3.2.4 Email Tracking
(i) SMTP
192
(ii) POP3
193
(iii) IMAP
194
Self-assessment Questions
195
Summary
o
196
Terminal Questions
197
Answer Keys
Self-assessment Questions
Question No. Answer
198
Activity
199
Bibliography
e-References
Image Credits
External Resources
200
Video Links
Topic Link
201
Notes:
202
Cyber Law
Cyber Law
Module Description
Chapter Table of Contents
Aim
Instructional Objectives
Learning Outcomes
203
4.1.1 Introduction to Cyber Law
204
205
Sl.
Process Description
No.
206
1. Jurisdiction of case
3. Preservation
207
4. Examination
5. Evidence Analysis
208
209
210
211
Self-assessment Questions
212
4.1.2 Importance of Cyber Law
213
Self-assessment Questions
214
4.1.3 Corporate Espionage
215
Cyber Laws and impact on Corporates
216
217
Self-assessment Questions
218
4.1.4 Evidence Handling Procedure
Definition and Purpose
219
Phase Best Practice to be followed
220
221
222
223
224
Self-assessment Questions
225
Summary
o
226
Terminal Questions
227
Answer Keys
Self-assessment Questions
Question No. Answer
228
Activity
229
Bibliography
e-References
External Resources
230
Video Links
Topic Link
231
Notes:
232
Chapter Table of Contents
Aim
Instructional Objectives
Learning Outcomes
233
4.2.1 Introduction
234
Physical Context of the Digital Logical Context of the Digital
Evidence Evidence
235
Description of Evidence
Description of Item (Model, Serial #, Condition, Marks,
Item # Quantity
Scratches)
Chain of Custody
Item Released by Received by
Date/Time Comments/Location
# (Signature & ID#) (Signature & ID#)
236
What is the evidence?
237
Don’t work off the best evidence
Don’t produce the hardware in the court as evidence unless asked for
238
Method Description Advantages Disadvantages
239
240
Importance of Chain of Custody
Perspective Importance
241
Challenges to the Chain of Custody
242
The digital The exact location
The exact date-time
signature for each of where each
of where it was
piece of digital digital evidence is
accessed
evidence handled
243
Self-assessment Questions
244
4.2.3 Main Features of Indian Information
Technology Act 2008 (Amendment)
The Indian IT Act 2000
245
The ITA 2000 Oversight
246
2. Complicated licensing procedure for foreign CAs
247
>> Important Definitions added to the Ammendment
248
>>Examiner of Electronic Evidence created
Electronic authentication
249
250
Civil Provisions
Section 43 - Unauthorised Access
251
Adjudication of Civil offences
Criminal Provisions
Section 66:
252
`
`
`
`
253
`
`
254
255
Self-assessment Questions
256
Summary
o
257
Terminal Questions
258
Answer Keys
Self-assessment Questions
Question No. Answer
Activity
259
Case Study
ONLINE CREDIT CARD FRAUD ON E-BAY
260
Source:
Question and Answer:
261
Bibliography
e-References
Image Credits
262
External Resources
Video Links
Topic Link
263
Notes:
264