COMPUTER FORENSICS

What is computer Forensics?

“Computer Forensics is the process of identifying,

preserving, analyzing and presenting the digital
evidence in such a manner that the evidences are
legally acceptable”.
CHARECTERISTICS OF
COMPUTER FORENSICS

 IDENTIFYING
 PRESERVING
 ANALYZING
 PRESENTING
NEEDS OF COMPUTER FORENSICS

 To produce evidence in the court that can lead to the

punishment of the actual.
 To ensure the integrity of the computer system.
 To focus on the response to hi-tech offenses, started to
interview.
DIGITAL EVIDENCE

“Any data is recorded or preserved on my medium in

or by a computer system or other similar device, that
can be read or understand by a person or a computer
system or other similar device. It includes a display,
print out or other output of that data.”
TYPES OF DIGITAL EVIDENCE

 PERSISTANT DATA
- Meaning data that remains intact when the computer is turned off.
hard drives, disk drives and removable storage devices (such as USB
drives or flash drives).

 VOLATILE DATA
- which is data that would be lost if the computer is turned off.
files, computer history, the computer’s registry, temporary files and
web browsing history.
TOP 10 LOCATION FOR EVIDENCE
1. Internet History Files
2. Temporary Internet Files
3. Slack/Unallocated Space
4. Buddy lists, personal chat room records, P2P, others saved areas
5. News groups/club list/posting
6. Settings, folder structure, file names
7. Files Storage Dates
8. Software/Hardware added
9. Files Sharing ability
10.E-mails
APPLICATIONS OF COMPUTER
FORENSICS
 FINACIAL FRAUD DETECTION
CRIMINAL PROSECUTION
CIVIL LITIGATION
CORPORATE SECURITY POLICY AND
ACCEPTABLES USE VIOLATIONS
Skills Required for Computer
Forensics Application
o Programming or computer-related experience
o Broad understanding of operating systems and applications
o Strong analytical skills
o Strong computer science fundamentals
o Strong system administrative skills
o Knowledge of the latest intruder tools
o Knowledge of cryptography and steganography
o Strong understanding of the rules of evidence and evidence handling
o Ability to be an expert witness in a court of law