An Introduction to Digital Forensics

Submitted by: Afroz khan Neelam sharma Sneha jain

this devices include computers. cellular phones etc. Digital forensics is the application of computer investigation and analysis techniques in the interests of determining potential legal evidence .Digital forensics  Digital forensics is a branch of forensic science encompassing the recovery and investigation of material found in digital devices .  . PDAs.

Digital forensics  The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover all devices capable of storing digital data . .

Examples of Digital Evidence        Computers increasingly involved in criminal and corporate investigations Digital evidence may play a supporting role or be the ³smoking gun´ Email  Harassment or threats  Blackmail  Illegal transmission of internal corporate documents Meeting points/times for drug deals Suicide letters Technical data for bomb making Evidence of inappropriate use of computer resources or attacks  Use of a machine as a spam email generator  Use of a machine to distribute illegally copied software .

Forensics are categorization The technical side of investigations is divided into several sub-branches like« ‡ Computer forensics ‡ Network forensics ‡ Database forensics ‡ Mobile device forensics .

legal evidence or intrusion detection. Traffic is intercepted (usually at the packet level) and either stored for later analysis with specialist tools or filtered in real time for relevant information. .Network forensics   Network forensics relates to the monitoring and analysis of computer network (both local network and WAN/internet) traffic for the purposes of information gathering.

Network forensics  The digital forensic process encompasses the seizure. . Finally producing a report of the digital evidence & then computer devices tend to store large amounts of information in cache/log files and deleted space and forensic examiners can recover this data as part of the analysis process. forensic imaging (acquisition) and analysis of digital media.

porn.Investigations & Result  Intrusion  The investigation should answer data theft or misuse ‡ gathering evidence for other legal cases (warez. . blackmail..) ‡ intelligence ‡ ‡ ‡ ‡ who did what when .

network. etc) .Secure and investigate the scene   None intrusive physical location  Network topology  IP addresses  state of the computer or device ( power on/off.

IP addresses. mount points or volumes ‡ hardware ‡ User and groups ‡ Port Scan from external compare to net stat output ‡ running processe . OS and version ‡ system time! ‡ uptime ‡ file system.Gather information  Information about the victim Name.

or ³sniffs. But when a packet sniffer is set up on a computer. As data streams back and forth on the network. a computer only looks at packets addressed to it and ignores the rest of the traffic on the network. Normally. A packet is a part of a message that has been broken up.What is Packet Sniffer ? ‡ ‡ A packet sniffer is a program that can see all of the information passing over the network it is connected to. the program looks at.´ each packet. the sniffer¶s network interface is set to promiscuous mode. This means that it is looking at everything that comes through. .

Unfiltered ± captures all of the packets 2. Filtered ± captures only those packets containing specific data elements .Packet Sniffer  A packet sniffer can usually be set up in one of two ways: 1.

Advantage of the system ‡ ‡ ‡ ‡ ‡ ‡ Analyze network problems Detect network intrusion attempts Detect network misuse by internal and external users Gain information for effecting a network intrusion Isolate exploited systems Monitor network usage (including internal and external users and systems) ‡ Monitor data-in-motion .

Technology used  S/w used JpCap0.S  H/W used RAM Wireless Network NIC Card ‡ ‡ ‡ ‡ ‡ ‡ ‡ .6 WinpCap Internet Explor Windows O.

both the ones destined to the machine where it's running and the ones exchanged by other hosts (on shared media) 2) filter the packets according to user-specified rules before dispatching them to the application 3) transmit raw packets to the network 4) gather statistical information on the network traffic   . it provides facilities to:1) capture raw packets.What is WinPcap WinPcap is an open source library for packet capture and network analysis for the Win32 platforms. The purpose of WinP cap is to give this kind of access to Win32 applications.

troubleshooting. security and monitoring.What kind of programs use WinPcap ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ ‡ The WinPcap programming interface can be used by many types of network tools for analysis. In particular. classical tools that rely on WinPcap are: network and protocol analyzers network monitors traffic loggers traffic generators user-level bridges and routers network intrusion detection systems (NIDS) network scanners security tools .

This project will recovery and investigation of material found in digital devices. often in relation to computer crime .CONCLUSTION   This project gives you each and every information about the packet that you have send through the network.

Sign up to vote on this title
UsefulNot useful