Scribd Logo
Upload

Welcome to Scribd!

  • Digital Forensic: Universitas Jember

    Uploaded by

    Lukman Hadiyatulloh
    8 views20 pages
    Digital forensics involves recovering and examining digital evidence from electronic devices to aid legal investigations. It is defined as using computer science to gather electronic data and information for use as legal evidence. A digital forensics expert can restore deleted files and data from computers, phones, USB drives and other media using specialized tools. The expert carefully recovers active files, deleted files, hidden files and encrypted files while maintaining the integrity of the evidence. Recovered data includes files, passwords, photos, emails and other information that can help investigations into crimes, disputes and other legal matters.

    Original Description:

    Original Title

    1

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Digital forensics involves recovering and examining digital evidence from electronic devices to aid legal investigations. It is defined as using computer science to gather electronic data and information for use as legal evidence. A digital forensics expert can restore deleted files and data from computers, phones, USB drives and other media using specialized tools. The expert carefully recovers active files, deleted files, hidden files and encrypted files while maintaining the integrity of the evidence. Recovered data includes files, passwords, photos, emails and other information that can help investigations into crimes, disputes and other legal matters.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views20 pages

    Digital Forensic: Universitas Jember

    Uploaded by

    Lukman Hadiyatulloh
    Digital forensics involves recovering and examining digital evidence from electronic devices to aid legal investigations. It is defined as using computer science to gather electronic data and information for use as legal evidence. A digital forensics expert can restore deleted files and data from computers, phones, USB drives and other media using specialized tools. The expert carefully recovers active files, deleted files, hidden files and encrypted files while maintaining the integrity of the evidence. Recovered data includes files, passwords, photos, emails and other information that can help investigations into crimes, disputes and other legal matters.

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    Digital Forensic

    Yanuar Nurdiansyah S.T., M.Cs.


    M. Arief Hidayat M.Kom.

    Program Studi Sistem Informasi


    Universitas Jember
    Forensic
     the application of a broad spectrum of
    sciences to answer questions of interest
    to a legal system
    Forensic
    Forensic
    Technical Definition: Digital Forensics
    “Tools and techniques to recover, preserve, and examine digital
    evidence on or transmitted by digital devices.”

    PLUS data recovery


    Quick Facts
     More than 90% of today’s information is created and stored or
    processed electronically.
     More than 70% are never printed or produced into a hard copy
     Information can be erased, moved around, or hidden with ease.
     A good forensic examiner can restore or find this missing
    information.
    Definition
     Using computer science to aid in the
    legal process and to conduct
    investigations.
     Gathering data for evidence
     Aid police investigations
     Recover data
     Provide testimony in court
     Gather any other information that
    can be found on a digital or
    electronic media.
     Information gathered can be audio,
    video, or graphical.
    Devices
     Computer systems
     PDAs
     Cell phones
     USB drives
     CD-ROMs
     Laptops
     Any other storage media
    When is digital forensics used?
     Property disputes
     Contract disputes
     Fraud or embezzlement
     Wrongful termination
     Sexual harassment suits
     Medical malpractice
    What do they do?
     Forensics experts extract both visible and invisible computer data.
     More than simply data recovery:
     Locate data throughout the system
     Recover data
     Responsible for maintaining the integrity of the information found, preventing
    damage, data corruption, or virus exposure. (All data must be acceptable for use in a
    court of law.)
     Results of forensic investigation must be reproducible in such a way that the
    information is authenticated and reliable
     Work closely with law enforcement, government officials, and attorneys.
     Must be well-versed in relevant case law.
    Data Recovery
     A skilled forensic worker can recover
    all of the files on a computer or
    storage device.
     Active files
     Invisible files
     Deleted but remaining files
     Hidden files
     Encrypted files
     Pass-word protected files
     Most information that is gathered is
    undetectable or unviewable to the
    average computer user.
    Data Recovered
     Digital forensic practitioners are generally concerned with three
    types of data:
     Active data: information that is readily available and easily
    accessed on the computer. Ex: Programs, files, and other data used
    by the operating system.
     Archival data: data that has been backed up and stored. Ex: hard
    disks, cd’s, USB drives
     Latent or Ambient data: data that requires special tools or skills to
    retrieve. Ex: data that has been overwritten or deleted
    Steps for Investigating an Electronic
    Device
    Step 1
     All files that have been deleted or have not yet been overwritten
    are recovered.
     Computers constantly write data to the hard drive when in use. The
    operating system over writes data on the hard drive that is no longer
    needed or used.
     This data can be retrieved if not completely overwritten.
    Step 2
     All data found in special or
    inaccessible areas of the device
    are analyzed.
     Areas of disk that are not
    currently in use, but have had
    data previously stored on them.
     Slack Space- unused space at
    end of file where previously
    created information could be
    stored
    Final Step
    Report the analysis of the device or system
     Provide copies of data collected
     Arranged into support for legal theories or strategies.
    Often provide expert testimony or advice when
    necessary.
    Tools Used
     Light analyzers
     Tools that analyze lighting allow
    forensics practitioners to determine
    if a photo has been tampered with
     Win Hex
     Data Recovery
     Microsoft Log Parser
     Extract information of almost any
    format
     PMDump
     Dumps memory contents of a
    process into a file without stopping
    the procedure (Windows).
    Famous Cases
     Dennis Rader
     Known as BTK killer in Wichita, KS area.
     Murdered 10 people between 1974 and
    1991.
     Communicated with police through
    letters for years. Sent a message on a
    floppy disk in February 2005.
     Examination of the disk’s properties
    revealed the words “Dennis” and “Christ
    Lutheran Church.”
     DNA tests confirmed him a match and he
    was arrested 9 days later.
     Rader was planning his first murder since
    1991.
    Conclusion
    Digital forensics is a very high tech field
    Can be expensive
    Has immense potential in law enforcement, and
    especially in the future of law enforcement.
    Field grows in leaps and bounds every day.
    REF
    http://web.presby.edu/~phmeeker/classes/pc/CSC201/Projects/Brett
    %20Garrison%20Digital%20Forensics.ppt
    TERIMA KASIH

    You might also like