Digital forensics involves recovering and examining digital evidence from electronic devices to aid legal investigations. It is defined as using computer science to gather electronic data and information for use as legal evidence. A digital forensics expert can restore deleted files and data from computers, phones, USB drives and other media using specialized tools. The expert carefully recovers active files, deleted files, hidden files and encrypted files while maintaining the integrity of the evidence. Recovered data includes files, passwords, photos, emails and other information that can help investigations into crimes, disputes and other legal matters.
Digital forensics involves recovering and examining digital evidence from electronic devices to aid legal investigations. It is defined as using computer science to gather electronic data and information for use as legal evidence. A digital forensics expert can restore deleted files and data from computers, phones, USB drives and other media using specialized tools. The expert carefully recovers active files, deleted files, hidden files and encrypted files while maintaining the integrity of the evidence. Recovered data includes files, passwords, photos, emails and other information that can help investigations into crimes, disputes and other legal matters.
Digital forensics involves recovering and examining digital evidence from electronic devices to aid legal investigations. It is defined as using computer science to gather electronic data and information for use as legal evidence. A digital forensics expert can restore deleted files and data from computers, phones, USB drives and other media using specialized tools. The expert carefully recovers active files, deleted files, hidden files and encrypted files while maintaining the integrity of the evidence. Recovered data includes files, passwords, photos, emails and other information that can help investigations into crimes, disputes and other legal matters.
Universitas Jember Forensic the application of a broad spectrum of sciences to answer questions of interest to a legal system Forensic Forensic Technical Definition: Digital Forensics “Tools and techniques to recover, preserve, and examine digital evidence on or transmitted by digital devices.”
PLUS data recovery
Quick Facts More than 90% of today’s information is created and stored or processed electronically. More than 70% are never printed or produced into a hard copy Information can be erased, moved around, or hidden with ease. A good forensic examiner can restore or find this missing information. Definition Using computer science to aid in the legal process and to conduct investigations. Gathering data for evidence Aid police investigations Recover data Provide testimony in court Gather any other information that can be found on a digital or electronic media. Information gathered can be audio, video, or graphical. Devices Computer systems PDAs Cell phones USB drives CD-ROMs Laptops Any other storage media When is digital forensics used? Property disputes Contract disputes Fraud or embezzlement Wrongful termination Sexual harassment suits Medical malpractice What do they do? Forensics experts extract both visible and invisible computer data. More than simply data recovery: Locate data throughout the system Recover data Responsible for maintaining the integrity of the information found, preventing damage, data corruption, or virus exposure. (All data must be acceptable for use in a court of law.) Results of forensic investigation must be reproducible in such a way that the information is authenticated and reliable Work closely with law enforcement, government officials, and attorneys. Must be well-versed in relevant case law. Data Recovery A skilled forensic worker can recover all of the files on a computer or storage device. Active files Invisible files Deleted but remaining files Hidden files Encrypted files Pass-word protected files Most information that is gathered is undetectable or unviewable to the average computer user. Data Recovered Digital forensic practitioners are generally concerned with three types of data: Active data: information that is readily available and easily accessed on the computer. Ex: Programs, files, and other data used by the operating system. Archival data: data that has been backed up and stored. Ex: hard disks, cd’s, USB drives Latent or Ambient data: data that requires special tools or skills to retrieve. Ex: data that has been overwritten or deleted Steps for Investigating an Electronic Device Step 1 All files that have been deleted or have not yet been overwritten are recovered. Computers constantly write data to the hard drive when in use. The operating system over writes data on the hard drive that is no longer needed or used. This data can be retrieved if not completely overwritten. Step 2 All data found in special or inaccessible areas of the device are analyzed. Areas of disk that are not currently in use, but have had data previously stored on them. Slack Space- unused space at end of file where previously created information could be stored Final Step Report the analysis of the device or system Provide copies of data collected Arranged into support for legal theories or strategies. Often provide expert testimony or advice when necessary. Tools Used Light analyzers Tools that analyze lighting allow forensics practitioners to determine if a photo has been tampered with Win Hex Data Recovery Microsoft Log Parser Extract information of almost any format PMDump Dumps memory contents of a process into a file without stopping the procedure (Windows). Famous Cases Dennis Rader Known as BTK killer in Wichita, KS area. Murdered 10 people between 1974 and 1991. Communicated with police through letters for years. Sent a message on a floppy disk in February 2005. Examination of the disk’s properties revealed the words “Dennis” and “Christ Lutheran Church.” DNA tests confirmed him a match and he was arrested 9 days later. Rader was planning his first murder since 1991. Conclusion Digital forensics is a very high tech field Can be expensive Has immense potential in law enforcement, and especially in the future of law enforcement. Field grows in leaps and bounds every day. REF http://web.presby.edu/~phmeeker/classes/pc/CSC201/Projects/Brett %20Garrison%20Digital%20Forensics.ppt TERIMA KASIH