Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Sylvester - Gurpreet Digital Forensics

    Загружено:

    Sylvester Verma
    38 просмотров11 страниц
    DFT PPT

    Оригинальное название

    Sylvester - Gurpreet Digital Forensics PPT

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PPTX, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    DFT PPT

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    38 просмотров11 страниц

    Sylvester - Gurpreet Digital Forensics

    Загружено:

    Sylvester Verma
    DFT PPT

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPTX, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 11

    Digital Forensics

    By: Sylvester Verma


    Gurpreet Singh
    Introduction

    Why do we need digital forensics?

    2
    The specialized usage of modern computer
    forensics has been for the most part applied directly
    to efficiently prosecute a specified range of
    dangerous cybercriminals

    3
    The
    Investigation
    Model
    1. Acquire
    2. Assess
    3. Analyse
    4. Report

    4
    Investigation Model
    Below shows the investigation model, that has been broken
    down to advance the case

    5
    Assess
    Perhaps the most critical facet of successful computer
    forensic investigation is a rigorous, detailed plan for
    acquiring evidence. Extensive documentation is needed
    prior to, during, and after the acquisition process; detailed
    information must be recorded and preserved, including all
    hardware and software specifications, any systems used in
    the investigation process, and the systems being
    investigated.

    • General guidelines for preserving evidence include the


    physical removal of storage devices, using controlled boot
    discs to retrieve sensitive data and ensure functionality,
    and taking appropriate steps to copy and transfer
    evidence to the investigator’s system.
    • Acquiring evidence must be accomplished in a manner
    both deliberate and legal. Being able to document and
    authenticate the chain of evidence is crucial when
    pursuing a court case, and this is especially true for
    computer forensics given the complexity of most
    cybersecurity cases.
    6
    Collection / Aquire
    Prior to continuing with the examination, for all intents and
    purposes general fairly aggregate guidelines must definitely
    be built up ahead of time and entirely literally clung to
    from the start, which really is quite significant

    • Analogous to crime scene in the “real world”


    • Goal is to recover as much evidence
    without altering the crime scene
    • Investigator should document as much
    as possible
    • Maintain Chain of Custody

    7
    Analysis and Evaluation
    The examiner may need to use numerous forensic tools to
    acquire and analyze data residing in the machine

    • Know where evidence can be found


    • Understand techniques used to hide or “destroy”
    digital dataToolbox of techniques to discover hidden
    data and recover “destroyed” dataCope with HUGE
    quantities of digital data…Ignore the irrelevant,
    target the relevantThoroughly
    • understand circumstances which may make
    “evidence” unreliableIf you have a hard drive with a
    broken sector that gives different result, what
    happens when you hash the entire drive?

    8
    Reporting
    In addition to fully documenting information related to
    hardware and software specs, computer forensic
    investigators must keep an accurate record of all activity
    related to the investigation, including all methods used for
    testing system functionality and retrieving, copying, and
    storing data, as well as all actions taken to acquire, examine
    and assess evidence.

    • As the purpose of the entire process is to acquire data


    that can be presented as evidence in a court of law, an
    investigator’s failure to accurately document his or her
    process could compromise the validity of that evidence
    and ultimately, the case itself.
    • For computer forensic investigators, all actions related to a
    particular case should be accounted for in a digital format
    and saved in properly designated archives. This helps
    ensure the authenticity of any findings by allowing these
    cybersecurity experts to show exactly when, where, and
    how evidence was recovered.

    9
    Conclusion
    Now more than ever, cybersecurity experts in this critical
    role are helping government and law enforcement
    agencies, corporations and private entities improve their
    ability to investigate various types of online criminal activity
    and face a growing array of cyber threats head-on.
    IT professionals who lead computer forensic investigations
    are tasked with determining specific cybersecurity needs
    and effectively allocating resources to address cyber
    threats and pursue perpetrators of said same.
    A master’s degree in information security and assurance
    has numerous practical applications that can endow IT
    professionals with a strong grasp of computer forensics and
    practices for upholding the chain of custody while
    documenting digital evidence.
    Individuals with the talent and education to successfully
    manage computer forensic investigations may find
    themselves in a highly advantageous position within a
    dynamic career field.

    10
    ThankYou
    Sylvester Verma, Gurpreet Singh

    Вам также может понравиться