Академический Документы
Профессиональный Документы
Культура Документы
FORENSICS
COMPUTER
FORENSICS
WHAT IS COMPUTER FORENSICS
Identifying
Preserving
Analyzing
Presenting
NEEDS OF COMPUTER FORENSICS
While conducting a
transaction
11%
43%
3%
;
;
; 13%
;
19%
CYBERCRIME : TOP 20 COUNTRIES
U.S.A
Cyber Crime Rate 23%
china 9%
Germany 6%
Britain 5%
Brazil 4%
Spain 4%
Italy 3%
France 3%
Turkey 3%
Poland 3%
India 3%
Russia 2%
Canada 2%
South Korea 2%
Taiwan 2%
Japan 2%
Mexico 2%
Argentina 1%
Australia 1%
Israel 1%
0% 5% 10% 15% 20% 25%
1. Admissible
2. Authentic
3. Complete (no tunnel vision)
4. Reliable
5. Believable
TOP 10 LOCATION FOR EVIDENCE
1) Internet History Files
2)Temporary Internet Files
3)Slack/Unallocated Space
4)Buddy lists, personal chart room records, others saved areas
5)News groups/club lists/posting
6)Settings, folders structure, file names
7)File storage Dates
8)Software/Hardware added
9)Files Sharing ablity
10)E-mails
METHODOLOGY
1) Shut Down the Computer
2) Document the Hardware Configuration of the System
3) Transport the Computer System to a secure Location
4) Make Bit Stream Backups of Hard Disks and Floppy
Disks
5) Mathematically Verify Data on All Storage Devices
6) Document the System Data and Time
7) Make a List of Key Search Words
CONTD…
8) Evaluate the Windows Swap Files
9) Evaluate File Slack
10)Evaluate Unallocated Space (Erased Files)
11)Search Files, File Slack and unallocated Space for Key Words
12)Document Files Names, Dates and Times
13)Identity Files, Program and Storage Anomalies
14)Evaluate Program Functionally
15)Document Your Findings
APPLICATIONS