Introduction to Digital Forensics PDF
Document Details
Uploaded by SmoothestFuturism
RGC Upeksha
Tags
Summary
This document provides an introduction to digital forensics. It covers the background of digital forensics and its importance in today's society. The document details the different types of evidence and the various categories of digital forensics. It also explains core concepts as well as some common techniques for working with the data.
Full Transcript
Introduction to Digital Forensics RGC Upeksha 1 Background Forensics and Evidence What is Digital Forensics ? Outline Digital Evidence Types of Digital Forensics Applications of Digital Forensics...
Introduction to Digital Forensics RGC Upeksha 1 Background Forensics and Evidence What is Digital Forensics ? Outline Digital Evidence Types of Digital Forensics Applications of Digital Forensics 2 Background, 1 Cyber activity has become a significant portion of everyday life of general public. Thus, the scope of crime investigation has also been broadened. (source: Casey, Eoghan, Digital Evidence and Computer Crime: Forensic Science, Computer and the Internet,Academic Press, 2000.) Computers and networks have been widely used for enterprise information processing. E-Commerce, such as B2B, B2C and C2C, has become a new business model. More and more facilities are directly controlled by computers. 3 Background, 2 As the society has become more and more dependent on computer and computer networks. The computers and networks may become targets of crime activities, such as thief, vandalism, espionage, or even cyber war. 85% of business and government agencies detected security breaches. (Source:http://www.smh.com.au/icon/0105/02/news4.html.) FBI estimates U.S. losses at up to $10 billion a year. (Source: Sager, Ira, etc, “Cyber Crime”, Business Week, February, 2000.) 4 Background, 3 In early 1990s, the threats to information systems are at approximately 80% internal and 20% external. With the integration of telecommunications and personal computers into the internet, the threats appear to be approaching an equal split between internal and external agents. (Source: Kovacich, G. L., and W. C. Boni, 2000, High-Technology Crime Investigatot’s Handbook, Butterworth Heinemann, p56.) 5 Forensics and Evidences, 1 Forensics is the application of scientific methods to investigate crimes and gather evidence. The goal of forensics is to provide objective evidence that can be used in legal proceedings. Evidence is anything that can be used to prove or disprove a fact. In forensics, evidence can take many forms, including: Physical evidence Testimonial evidence Documentary evidence 6 Forensics and Evidences, 2 The Role of Forensics in the Legal System Forensic experts play a crucial role in the legal system by providing evidence that can be used to: Identify suspects Prove guilt or innocence Reconstruct the crime scene 7 What is Digital Forensics ? ,1 Digital forensics is the scientific process of identifying, preserving, analyzing, and presenting digital evidence in a court of law. It involves the examination of digital media devices such as computers, smartphones, servers, and storage devices. 8 What is Digital Forensics ? ,2 Key Phases of Digital Forensics: Identification: Recognizing and identifying potential sources of digital evidence. Preservation: Ensuring the integrity of the evidence by making a copy and preventing alteration. Acquisition: Extracting data from the digital device using specialized tools. Analysis: Examining the extracted data for relevant information or patterns. Presentation: Preparing a detailed report or testimony to present the findings in a court of law. 9 Digital Evidence Definition Digital data that can establish that a crime has been committed or can provide a link between a crime and its victim or a crime and its perpetrator. (source: Casey, Eoghan, Digital Evidence and Computer Crime: Forensic Science, Computer and the Internet, Academic Press, 2000.) Categories Text Audio Image Video 10 Types of Digital Forensics Digital forensics can be categorized based on the specific type of digital evidence being examined Computer Forensics Mobile Device Forensics Network Forensics Database Forensics Cloud Forensics Internet Forensics Memory Forensics Digital Audio and Video Forensics 11 Computer Forensics Computer forensics involves the examination of computers and other digital devices to recover and analyze digital evidence. Types of Digital Evidence in Computer Forensics Files Metadata Registry entries System logs Network traffic Temporary files Deleted files Hidden files 12 Mobile Device Forensics Mobile device forensics involves the examination of smartphones, tablets, and other mobile devices to recover and analyze digital evidence.. Types of Digital Evidence in Mobile Device Forensics Call logs Text messages Multimedia files Contacts Calendar events App data Browser history Location data Wi-Fi and Bluetooth connections SIM card data 13 Network Forensics Network forensics involves the examination of network traffic to identify and investigate security incidents, cybercrimes, and other network-related issues. Types of Digital Evidence in Network Forensics Network packets Network logs Firewall logs Intrusion detection system (IDS) logs DNS logs Web server logs Email server logs 14 Cloud Forensics Cloud forensics involves the investigation of digital evidence stored in cloud-based environments, such as cloud storage, cloud applications, and cloud infrastructure. Types of Digital Evidence in Cloud Forensics Cloud logs API logs Virtual machine images Cloud storage data Cloud application data Network traffic 15 Common Digital Forensic Techniques,1 General Techniques Data Carving: Recovering deleted or fragmented files. File System Analysis: Examining the structure and organization of a file system. Digital Watermarking: Identifying ownership or copyright information embedded within digital content. Steganography: Detecting hidden messages embedded within other files. Hashing: Creating a unique digital fingerprint of a file to verify its integrity. 16 Common Digital Forensic Techniques,2 Mobile Device Forensics Physical Extraction: Extracting data directly from the device's storage. Logical Extraction: Extracting data from a backup or using a forensic tool to access the device's file system. Chip-off Extraction: Removing the device's flash memory chip and analyzing it in a laboratory. SIM Card Analysis: Examining data stored on the SIM card. App Data Extraction: Extracting data stored by installed applications. 17 Common Digital Forensic Techniques,3 Network Forensics Packet Capture: Capturing network traffic using tools like Wireshark or tcpdump. Protocol Analysis: Analyzing network protocols to identify suspicious activity. Flow Analysis: Analyzing the flow of data between network devices. Port Scanning: Identifying open ports on a network to detect vulnerabilities. Intrusion Detection: Using IDS tools to detect and investigate suspicious activity. 18 Common Digital Forensic Techniques,3 Cloud Forensics Cloud Data Acquisition: Obtaining cloud data through legal processes or cooperation with cloud providers. Cloud Data Analysis: Analyzing cloud data for evidence of security breaches, fraud, or other incidents. Cloud API Analysis: Analyzing API logs to identify suspicious activity. Virtual Machine Forensics: Examining virtual machine images for evidence. 19 Common Digital Forensic Techniques,4 Computer Forensics Registry Analysis: Analyzing the Windows Registry for configuration changes or suspicious activity. System Log Analysis: Analyzing system logs for evidence of security incidents or unauthorized access. Artifact Analysis: Examining various types of digital artifacts, such as temporary files, cookies, and browser history. Disk Imaging: Creating an image of a hard drive or other storage device for forensic analysis. 20 Tool Type of Forensics Forensics Steps Cellebrite Physical Analyzer Mobile Device Forensics Acquisition, Analysis ElcomSoft Phone Breaker Mobile Device Forensics Acquisition, Analysis MobiLab Forensic Mobile Device Forensics Acquisition, Analysis, Presentation Oxygen Forensic Analyzer Mobile Device Forensics Analysis, Presentation XRY Mobile Device Forensics Acquisition, Analysis Digital Wireshark Network Forensics Acquisition, Analysis, Presentation Tcpdump Network Forensics Acquisition Snort Network Forensics Detection, Analysis Suricata Network Forensics Detection, Analysis NetWitness Investigator Network Forensics Analysis, Presentation Forensic Corelight Zeek Network Forensics Analysis, Presentation Cloud Witness Cloud Forensics Acquisition, Analysis, Presentation CloudSherlock Cloud Forensics Acquisition, Analysis, Presentation CloudForensics Cloud Forensics Acquisition, Analysis, Presentation Cloud Examiner Cloud Forensics Analysis Tools Cloud Investigator Cloud Forensics Analysis, Presentation CloudMapper Cloud Forensics Analysis Volatility Memory Forensics Acquisition, Analysis Rekall Memory Forensics Acquisition, Analysis WinDbg Memory Forensics Analysis The Sleuth Kit (TSK) General-purpose Acquisition, Analysis, Presentation EnCase General-purpose Acquisition, Analysis, Presentation FTK Imager General-purpose Acquisition Autopsy General-purpose Acquisition, Analysis, Presentation Recuva General-purpose Recovery 21 Applications of Digital Forensics Cybercrime Investigation Intellectual Property Theft Corporate Espionage Legal Disputes Incident Response 22
