ch1.pdf

Full Transcript

Digital Forensics

Chapter 1
 Learning Objectives
introduction to Computer Forensics:

Provide general information about digit forensics,

Importance in the investigation of digital crimes.

the steps of forensic investigation
 What is Computer Forensics?

Computer forensics is the scientific examination
and analysis of data held on, or retrieved

from, computer storage media in such a way

that the information can be used as evidence

in a court of law.
 Computer forensics activities
Computer forensics activities commonly include:
The secure collection of computer data
Identifying suspicious data
Examining suspicious data to determine details such as
source and content
Presenting computer information to courts For law
Applying the laws of a country to computer practice.
 Basic methodology in computer
forensics
The basic methodology consists of the 3 As:
– Acquire the evidence without altering or damaging
the original

– Authenticate the image
– Analyze the data without modifying it
 What is Digital forensics

Digital forensics is a branch of forensic science
that focuses on identifying, acquiring,
processing, analyzing, and reporting on data
stored electronically.
 What is forensic investigation?
What is forensic investigation?

Forensics is the scientific method used to solve a crime.

Forensic investigation is the gathering and analysis of all
crime-related physical evidence to conclude ‫ استنتاج‬a suspect.

To determine how a crime occurred

investigators will examine blood, fluid, or fingerprints,

residue ‫البقايا‬, hard drives, computers, or other technology.
 Process of Digital forensics

Digital forensics entails the following steps:

Identification

Preservation

Analysis

Documentation

Presentation
 Other Definition
What is Digital evidence ?

Digital evidence is information stored or transmitted in binary form that

may be relied ‫ االعتماد عليها‬on in court.

What is Digital crime Cybercrime ?

Cybercrime is any criminal activity that involves a computer, networked

device or a network.
Process of Digital forensics
 Process of Digital forensics
1-Identification
It is the first step in the forensic process.
The identification process mainly includes things like what
evidence is present, where it is stored, and lastly, how it is
stored (in which format).
Electronic storage media can be personal computers, Mobile
phones, PDAs, etc.
 Process of Digital forensics

2- Preservation
In this phase, data is isolated, secured, and
preserved.
It includes preventing people from using the
digital device so that digital evidence is not
tampered with.
‫( ى‬
) ‫حت ال يتم العبث فيها‬
 Process of Digital forensics

3- Analysis
In this step, investigation agents
reconstruct ‫اعادة بناء أجزاء البيانات‬ fragments of data and
draw conclusions based on evidence
‫واستخالص النتائج‬

found.
 Process of Digital forensics
4- Documentation
In this process, a record of all the visible data must
be created.

It helps in recreating the crime scene ‫ مرسح الجريمة‬and
reviewing it.
It Involves proper documentation of the crime scene
along with photographing, sketching, and crime-
scene mapping.
 Process of Digital forensics

5- Presentation
In this last step, the process of summarization and
explanation of conclusions is done.
 Types of Digital Forensics
1. Disk Forensics: It deals with extracting data from
storage media by searching active, modified, or
deleted files.
2. Network Forensics: It is related to monitoring
and analysis of computer network traffic to
collect important information and legal
evidence.
3. Wireless Forensics: The main aim of wireless forensics
is to offers the tools need to collect and analyze the
data from wireless network traffic.
 Types of Digital Forensics

4 -Database Forensics : It is a branch of digital forensics relating to
the study and examination of databases and their relate metadata.

5 -Malware Forensics : This branch deals with the identification of
malicious code, to study their payload ‫دراسة رتأثيها‬, viruses, worms, etc.

6 -Email Forensics : Deals with recovery and analysis of emails,
including deleted emails, calendars, and contacts.
 Types of Digital Forensics
7 -Memory Forensics:

It deals with collecting data from system memory (system registers,
cache, RAM).

8 -Mobile Phone Forensics:

It mainly deals with the examination and analysis of mobile devices.

It helps to retrieve ‫اسيداد‬
‫ ر‬phone and SIM contacts, call logs, incoming,

and outgoing SMS/MMS, Audio, videos, etc.
 Advantages of digital forensics
Advantages of digital forensics

1. Allows analysis of digital evidence.

2. Helps identify criminals.

3. It can be used to recover deleted data.

4. Provides insight into how crimes are
committed.‫يوفر نظرة ثاقبة حول كيفية ارتكاب الجرائم‬

5. They can be used to prevent future crimes.
 Disadvantages of digital forensics
Disadvantages of digital forensics

1. Time-consuming process.

2. Requires specialized skills and knowledge.

3. Can be expensive.

4. May require court order to obtain evidence.

5. Evidence can be easily destroyed or tampered‫ العبث به‬with.
 Examples of digital crimes
Digital crimes include:

Theft of computer services.

Unauthorized access to protected computers.

Hacking software and changing or stealing electronically stored
information.

Extortion committed with the help of computers.‫االبياز المرتكب بمساعدة أجهزة الكمبيوتر‬
‫رز‬

Getting unauthorized access to records from banks, credit card companies
or customer reporting agencies ‫وكاالت اإلبالغ عن العمالء‬, trading ‫ االتجار‬in stolen
passwords and transmitting viruses or destructive commands.
 SUMMARY
introduction to Computer Forensics:

Provide general information about digit forensics,

Importance in the investigation of digital crimes.

the steps of forensic investigation