Scribd
Upload
7 views4 pages

What Is Computer Forensics

introduction

Uploaded by

Idrissa Saleh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
7 views4 pages

What Is Computer Forensics

introduction

Uploaded by

Idrissa Saleh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

What is computer forensics?

Set of operational procedures and techniques that help investigators

 Identify
 Gather
 Preserve
 Extract
 Interpret
 Documentation and presentation evidence

Why computer forensics


 Find and prosecutor perpetrator of cyber crimes
 Minimize the losses to an organization
 Gather evidence of cyber crime in a forensically sound manner
 Determine the impact of the perpetrator
 Protect the enterprise from future incidents (lessons learned)

When Do You need computer forensics


 When a breach has occurred
 Act against copyright infringement
 Minimize the damage to your enterprise resources
 Part of your incident response plan

Categories of Computer crime


When it comes to cyber-crimes, we can have internal or external attacks

Internal

 Disgruntled employees inside the enterprise

External

 Attacks or malicious actors from outside the enterprise perimeter

Categories of cyber crime


Internal attacks

 Espionage
 Manipulation of data records
 Leak of theft of proprietary information

External Attacks

 Phishing attempts
 Brute force
 Injection attacks like sql or xss
Challenges
Investigating cyber crime come with its own set of unique challenges for a forensic investigator

Volatile evidence

 Some digital evidence is highly volatile and we have to act fast

Speed

 Cyber crimes are fast by nature, moving data around the world in seconds

Anonymity

 Easy to be someone else online

Other challenges

Laws

Different jurisdictions as attackers can hurt us from different countries

Size of evidence

 Can be terabytes of data to collect and sift through

Anti-Digital forensics (ADF)

 Think like anti-virus but this is used by the bad guys to defeat forensics

Internal or Administrative Investigation


Usually for some internal activities by employee

 Policy violation
 Harassment
 Misusing of company resources

Not uncommon to be handled internally; Not a criminal action

 Suspension
 Change job role, demotion
 Termination

Civil vs Criminal
Civil cases involve two or more parties wher one claims some wrongful doing by the other part

 Breach of contract
 Chain of custodian issues

Criminal cases involve law enforcement in some capacity

 Local, state of federal agents brings the charges


 Local, state or federal prosecutors try the case in a court of law
 Punishments are usually more harsh compared to civil case

Investigation process
Base on the type of case, the investigation process may be a little different

Some general event

 Will have to collect evidence which can be painstaking


 Evidence collect has to be done in a forensically sound manner
 This in age, will have some digital evidence or electronic devices

Rule/Keys of forensics Investigation


 Maintain the chain of custody
 Record all changes made to evidence
 Never exceed your knowledge base; Hire professionals
 Follow the rules of evidence
 Store evidence in a secure environment
 Document, document, document

Enterprise Theory of Investigation


When it comes to federal investigations, they want to look for the organization behind the attack

The FBI defines a criminal organization as a group of individuals with an identified hierarchy engaged in
significant criminal activities

 Don’t look at the acts as individual issues


 Look at the big picture

Collecting Evidence

Digital evidence

When it comes to digital evidence, just think about evidence

We can use in a court of law, but its stored or transmitted in a digital form

 On storage media
 During routine or investigating network traffic

When collecting, investigators have to be very careful

 Fragile by nature

Type of Digital Evidence

There is a couple different types we need to be familiar with

Volatile data
Data that will be lost once the device is power off

Open files, memory, command history

Involatile data

Data that is saved or stored on some type of storage device

Swap file, event logs, registry settings hidden partitions

You might also like