Diving in to Digital forensics

Transcript

1. By Pranjal Vyas Diving Into Digital Forensics

2. Who Am I ? • Mozillian • Founder of Cyberhex

3. What is Digital Forensics

4. What is Digital Forensics The science of identifying, preserving, recovering,

   analyzing and presenting facts about digital evidence found on computers or digital storage media devices.

5. Goal Of Digital Forensics The main goal of computer forensic

   experts is not only to find the criminal but also to find out the evidence, the presentation of the evidence in a manner that leads to legal action of the criminal.

6. What is Evidence ? Evidence is anything that can be

   used to determine whether a crime has been committed. Evidence may link a suspect to a scene, corroborate or refute an alibi or statement, identify a perpetrator or victim, exonerate the innocent, induce a confession, or direct further investigation.

7. What is Evidence ?

8. Types Of Evidence(s) 1.PERSISTANT DATA data that remains intact when

   the computer is turned off. E.g. hard drives, disk drives and removable storage devices (such as USB drives or flash drives). 2.VOLATILE DATA data that would be lost if the computer is turned off. E.g. deleted files, computer history, the computer's registry, temporary files and web browsing history.
9. None

10. Phases of Digital Forensics Identification >>Identify Evidence >>Identify type of

    information available

11. Phases of Digital Forensics Preservation >>Preserve evidence with least amount

    of change possible >>Must be able to account for any change >>Chain of custody

12. Phases of Digital Forensics(contd.) Preservation >>Chain of custody

13. Phases of Digital Forensics Analysis >> Extracting facts(data/information) Methods for

    extracting Facts(data/information) 1. Bit stream Disk to image 2. Bit stream Disk to Disk

14. Phases of Digital Forensics Presentation/Documentation Evidence will be accepted in

    court on:- >> Manner of presentation >> Qualifications of the presenter >> Credibility of the processes used to preserve and analyze evidence

15. Branches of Digital Forensics

16. Skills required for Digital Forensics • Networking skills, including TCP/IP-based

    network communications (much of modern forensics involves reading network traces) • Windows, *nix operating systems • C, Python or any programming language(s) • Computer hardware and software systems • Cryptography principles • eDiscovery tools (NUIX, Relativity, Clearwell, etc.) • Forensic software applications (e.g. TSK, FTK, Helix, Cellebrite etc.) • Data processing skills in electronic disclosure environments • Evidence handling procedures • Cloud computing

17. Forensics Tools (Commercial/Proprietary) • UFED • Oxygen • Santoku •

    Belkasoft • CyberCheck • OSForensics • FTK Imager

18. Forensics Tools (Free/Opensource) • Volatility • GRR • DFF •

    Autospy/TSK • Regripper • Caine Distro • HashMyFiles

19. Thank you vyaspranjal33 vyas_pranjal [email protected] pranjalvyas96