CYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad.

Similar documents
MSc Computer Security and Forensics. Examinations for / Semester 1

Hands-On How-To Computer Forensics Training

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Microsoft Vista: Serious Challenges for Digital Investigations

EC-Council Ethical Hacking and Countermeasures

"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure

Digital Evidence and Computer Forensics

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT

Computer Forensics. Securing and Analysing Digital Information

Digital Forensic Techniques

Computer Forensics. Computer Forensics: History, Tools and Outlooks. By John Burns IT Research Paper

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

Computer Forensics Principles and Practices

Overview of Computer Forensics

Computer Hacking Forensic Investigator v8

Digital Forensics. Larry Daniel

The Role of Digital Forensics within a Corporate Organization

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Certified Digital Forensics Examiner

Operating Systems Forensics

Incident Response and Computer Forensics

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Certified Digital Forensics Examiner

Digital Forensic analysis of malware infected machine Case study ***

Cloud Forensics. 175 Lakeside Ave, Room 300A Phone: 802/ Fax: 802/

Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012

What is Digital Forensics?

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

Impact of Digital Forensics Training on Computer Incident Response Techniques

Developing Computer Forensics Solutions for Terabyte Investigations

Digital Forensics for Attorneys Overview of Digital Forensics

Digital Evidence. Robert J. O Leary, CFCE; DFCP Director NIJ ECTCoE 550 Marshall St. Suite B Phillipsburg, NJ 08865

An overview of IT Security Forensics

Cyber Security Response to Physical Security Breaches

Data Hiding Techniques

Computer Forensics Basics, First Responder, Collection of Evidence

Digital Forensic Tool for Decision Making in Computer Security Domain

FORENSIC ANALYSIS Aleš Padrta

Fall. Forensic Examination of Encrypted Systems Matthew Postinger COSC 374

ACE STUDY GUIDE. 3. Which Imager pane shows information specific to file systems such as HFS+, NTFS, and Ext2? - Properties Pane

To Catch a Thief: Computer Forensics in the Classroom

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Incident Response and Forensics

A Short Introduction to Digital and File System Forensics

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Computer Forensic Capabilities

Certified Digital Forensics Examiner

The Dimensions of Cyber Crime

Where is computer forensics used?

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Forensically Determining the Presence and Use of Virtual Machines in Windows 7

"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

State of the art of Digital Forensic Techniques

A Practical Approach for Evidence Gathering in Windows Environment

Getting Physical with the Digital Investigation Process

Design Document for Implementing a Digital Forensics Laboratory

THE CHALLENGES OF DATA SECURITY IN THE MODERN OFFICE

Chapter 7 Securing Information Systems

Computer Anti-forensics Methods and Their Impact on Computer Forensic Investigation

CDFE Certified Digital Forensics Examiner (CFED Replacement)

RECOVERING DELETED DATA FROM FAT PARTITIONS WITHIN MOBILE PHONE HANDSETS USING TRADITIONAL IMAGING TECHNIQUES

SQL SERVER Anti-Forensics. Cesar Cerrudo

Digital Forensics & e-discovery Services

Keywords: Computers, digital evidence, digital evidence bags, forensics, forensics tools

FORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres

DIGITAL FORENSIC INVESTIGATION OF CLOUD STORAGE SERVICES

Digital Forensics, ediscovery and Electronic Evidence

Detection of Data Hiding in Computer Forensics. About Your Presenter

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

CERIAS Tech Report GETTING PHYSICAL WITH THE DIGITAL INVESTIGATION PROCESS. Brian Carrier & Eugene H. Spafford

(b) slack file space.

Indian Efforts in Cyber Forensics

Digital Forensics for IaaS Cloud Computing

AN INVESTIGATION INTO THE METHODS USED FOR TRAFFICKING OF CHILD ABUSE MATERIAL

Chapter 8 Objectives. Chapter 8 Operating Systems and Utility Programs. Operating Systems. Operating Systems. Operating Systems.

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Determining VHD s in Windows 7 Dustin Hurlbut

Design and Implementation of Digital Forensics Labs:

DoD Cyber Crime Center

GENERAL DIRECTIONS OF DEVELOPMENT IN DIGITAL FORENSICS

Retrieving Internet chat history with the same ease as a squirrel cracks nuts

How To Do Digital Forensics

COMPREHENSIVE STUDY OF DIGITAL FORENSICS

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

CERTIFIED DIGITAL FORENSICS EXAMINER

Digital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

About Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics

Digital Forensics and Cyber Crime Datamining

Transcription:

CYBER FORENSICS KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad. 11

DIGITAL EVIDENCE? Cyber crimes Digital evidence Digital evidence is any information of probative value that is either stored or transmitted in a binary form (SWG, IACIS). Characteristics Identification of digital evidence Invisible Collection of evidence System is on, can I shutdown? - Volatile evidence? Time sensitive Changes with time May be lost log files, data of volatile memory Highly fragile Tampered, manipulated 2

TYPICAL SCENARIO WHAT IS THE EVIDENCE? IS EVIDENCE VISIBLE? WHERE IS THE EVIDENCE? HOW TO COLLECT? 3

WHAT IS CYBER FORENSICS? Youngest branch of Forensic Science. The process of identifying, preserving, analysing and presenting digital evidence in a manner that is legally acceptable in any judicial or administrative hearing. Acquire authenticate- analyze-document-depose Peer reviewed & tested tools & techniques. Goal: Successful criminal prosecution. To determine the root cause of an event. To determine who was responsible. THE LAW CYBER FORENSICS TECHNOLOGY 4

Sub-branches Disk/Media Forensics Analysis & retrieval of various files User created, user protected & system created Retrieval of data from unallocated & slack space; Network Forensics Analysis of log files - System logs, IDS logs etc., Memory Forensics: Collecting data from system memory (e.g., system registers, cache, RAM) in raw form and carving the data from the raw dump; Malware Forensics: Analyzing Malicious Code for identification and to study their payload; Database Forensics : relating to the forensic study of databases and their related metadata. Software Forensics: Analysis of software for it s functioning Embedded Forensics: Analysis of pre-programmed chips 5

Case study-1 Case of Software Forensics Data Didling Secondary state board. Private students topped over govt students No Govt student getting full marks IO seized the hard disk & Forwarded to lab. Q ire: Give the printout of all the files!!!!!! The Forensic expert, studied the case history & asked for the software. Case of software manipulation 6 DIGIT ROLL NUMBER GOVT STUDENTS STARTS WITH 3 PRIVATE STUDENTS STARTS WITH 4 FOR ROLL_ NO 3 > 68 <= 100 DEDUCT 9 FOR ROLL_ NO 4 > 68 < 88 ADD 9 Several recruitment scams 66

Case study-2 Case of Malware Forensics. Software firm Pink slip was given, June 29 th, 2009. Left the company. On 7 th July, the systems were crashed Forensic analysis of program files indicate Code of a Logic bomb with parameter set as the date 7 th July 0830 hrs. 7

Case study 3 Data carving from unallocated space Case of Chennai. Victim Director of a company His wife s nude photographs were circulated to all the members in address book Accused Disgruntled employee Kept a camera in victim residential bath room Know the e-mail & password of the victim Circulated the same. Formatted the Hard-disk Entire data of unallocated space was carved for a file thumbs.db. 8

Mining Thumbs.db Thumbs.db contains cached thumbnails of the images in a folder. embedded data present in the Thumbs.db file In many cases, the images may have been deleted from the directory but they may still be available in the thumbs.db cache! Tools: Encase, Accessdata FTK, Cyber Check suite. Ontrack recovery. Windows File Analyzer. 9

Case study 4 Paper leak. Connected the pen drive to a desktop computer & printed the question paper. Hard-disk received & windows XP. Print spooler files Two files in the C:\Windows\System32\spool\Printers folder..spl - The print job s spooled data is contained in a spool file..shd - The shadow file contains the job settings Registry analysis USB view 10

Case study 4 ( cont d) Spool Viewer view.shd files Splview.exe (available at http://undocprint.printassociates.com) This tool allows you to view the metadata of the print job! Spool Viewer http://www.codeproject.com/dotnet/e MFSpoolViewer/EMFSpoolViewer.zip This tool allows you to view the actual spooled pages! 11

CHALLENGES INCRESE IN ANTI-FORENSIC TRENDS EVIDENCE ELIMINATOR/ FILE SHREDDER DATA HIDING TECHNIQUES ENCRYPTION/PASSWORDS/ STEGANOGRAPHY DEVELOPMENTS IN OS & APPLICATIONS FORENSIC ANALYSIS OF ROUTER, HUBS MAINFRAME DIGITAL FORENSICS DATABASE FORENSICS MEMORY FORENSICS CLOUD COMPUTING Wi-Fi FORENSICS 12

CHALLENGES ANALYSIS OF TERABYTES OF DATA Satyam fraud case Data mining & data ware housing Need intelligent systems to classify data STANDARDIZATION OF TOOLS, TECHNIQUES Analysis of China made phones. Indigenous tool development. DATA FROM BROKEN DISKS Scanning Electron Microscope. Clearly defining the best practices in cyber forensics Std. Of methods, tools, Peer reviewed,tested in court In line with international legal requirements where relevant 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information