Introduction to Computer Forensics: Uncovering Digital Evidence
Delve into the world of computer forensics with this comprehensive guide featuring key concepts, techniques, and tools used in investigating digital evidence for criminal and civil cases. Learn about the process of discovering, collecting, and analyzing data from computers and networks, as well as the essential skills and requirements for a computer forensics examiner.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University
What are we talking about? Forensic
What are we talking about? Fat-Free Muffins Breakeven Analysis Forensic Science is the use of science to investigate and establish facts in criminal and civil cases. $60,000.00 $50,000.00 $40,000.00 Fixed Cost Total Cost Revenue Dollars $30,000.00 $20,000.00 $10,000.00 $0.00 0 5,054 10,108 15,161 20,215 Units
What are we talking about? Computer Forensics is the discovery, collection, and analysis of evidence found on computers and networks.
Many Hats Technology Law Investigative Skills
An Exam May Explain Hidden data Most recently used applications Origin of documents Evidence of wiping Visited Internet sites
An Exam May Require Cloning Write Blocker MD-5 & SHA-1 Cataloging Recovery of Deleted Files Search for hidden, disguised or encrypted files Viewing files Analysis of time/date stamps
An Examiner Should Possess requisite training and equipment Be able to provide training Be knowledgeable of data relevant to computer-related crimes Be able to effectively testify as an expert in a court of law
What to do? If the computer is off, do not turn on. If the computer is on, do not shut down normally call for instructions. Do not browse the files!
What to do? Document, document, document - W H Y ? Records chain of custody: Where the evidence came from When it was obtained Who obtained it Who secured it Who has had control of it Where it is stored
Final Notes Forensic Examinations Normally 1-2 hours to forensically image a hard drive Exams can take 4-40 hours, depending on requests Helpful if keywords provided Know what you want to search for ..
Final Notes Average HD Volume 590 GB* Gigabyte 1,073,741,824 bytes Subtotal 633,507,676,160 bytes Page size 3000 bytes Pages 211,169,225 Ream 500 pages Reams 422,338 Reams Ream height 2 Total height 844,676 Height in feet Height of Mt Everest 29,029 feet** 70,389 feet Note these figures are conservative! * http://www.tomshardware.com/news/seagate-hdd-gigabyte-terabyte-quarter-result,13118.html ** http://www.teameverest03.org/everest_info/index.html
Explain what the 'Chain of Custody' is in computer forensics. Furthermore, explain why it is important for forensic examiners to establish 'Chain of Custody' as soon as they arrive on a scene and maintain it throughout the life of a case. We spent a day discussing computer forensics. How could knowledge of this topic help a human resources manager do their job? How could knowledge of this topic help a police officer do their job?
