Digital Forensics - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Digital Forensics

Description:

Digital Forensics Brett Garrison Quick Facts More than 90% of today s information is created and stored or processed electronically. More than 70% are never printed ... – PowerPoint PPT presentation

Number of Views:532
Avg rating:5.0/5.0
Slides: 18
Provided by: LaurenM152
Category:

less

Transcript and Presenter's Notes

Title: Digital Forensics


1
Digital Forensics
  • Brett Garrison

2
Quick Facts
  • More than 90 of todays information is created
    and stored or processed electronically.
  • More than 70 are never printed or produced into
    a hard copy
  • Information can be erased, moved around, or
    hidden with ease.
  • A good forensic examiner can restore or find this
    missing information.

3
Definition
  • Using computer science to aid in the legal
    process and to conduct investigations.
  • Gathering data for evidence
  • Aid police investigations
  • Recover data
  • Provide testimony in court
  • Gather any other information that can be found on
    a digital or electronic media.
  • Information gathered can be audio, video, or
    graphical.

4
Devices
  • Computer systems
  • PDAs
  • Cell phones
  • USB drives
  • CD-ROMs
  • Laptops
  • Any other storage media

5
When is digital forensics used?
  • Property disputes
  • Contract disputes
  • Fraud or embezzlement
  • Wrongful termination
  • Sexual harassment suits
  • Medical malpractice

6
What do they do?
  • Forensics experts extract both visible and
    invisible computer data.
  • More than simply data recovery
  • Locate data throughout the system
  • Recover data
  • Responsible for maintaining the integrity of the
    information found, preventing damage, data
    corruption, or virus exposure. (All data must be
    acceptable for use in a court of law.)
  • Results of forensic investigation must be
    reproducible in such a way that the information
    is authenticated and reliable
  • Work closely with law enforcement, government
    officials, and attorneys.
  • Must be well-versed in relevant case law.

7
Data Recovery
  • A skilled forensic worker can recover all of the
    files on a computer or storage device.
  • Active files
  • Invisible files
  • Deleted but remaining files
  • Hidden files
  • Encrypted files
  • Pass-word protected files
  • Most information that is gathered is undetectable
    or unviewable to the average computer user.

8
Data Recovered
  • Digital forensic practitioners are generally
    concerned with three types of data
  • Active data information that is readily
    available and easily accessed on the computer.
    Ex Programs, files, and other data used by the
    operating system.
  • Archival data data that has been backed up and
    stored. Ex hard disks, cds, USB drives
  • Latent or Ambient data data that requires
    special tools or skills to retrieve. Ex data
    that has been overwritten or deleted

9
Steps for Investigating an Electronic Device
  • Step 1
  • All files that have been deleted or have not yet
    been overwritten are recovered.
  • Computers constantly write data to the hard drive
    when in use. The operating system over writes
    data on the hard drive that is no longer needed
    or used.
  • This data can be retrieved if not completely
    overwritten.

10
Step 2
  • All data found in special or inaccessible areas
    of the device are analyzed.
  • Areas of disk that are not currently in use, but
    have had data previously stored on them.
  • Slack Space- unused space at end of file where
    previously created information could be stored

11
Final Step
  • Report the analysis of the device or system
  • Provide copies of data collected
  • Arranged into support for legal theories or
    strategies.
  • Often provide expert testimony or advice when
    necessary.

12
Tools Used
  • Light analyzers
  • Tools that analyze lighting allow forensics
    practitioners to determine if a photo has been
    tampered with
  • Win Hex
  • Data Recovery
  • Microsoft Log Parser
  • Extract information of almost any format
  • PMDump
  • Dumps memory contents of a process into a file
    without stopping the procedure (Windows).

13
Famous Cases Solved with Digital Forensics
  • Chandra Levy
  • Last seen alive on April 23, 2001
  • Digital forensics lead to the discovery that
    someone had conducted an internet search for Rock
    Creek Parks Klingle Mansion, near Washington,
    D.C.
  • Police scoured the area and a man walking his dog
    found Levys remains on May 22, 2002,
    approximately one year later, confirming that
    the case was in fact a homicide.

14
Famous Cases
  • Dennis Rader
  • Known as BTK killer in Wichita, KS area.
  • Murdered 10 people between 1974 and 1991.
  • Communicated with police through letters for
    years. Sent a message on a floppy disk in
    February 2005.
  • Examination of the disks properties revealed the
    words Dennis and Christ Lutheran Church.
  • DNA tests confirmed him a match and he was
    arrested 9 days later.
  • Rader was planning his first murder since 1991.

15
Conclusion
  • Digital forensics is a very high tech field
  • Can be expensive
  • Has immense potential in law enforcement, and
    especially in the future of law enforcement.
  • Field grows in leaps and bounds every day.

16
Sources
  • http//www.evestigate.com/
  • http//www.digitaldataforensics.com/
  • http//www.wikipedia.org/
  • http//digg.com/software/

17
  • Questions?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Digital Forensics" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!