An introduction to cyber forensics and open source tools in cyber forensics

An Introduction to Cyber Forensics and Open Source Tools in Cyber Forensics

Anoop JohnFounder & CTOZyxware Technologies

Cyber Forensics OS Tools

What is Cyber Forensics

Cyber - A prefix used in a growing number of terms to describe new things that are being made possible by the spread of computers. Anything related to the Internet also falls under the cyber category.

Forensics – Scientific tests and techniques used in connection with the detection of crime

Cyber Forensics – Discipline that combines elements of law and computer science to collect and anlayze data from computer systems, mobiles, networks, communication systems, and storage devices in a way that is admissible in a court of law


What is Digital Evidence?

Information and data of value to an investigation

that is stored on,

received,

or transmitted

by an electronic device.

This evidence is acquired when

data or electronic devices

are seized

and secured for examination.


Where do you find Digital Evidence?

Digital Evidence may be found in

Storage devices like hard disc

CD

DVD

memory card

USB drive

mobile phones

SIM card

Online resources like mail servers

cloud servers / data centers


How can you hide Digital Evidence?

Digital Evidence can be hidden in

FilesPassword protected files

Encrypted files

Steganography files

Hard DrivesEncrypted drives

Formatted hard disc

HPA (Host Protected Area)

DCO (Device Configuration Overlay)


What can Digital Evidence be related to?

Digital Evidence could be related

Online fraud

Organized crime

Identity / Data theft

Unauthorized access

Malicious files / Virus attack / Cyber attack

Data alteration

Cyber defamation

Cyber pornography

Online gambling

Sale of illegal items


Phases in Cyber Forensics

Phase 1: Identification of storage media for potential evidence / Identification of transmission media for collection of potential evidence

Phase 2: Acquisition of the storage media / collection of transmitted information

Phase 3: Securing collected media / data and forensic analysis of the acquired media

Phase 4: Documentation & Reporting


Analyzing acquired media/data

Identifying traces of network / computer intrusion

Processing network packets, log files

Identifying & examining malicious files

Employing techniques to crack file & system passwords

Detecting steganography

Recovering deleted, fragmented, hidden & corrupted data

Analyzing online activities


Handling acquired media/data

Maintaining evidence custody procedures

Preventing tampering

Identifying tampering

Courtroom presentation


Pros of Open Source Tools

Low capital cost

Minimal / No operational cost

Minimal / No maintenance cost

Algorithm/logic is known to the user

Source code is freely available for access, editing & customization

Extensive support from the open source community

Free usage to any number of users


Cons of Proprietary Tools

High capital cost

High operational cost

High maintenance cost

Algorithm/logic not known. No access to source

Heavy dependency on the software manufacturer

Restricted usage


Open Source Initiatives

Belgian Federal Computer Crime Unit (FCCU)

http://www.lnx4n6.be/index.php

An advanced network forensic framework By: Australian Federal Police, Brisbane, Australia

http://sourceforge.net/projects/pyflag/files/

Project in The Software and Systems Division supported by Law Enforcement Standards Office and Department of Homeland Security

http://www.cftt.nist.gov/index.html


Open Source Initiatives (cont...)

The Open Computer Forensics Architecture (OCFA) is a modular computer forensics framework built by the Dutch National Police Agency

http://ocfa.sourceforge.net/

ForeIndex: A Framework for Analysis and Triage of Data Forensics

http://www.basistech.com/wp-content/uploads/2014/04/osdf-2011-silva-foreindex.pdf


Open Source Tools in Acquisition Phase

Digital Forensics Framework

www.digital-forensic.org

CAINE

www.caine-live.net/

DEFT

www.deftlinux.net/

OCFA

http://sourceforge.net/projects/ocfa/

Sleuthkit

http://www.sleuthkit.org


Open Source / Free Tools in Analysis Phase

Digital Forensics Framework

www.digital-forensic.org

CAINE

www.caine-live.net

DEFT

www.deftlinux.net

SAFT Mobile Forensics

www.signalsec.com/saft

SANS Investigative Forensics Toolkit – SIFT

http://digital-forensics.sans.org/community/downloads


Open Source / Free Tools in Analysis Phase (cont...)

Sleuthkit

Autopsyhttp://www.sleuthkit.org/autopsy/

Sleuthkithttp://www.sleuthkit.org/sleuthkit/

Live View

http://liveview.sourceforge.net/



Analyzing RAM

CMAT http://sourceforge.net/projects/cmat

Volafoxhttps://www.volatilesystems.com/default/volatility

Volatilehttps://www.volatilesystems.com/default/volatility

Network Forensics

WireSharkhttp://www.wireshark.org

NetworkMinorhttp://networkminer.en.malavida.com/



Registry analysis

Registry Decoderhttp://www.digitalforensicssolutions.com/registrydecoder/

Password cracking Free Tools

http://www.openwall.com/john

Cracking Passwords for Windows, PDF, Word RAR , ZIP & Excel

http://pcsupport.about.com/od/toolsofthetrade/tp/password-cracker-recovery.htm



Detecting Pornography

Redlight Porn Scannerhttp://dfcsc.uri.edu/research/redLightTrial

http://www.nij.gov/topics/technology/pages/software-tools.aspx


[email protected]+91-9446069446


Thank you


Credits & References

http://www.slideshare.net/SagarRahurkar/digital-forensics-best-practices-with-the-use-of-open-source-tools-and-admissibility-of-digital-evidence-in-courts

https://en.wikipedia.org/wiki/Computer_forensics

http://www.slideshare.net/prashant3535/digital-crime-forensics-15360016

http://resources.infosecinstitute.com/computer-forensics-tools/

http://www.gfi.com/blog/top-20-free-digital-forensic-investigation-tools-for-sysadmins/

http://www.digitalforensicsassociation.org/opensource-tools/

Date post:	18-Aug-2015
Category:	Software
Upload:	zyxware-technologies
View:	69 times
Download:	7 times