Computer Hacking Forensics Investigator Module I Computer Forensics in Today’s World.

Computer Hacking Forensics Investigator

Module I

Computer Forensics in Today’s World

EC-Council Copyright © by

EC-Council

All rights reserved. Reproduction is strictly prohibited

Scenario

Steven is the managing director of a respected software company. After finding pornography downloaded on his network server and a number of individual office computers, he decided to hire a computer forensics investigator to build a case for employee dismissal. The Investigator was hired to locate deleted files if any and verify certain non-work related contents of the hard drives in question. The investigator was able to locate spy software, pornography, illegal file-sharing software from the hard drive of the suspicious employee. This led to employee dismissal.


EC-Council


Module objective

Introduction to computer forensics

History of computer forensics

Computer forensics flaws and risks

Cyber crime

Role of computer forensics

Reason for cyber attacks

Modes of attacks

Cyber war


EC-Council


Module Flow

Introduction

Cyber crimeForensics flaws

and risks

Cyber war Modes of attacks

Reason for cyber attacksRole of computer

forensics

History


EC-Council


Introduction

Cyber activity has become an important part of everyday life of the general public

Importance of computer forensics:• 85% of business and

government agencies detected security breaches

• FBI estimates that the United States loses up to $10 billion a year to cyber crime


EC-Council


History of Forensics

Francis Galton (1822-1911)• Made the first recorded study of fingerprints

Leone Lattes (1887-1954)• Discovered blood groupings (A,B,AB, & 0)

Calvin Goddard (1891-1955)• Allowed Firearms and bullet comparison

for solving many pending court casesAlbert Osborn (1858-1946)

• Developed essential features of document examinationHans Gross (1847-1915)

• Made use of scientific study to head criminal investigationsFBI (1932)

• A Lab was set up to provide forensic services to all field agents and other law authorities throughout the country


EC-Council


Definition of Forensic Science

Definition:

–“Application of physical sciences to law in the search for truth in civil, criminal and social behavioral matters to the end that injustice shall not be done to any member of society”

(Source: Handbook of Forensic Pathology College of American Pathologists 1990)

–Aim: determining the evidential value of crime scene and related evidence


EC-Council


Definition of Computer Forensics

Definition:

“A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and meaningful format”

- Dr. H.B. Wolfe


EC-Council


What Is Computer Forensics?

According to Steve Hailey, Cybersecurity Institute

“The preservation, identification, extraction, interpretation, and documentation of computer evidence, to include the rules of evidence, legal processes, integrity of evidence, factual reporting of the information found, and providing expert opinion in a court of law or other legal and/or administrative proceeding as to what was found.”


EC-Council


“Computer forensics is equivalent of surveying a crime scene or performing an autopsy on a victim”. {Source: James Borek 2001}

Presence of a majority of electronic documents nowadays

Search and identify data in a computer Digital Evidence is delicate in nature For recovering

• Deleted,• Encrypted or,• Corrupted files from a system

Need for Computer Forensics


EC-Council


Evolution of Computer Forensics

1984 - FBI Computer Analysis and Response Team (CART) emerged

1991 - International Law Enforcement meeting was conducted to discuss computer forensics & the need for standardized approach

1997 - Scientific Working Group on Digital Evidence (SWGDE) was established to develop standards

2001 - Digital Forensic Research Workshop (DFRWS) was held• http://www.dfrws.org/


EC-Council


Computer Forensics Flaws and Risks

Computer forensics is in its early or development stages

It is different from other forensic sciences as digital evidence is examined

There is a little theoretical knowledge based up on which empirical hypothesis testing is done

Designations are not entirely professional There is a lack of proper training There is no standardization of tools It is still more of an “Art” than a “Science”


EC-Council


Corporate Espionage Statistics

Corporate computer security budgets increased at an average of 48% in 2002

62% of the corporate companies had their systems compromised by virus

FBI statistics reveal that more than 100 nations are engaged in corporate espionage against US companies

More than 2230 documented incidents of corporate espionage by the year 2003


EC-Council


Modes of Attacks

Cyber crime falls into two categories depending on the ways attack take place

Following are the two types of attacks

1.Insider Attacks

2.External Attacks


EC-Council


Cyber Crime

Cyber crime is defined as “Any illegal act involving a computer, its

systems, or its applications”

The crime must be intentional and not accidental.

Cyber crime is divided into 3 T’s• Tools of the crime

• Target of the crime

• Tangential to the crime


EC-Council


Examples of Cyber Crime

A few examples of cyber crime include:• Theft of intellectual property

• Damage of company service networks

• Financial fraud

• Hacker system penetrations

• Denial of Service Attacks

• Planting of virus and worms


EC-Council


Reason for Cyber Attacks

Motivation for cyber attacks1. Experimentation and a desire

for script kiddies to learn

2. Psychological needs

3. Misguided trust in other individuals

4. Revenge and malicious reasons

5. Desire to embarrass the target

6. Espionage - corporate and governmental


EC-Council


Role of Computer Forensics in Tracking Cyber Criminals Identifying the crime Gathering the evidence Building a chain of custody Analyzing the evidence Presenting the evidence Testifying Prosecution


EC-Council


Minimize the option of examining the original evidence

Obey rules of evidence Never exceed the knowledge base Document any changes in evidence

Rules of Computer Forensics


EC-Council


The 3 A’s Acquire evidence without modification or

corruption Authenticate that the recovered evidence is

same as the originally seized data Analyze data without any alterations

Computer Forensics Methodologies


EC-Council


Accessing Computer Forensics Resources Resources can be referred by joining

various discussion groups such as:– Computer Technology Investigators

Northwest– High Technology Crime Investigation

Association Joining a network of computer forensic

experts and other professionals News services devoted to computer

forensics can also be a powerful resource Other resources:

• Journals of forensic investigators• Actual case studies


EC-Council


Preparing for Computing Investigations

Computing investigations fall under two distinct categories:

1. Public Investigation

2. Corporate Investigation


EC-Council


Maintaining professional conduct

Professional conduct determines the credibility of a forensic investigator

Investigators must display the highest level of ethics and moral integrity

Confidentiality is an essential feature which all forensic investigators must display

Discuss the case at hand only with person who has the right to know


EC-Council


Understanding Enforcement Agency Investigations

Enforcement agency investigations include:

1. Tools used to commit the crime

2. Reason for the crime

3. Type of crime

4. Infringement on someone else’s rights by cyberstalking


EC-Council


Understanding Corporate Investigations

Involve private companies who address company policy violations and litigation disputes

Company procedures should continue without any interruption from the investigation

After the investigation the company should minimize or eliminate similar litigations

Industrial espionage is the foremost crime in corporate investigations


EC-Council


Investigation Process

Identification• Detecting/identifying the event/crime.

Preservation• Chain of Evidence, Documentation.

Collection• Data recovery, evidence collection.

Examination• Tracing, Filtering, Extracting hidden

data. Analysis

• Analyzing evidence Presentation

• Investigation report, Expert witness Decision

• Report


EC-Council


Digital Forensics

The use of scientifically unexpressed and proven methods towards the

Preserving Collecting Confirming Identifying Analyzing Recording Presenting

Digital evidence extracted

from digital sources


EC-Council


Summary

The need for computer forensics has grown to a large extent due to the presence of a majority of digital documents

A computer can be used as a tool for investigation or as evidence

Minimize the option of examining the original evidence

3A’s of Computer forensics methodologies are – Acquire, Authenticate, and Analyze

A computer forensic investigator must be aware of the steps involved in the investigative process

Date post:	16-Dec-2015
Category:	Documents
Upload:	madeleine-nicholson
View:	225 times
Download:	3 times

Computer Hacking Forensics Investigator Module I Computer Forensics in Today’s World.

Documents