CYBER SECURITY AND DIGITAL FORENSICS
by
Dr. Vikrant Chole
Amity School of Engineering & Technology
MODULE - IV�Types of Computer Forensics Technology
Amity School of Engineering & Technology
Types of Computer Forensics Technology
Amity School of Engineering & Technology
forensics is generally performed postmortem (after the crime or event occurred).
to traditional postmortem forensic analysis. This is essential to continued
functioning of critical information systems and infrastructures. In the battle against malicious
hackers, investigators must perform cyber forensic functions in support of various objectives.
caches, and various system buffers (drive and video buffers).
are being used by military, law enforcement, and business computer specialists.
Amity School of Engineering & Technology
Amity School of Engineering & Technology
Types of Military Computer Forensic Technology
a partnership with the National Institute of Justice via the auspices of the National Law Enforcement and
Corrections Technology Center (NLECTC) located in Rome, New York, to test these new ideas and prototype
tools.
Amity School of Engineering & Technology
under contract by WetStone Technologies, Inc., was the cornerstone of the technology demonstrated. SI-
FI supports the collection, examination, and analysis processes employed during a cyber forensic
investigation. The SI-FI prototype uses digital evidence bags (DEBs), which are secure and tamperproof
containers used to store digital evidence. Investigators can seal evidence in the DEBs and use the SI-FI
implementation to collaborate on complex investigations.
ascertain the intent and identity of cyber criminals
Amity School of Engineering & Technology
Types of Law Enforcement: Computer Forensic Technology
extraction, and documentation of computer evidence stored in the form of magnetically
encoded information (data).
for law enforcement in the identification of leads and in the processing of computer related
evidence.
Amity School of Engineering & Technology
and other information that is automatically dumped from the computer memory
as a transparent operation of today’s popular personal computer operating systems.
and to tie a diskette to the computer that created it.
evidence for years. This section touches very briefly on issues dealing with
Windows NT, Windows 2000, XP and 2003 and their use within law enforcement
computer forensic technology.
notebook and desktop computers in corporations and government agencies.
Thus, they are currently the operating systems most likely to be encountered in computer
investigations and computer security reviews.
Amity School of Engineering & Technology
Types of Business Computer Forensic Technology
Following are the types of business computer forensics technology:
Amity School of Engineering & Technology
Remote Monitoring of Target Computers
Amity School of Engineering & Technology
Creating Trackable Electronic Documents
Amity School of Engineering & Technology
Theft Recovery Software for Laptops and PCs
Amity School of Engineering & Technology
Basic Forensic Tools and Techniques
Amity School of Engineering & Technology
Forensic Services Available
Lost password and file recovery
Location and retrieval of deleted and hidden files
File and email decryption
Email supervision and authentication
Amity School of Engineering & Technology
Threatening email traced to source
Identification of Internet activity
Computer usage policy and supervision
Remote PC and network monitoring
Tracking and location of stolen electronic files
Honeypot sting operations
Location and identity of unauthorized software users
Theft recovery software for laptops and PCs
Investigative and security software creation
Protection from hackers and viruses.
Amity School of Engineering & Technology
Amity School of Engineering & Technology
Amity School of Engineering & Technology
Specialized Forensics Techniques
work for themselves, or they can be using excessive work time to surf
pornographic sites and play games.
Amity School of Engineering & Technology
being compromised, a potential loss of competitive capability, a threat of
lawsuits, or potential damage to reputation and brand.
Amity School of Engineering & Technology
Hidden Data and How to Find It
Amity School of Engineering & Technology
Spyware and Adware
are still getting paid.
Amity School of Engineering & Technology
Why Is It Called Spyware?
also install additional tracking software on your system, which is continuously calling
home, using your Internet connection to report statistical data to the “mothership.”
sensitive or identifying data collected from your system and you shall remain
anonymous, the fact still remains that you have a live server sitting on your PC that
is sending information about you and your surfing habits to a remote location.
Are All Adware Products Spyware?
install any tracking mechanism on your system.
Amity School of Engineering & Technology
Is Spyware Illegal?
to and therefore prefer not to use the product. This usually involves the tracking
and sending of data and statistics via a server installed on the user’s PC and the use
of your Internet connection in the background.
less about the privacy hype.
Real Spyware
activity on a computer, ranging from keystroke capture, snapshots, email logging,
chat logging, and just about everything else.
Amity School of Engineering & Technology
Protecting Data from Being Compromised
class of individuals who exploit these benefits to commit crimes and civil
wrongs.
Amity School of Engineering & Technology
obtained from computer systems. Digital evidence can often make or break
a case.
assert other points of fact in a court of law, such as identify suspects, defend the innocent,
prosecute the guilty, and understand individuals’ motives and intents.
data from computer media in such a way that it may be used in a court of law.
In other words, computer forensics is used by experts to protect data from being
compromised. This evidence may include such things as deleted emails or files and
computer logs, spreadsheets, and accounting information.
media. Computer forensics experts recover the evidence and maintain a strict
chain of custody to ensure that the evidence is preserved in its original form. These
experts’ knowledge of what to look for and where to look is also important.
Amity School of Engineering & Technology
Avoiding Pitfalls with Firewalls
Port numbers are divided into three ranges:
Amity School of Engineering & Technology
Suppose you are seeing attempts on the same set of ports from widely varying
sources all over the Internet. Usually, this is due to a “decoy” scan, such as in “nmap.”
One of them is the attacker; the others are not.
Amity School of Engineering & Technology
End of Module 4
Amity School of Engineering & Technology