1 of 61

3-Basics of Digital Forensic

Digital forensic is a branch of forensic science encompassing the recovery and investigation of material found in digital devices often in relation to computer crime.

Digital forensics includes the identification, recovery, investigation, validation and presentation of facts regarding digital evidence found on computer and similar storage media devices.

2 of 61

History of forensic

1980s

Field of pc forensics began

1984

FBI, Federal Bureau of Investigation was created which was referred as magnet media program.

Currently referred as Computer Analysis and Response Time(CART)

Michael Anderson, the Father of Computer Forensics came into limelight during this period.

1995

International organization on Computer Evidence(IOCE) was formed

1997

Great countries declared that law enforcement personnel should be trained and equipped to deal with sophisticated crimes.

3 of 61

History of forensic

1998

INTERPOL forensic science symposium was apprehended

(International Criminal police organization that facilitates worldwide police cooperation and crime control

1999

The FBI CART case load goes beyond 2000 case examining.

2000

The first FBI Regional computer forensic laboratory was recognized.

2003

FBI CART case load exceeds 6500 cases.

4 of 61

Traditional Crimes

Cyber Crimes

Kidnapping

Electronic fund transfer fraud

Murder

Copyright violation

Sexual assault

Cyber terrorism

Robbery

Identity theft

Motor vehicle theft

Cyber bullying(mistreatment) and harassment

5 of 61

Rules of Digital Forensics

  1. An examination should never be performed over original media.
  2. A copy is made onto forensically sterile media. New media should always be used if available.
  3. The copy of evidence must be exact,bit by bit.
  4. The computer and data on it must be protected during the acquisition of the media to ensure that the data is not modified.
  5. The examination must be conducted in such as way as to prevent any modification of the evidence.
  6. The chain of the custody of all evidence must be clearly maintained to provide an audit log.

6 of 61

  • DFI digital forensic investigation:
  • It is special type of investigation where the scientific procedures and techniques used will be allowed to view the result digital evidence (to be admissible in a court of law)

7 of 61

Goals of Digital Forensic Investigation

The main objective is to examine digital evidences and to ensure that they have not been tampered in any manner. To achieve this goal, investigation must be able to handle all below obstacles:

  1. Handle and locate certain amount of valid data from large amount of files stored in computer system.
  2. It is viable that information has been deleted, in such situation searching inside the file is worthless.

8 of 61

Goals of Digital Forensic Investigation

3. If the files are secured by some password, investigators must find a way to access a data by some unauthorized way.

4. Data may be stored in damaged device but the investigator searches the data in working devices.

5.Major obstacle is that , each and every case is different identifying the techniques and tools will take long time.

9 of 61

Goals of Digital Forensic Investigation

6. The digital data must be protected being modified. It is very tedious to prove that data under examination is unaltered.

7. Common procedure for investigation and standard techniques for collecting and preserving digital evidences are desired.

10 of 61

Ethics issues in Digital Forensic:

  1. Honesty towards the investigation.
  2. Prudence means carefully handling the digital evidences.
  3. Compliance with law and professional norms.

11 of 61

General Ethical norms for investigator

  1. To contribute to the society and human beings.
  2. To avoid harm to others.
  3. To be honest and trustworthy.
  4. To be fair and take action not to discriminate.
  5. To honor property rights, including copyrights and patents.
  6. To give proper credit to intellectual property.
  7. To respect the privacy of others.
  8. To honor confidentiality.

12 of 61

Unethical norms for digital forensic investigation�

Investigator should not:

  1. Uphold any relevant evidence.
  2. Declare any confidential matters or knowledge.
  3. Express an opinion on the guilt or innocence belonging to any party.
  4. Engage or involve in any kind of unethical or illegal conduct.
  5. deliberately or knowingly undertake an assignment beyond him or her capability.

13 of 61

Models of Digital Forensics:

  1. Road map for Digital Forensic Research(RMDFR).
  2. Abstract digital forensic model(ADFM).
  3. Integrated digital investigation process (IDIP)
  4. End to end digital investigation process(EEDIP)
  5. An Extended Model of Cybercrime Investigation(EMCI).
  6. UML modeling of digital forensic process model(UMDFPM)

14 of 61

  1. ______________is a branch of forensic science encompassing the recovery and investigation of material found in digital devices often in relation to computer crime.
  2. Analog forensic
  3. Digital forensic
  4. Cyber forensic

15 of 61

2. ______________ includes the identification, recovery, investigation, validation and presentation of facts regarding digital evidence found on computer and similar storage media devices.

  1. Analog forensic
  2. Digital forensic
  3. Cyber forensic

16 of 61

3. Field of pc forensics began in

  1. 1977
  2. 1980
  3. 1982

17 of 61

4. FBI stands for_______

  1. Federal Bureau of Investigation
  2. F
  3. F

18 of 61

5.CART stands for _______

  1. Computer Analysis and Request Time
  2. Computer Analysis and Response Time
  3. Crime Analysis and Response Time

19 of 61

____________the Father of Computer Forensics.

  1. Michael paterson
  2. Michael Andrew
  3. Michael Anderson

20 of 61

International organization on Computer Evidence(IOCE) was formed in

  1. 1995
  2. 1992
  3. 1990

21 of 61

  • INTERPOL stands for ________
  • International police organization
  • International Criminal patrol organization
  • International Criminal police organization

22 of 61

  • All are cyber crimes except
  • Electronic fund transfer fraud
  • Copyright violation.
  • Kidnapping
  • Cyber bullying

23 of 61

RMDFR stands for_______

  1. Roll map for digital forensic research.
  2. Road map for digital forensic research.
  3. Road model for digital forensic research.

24 of 61

  • Which step is not included in RMDFR model
  • Identification
  • Preservation
  • Collection
  • Examination
  • Analysis
  • Reporting
  • Approach strategy

25 of 61

  1. ADFM stands for _________
  2. Analog digital forensic model
  3. Abstract digital forensic model
  4. Analytical digital forensic model

26 of 61

steps included in ADFR model

  1. Identification
  2. Preparation: tools, techniques, monitoring authorization and management support.
  3. Approach strategy: formulating procedures and approach in order to maximize the collection of evidence
  4. Preservation E. Collection

F. Examination G. Analysis

  1. Presentation
  2. Returning evidence: physical and digital property returned to proper owner

27 of 61

  • IDIP stands for ______
  • Investigated digital Integration process
  • Integrated digital investigation process
  • Inherited digital investigation process

28 of 61

  • 1. Readiness phase : The goal of this phase to ensure that the operations and infrastructure are able to fully support an investigation. It includes two phases
  • Operations readiness
  • Infrastructure readiness

29 of 61

  • 2. Deployment phase: The purpose to provide a mechanism for an incident to be detected and confirmed. It includes two phases
  • Detection and notification phase
  • Confirmation and authorization phase

30 of 61

  • 3. physical crime investigation phase: The goal of these phase is to collect and analyze the physical evidence and reconstruct the actions that took place during the incident.it includes 6 phases.
  • Preservation phase
  • Survey phase
  • Documentation phase
  • Search and collection phase
  • Reconstruction phase
  • Presentation phase

31 of 61

  • 4. Digital crime investigation phase: collect and analyze digital evidence. It includes all phases of physical crime investigation phase.
  • 5. Review phase: This entails a review of the whole investigation and identifies areas of improvement.

32 of 61

  • RMDFR model Proposed by______
  • carrier and safford.
  • Palmar
  • Reith,carr,gunsh

33 of 61

  • ADFM model Proposed by______
  • carrier and safford.
  • Palmar
  • Reith,carr,gunsh

34 of 61

  • IDIP model Proposed by______
  • carrier and safford.
  • Palmar
  • Reith,carr,gunsh

35 of 61

36 of 61

37 of 61

38 of 61

39 of 61

40 of 61

41 of 61

42 of 61

43 of 61

44 of 61

45 of 61

46 of 61

47 of 61

48 of 61

49 of 61

50 of 61

51 of 61

52 of 61

53 of 61

54 of 61

55 of 61

56 of 61

57 of 61

58 of 61

59 of 61

60 of 61

61 of 61