Important: Use custom search function to get better results from our thousands of pages

Use " " for compulsory search eg:"electronics seminar" , use -" " for filter something eg: "electronics seminar" -"/tag/" (used for exclude results from tag pages)
Tags: computer forensic, computer forensics ppt, computer forensics pdf, computer forensics tools, computer forensics cybercrime, computer forensics courses in india, computer forensics software, computer forensics in india, computer forensics certification, computer forensics books, computer forensics seminar report, computer forensics seminar, computer forensics software, computer forensics science, computer forensics salary, computer forensics software free, computer forensics specialist, computer forensics schools,
Ask More Info Of  A Seminar Ask More Info Of A Project Post Reply  Follow us on Twitter
07-04-2009, 09:11 PM
Post: #1
Computer Forensics Full Download Seminar Report and Paper Presentation
Computer Forensics

.ppt  Presentation.ppt (Size: 1,005.5 KB / Downloads: 2560)

.doc  Report.doc (Size: 566.5 KB / Downloads: 1944)
Abstract :

Forensic computing is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable.(Rodney Mckemmish 1999).

From the above definition we can clearly identify four components:-

IDENTIFYING
This is the process of identifying things such as what evidence is present, where and how it is stored, and which operating system is being used. From this information the investigator can identify the appropriate recovery methodologies, and the tools to be used.
PRESERVING
This is the process of preserving the integrity of digital evidence, ensuring the chain of custody is not broken. The data needs to preserved (copied) on stable media such as CD-ROM, using reproducible methodologies. All steps taken to capture the data must be documented. Any changes to the evidence should be documented, including what the change was and the reason for the change. You may need to prove the integrity of the data in the court of law.

ANALYSING
This is the process of reviewing and examining the data. The advantage of copying this data onto CD-ROMs is the fact it can be viewed without the risk of accidental changes, therefore maintaining the integrity whilst examining the changes.

PRESENTING
This is the process of presenting the evidence in a legally acceptable and understandable manner. If the matter is presented in court the jury who may have little or no computer experience, must all be able to understand what is presented and how it relates to the original, otherwise all efforts could be futile.

Far more information is retained on the computer than most people realize. Its also more difficult to completely remove information than is generally thought. For these reasons (and many more), computer forensics can often find evidence or even completely recover, lost or deleted information, even if the information was intentionally deleted.

The goal of computer forensics is to retrieve the data and interpret as much information about it as possible as compared to data recovery where the goal is to retrieve the lost data.




COMPUTER FORENSIC
INTRODUCTION TO COMPUTER FORENSICS
1.1¦ THREATS TO THE SYSTEM
System threats can be broadly classified into human and environment threats. Environment threats include power outages, fire and floods. Human threats can be malicious or non-malicious. A threat is considered malicious if the attack or crime
is committed with full knowledge and intension. A non-malicious threat is one where the individual does not understand its intent or is ignorant of the action that is about to be committed. For e.g. :-
A disgruntled employee may try to break into the organizationâ„¢s critical business information to damage the information and the business. This is an example of malicious human threat.
An ignorant employee may give out information to a hacker without realizing the consequences. This is an example of non-malicious human threat.
1.2¦COMPUTER FORENSICS
Forensic computing is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable.(Rodney Mckemmish 1999).
From the above definition we can clearly identify four components:-
IDENTIFYING
This is the process of identifying things such as what evidence is present, where and how it is stored, and which operating system is being used. From this information the investigator can identify the appropriate recovery methodologies, and the tools to be used.
PRESERVING
This is the process of preserving the integrity of digital evidence, ensuring the chain of custody is not broken. The data needs to preserved (copied) on stable media such as CD-ROM, using reproducible methodologies. All steps taken to capture the data must be documented. Any changes to the evidence should be documented, including what the change was and the reason for the change. You may need to prove the integrity of the data in the court of law.

ANALYSING
This is the process of reviewing and examining the data. The advantage of copying this data onto CD-ROMs is the fact it can be viewed without the risk of accidental changes, therefore maintaining the integrity whilst examining the changes.
PRESENTING
This is the process of presenting the evidence in a legally acceptable and understandable manner. If the matter is presented in court the jury who may have little or no computer experience, must all be able to understand what is presented and how it relates to the original, otherwise all efforts could be futile.
Far more information is retained on the computer than most people realize. Its also more difficult to completely remove information than is generally thought. For these reasons (and many more), computer forensics can often find evidence or even completely recover, lost or deleted information, even if the information was intentionally deleted.
The goal of computer forensics is to retrieve the data and interpret as much information about it as possible as compared to data recovery where the goal is to retrieve the lost data.


1.3¦IMPORTANCE OF SYSTEM FORENSICS
System forensics helps an organization in not only reaching the source of crime and prosecuting the criminal, but also in organizing their security policy and planning future security requirements. System forensics helps the organization in the following way:-
RECOVER DATA THAT YOU THOUGHT WAS LOST FOREVER:-
Computers systems may crash, files may be accidentally deleted, disks may accidentally be reformatted, viruses may corrupt files, file may be accidentally overwritten, disgruntled employees may try to destroy your files. All of this can lead to loss of your critical data, but computer forensic experts should be able to employ the latest tools and techniques to recover your data.
ADVICE YOU ON HOW TO KEEP YOUR DATA AND INFORMATION SAFE FROM THEFT OR ACCIDENTAL LOSS:-
Business today relies on computers. Your sensitive records and trade secrets are vulnerable to intentional attacks from, for e.g. hackers, disgruntled employees, viruses, etc. also unintentional loss of data due to accidental deletion, h/w or s/w crashes are equally threatening. Computer forensic experts can advice you on how to safeguard your data by methods such as encryption and back-up.

EXAMINE A COMPUTER TO FIND OUT WHAT ITS USER HAS BEEN DOING:-
Whether youâ„¢re looking for evidence in a criminal prosecution, looking for evidence in a civil suit, or determining exactly what an employee has been up to. Your computer forensics expert should be equipped to find and interpret the clues left behind.
SWEEP YOUR OFFICE FOR LISTNENING DEVICES:-
There are various micro-miniature recording and transmitting devices available in todays hi-tech world. The computer forensic expert should be equipped to conduct thorough electronic countermeasure (ECM) sweeps of your premises.
HI-TECH INVESTIGATION:-
The forensic expert should have the knowledge and the experience to conduct hi-tech investigations involving cellular cloning, cellular subscription fraud, s/w piracy, data or information theft, trade secrets, computer crimes, misuse of computers by employees, or any other technology issue.

1.4¦COMPUTER FORENSIC METHODOLOGY
Forensic investigation methodology is basically the approach that an investigator follows to retrieve possible evidence that may exit on a subjectâ„¢s computer system. For e.g., the following steps should be taken :-
1. Shut Down the Computer
Depending upon the computer operating system involved, this usually involves pulling the plug or shutting down a net work computer using relevant operating system commands. At the option of the computer specialists, pictures of the screen image can be taken using a camera. However, consideration should be given to possible destructive processes that may be operating in the background. These can be resident in memory or available through a modem or network connection. Depending upon the operating system involved, a time delayed password protected screen saver may potentially kick in at any moment. This can complicate the shutdown of the computer. Generally, time is of the essence and the computer system should be shut down or powered down as quickly as possible
2. Document the Hardware Configuration of The System
It is assumed that the computer system will be moved to a secure location where a proper chain of custody can be maintained and the processing of evidence can begin. Before dismantling the computer, it is important that pictures are taken of the computer from all angles to document the system hardware components and how they are connected. Labeling each wire is also important so that the original computer configuration can be restored. Computer evidence should ideally be processed in a computer hardware environment that is identical to the original hardware configuration.
3. Transport the Computer System to A Secure Location
This may seem basic but all too often seized evidence computers are stored in less than secure locations. It is imperative that the subject computer is treated as evidence and it should be stored out of reach of curious computer users. All too often,
individuals operate seized computers without knowing that they are destroying potential computer evidence and the chain of custody. Furthermore, a seized computer left unintended can easily be compromised. Evidence can be planted on it and crucial evidence can be intentionally destroyed. A lack of a proper chain of custody can 'make the day' for a savvy defense attorney. Lacking a proper chain of custody, how can you say that relevant evidence was not planted on the computer after the seizure The answer is that you cannot. Do not leave the computer unattended unless it is locked in a secure location! NTI provides a program named Seized to law enforcement computer specialists free of charge. It is also made available to NTI's business and government in various suites of software that are available for purchase. The program is simple but very effective in locking the seized computer and warning the computer operator that the computer contains evidence and should not be operated
4. Make Bit Stream Backups of Hard Disks and Floppy Disks
The computer should not be operated and computer evidence should not be processed until bit stream backups have been made of all hard disk drives and floppy disks. All evidence processing should be done on a restored copy of the bit stream backup rather than on the original computer. The original evidence should be left untouched unless compelling circumstances exist. Preservation of computer evidence is vitally important. It is fragile and can easily be altered or destroyed. Often such alteration or destruction of data is irreversible. Bit stream backups are much like an insurance policy and they are essential for any serious computer evidence processing.
5. Mathematically Authenticate Data on All Storage Devices
You want to be able to prove that you did not alter any of the evidence after the computer came into your possession. Such proof will help you rebut allegations that you changed or altered the original evidence. Since 1989, law enforcement and military agencies have used a 32 bit mathematical process to do the authentication process. Mathematically, a 32 bit data validation is accurate to approximately one in 4.3 billion. However, given the speed of today's computers and the vast amount of storage capacity on today's computer hard disk drives, this level of accuracy is no longer accurate enough. A 32 bit CRC can easily be compromised. Therefore, NTI includes two programs in its forensic suites of tools that mathematically authenticate data with a high level of accuracy. Large hashing number, provides a mathematical level of accuracy that is beyond question. These programs are used to authenticate data at both a physical level and a logical level. The programs are called CrcMD5 and DiskSig Pro. The latter program was specifically designed to validate a restored bit stream backup and it is made available free of charge to law enforcement computer specialists as part of NTI's Free Law Enforcement Suite. The programs are also included in our various suites of forensic software which are sold NTI's clients.
6. Document the System Date and Time
The dates and times associated with computer files can be extremely important from an evidence standpoint. However, the accuracy of the dates and times is just as important. If the system clock is one hour slow because of daylight-saving time, then file time stamps will also reflect the wrong time. To adjust for these inaccuracies, documenting the system date and time settings at the time the computer is taken into evidence is essential.
7. Make a List of Key Search Words
Because modern hard disk drives are so voluminous, it is all but impossible for a computer specialist to manually view and evaluate every file on a computer hard disk drive. Therefore, state-of-the-art automated forensic text search tools are needed to help find the relevant evidence.
8. Evaluate the Windows Swap File
The Windows swap file is potentially a valuable source of evidence and leads. The evaluation of the swap file can be automated with several of NTI's forensic tools, e.g., NTA Stealth, Filter_N, FNames, Filter_G, GExtract and GetHTML. These intelligent filters automatically identifies patterns of English language text, phone numbers, social security numbers, credit card numbers, Internet E-Mail addresses, Internet web addresses and names of people.
9. Evaluate File Slack
File slack is a data storage area of which most computer users are unaware. It is a source of significant 'security leakage' and consists of raw memory dumps that occur during the work session as files are closed. The data dumped from memory ends up being stored at the end of allocated files, beyond the reach or the view of the computer user. Specialized forensic tools are required to view and evaluate file slack and it can prove to provide a wealth of information and investigative leads. Like the Windows swap file, this source of ambient data can help provide relevant key words and leads that may have previously been unknown.
10. Evaluate Unallocated Space (Erased Files)
The DOS and Windows 'delete' function does not completely erase file names or file content. Many computer users are unaware the storage space associated with such files merely becomes unallocated and available to be overwritten with new files. Unallocated space is a source of significant 'security leakage' and it potentially contains erased files and file slack associated with the erased files. Often the DOS Undelete program can be used to restore the previously erased files. Like the Windows swap file and file slack, this source of ambient data can help provide relevant key words and leads that may have previously been unknown to the computer investigator.
11. Search Files, File Slack and Unallocated Space for Key Words
The list of relevant key words identified in the previous steps should be used to search all relevant computer hard disk drives and floppy diskettes. There are several forensic text search utilities available in the marketplace. NTI's forensic search TextSearch NT can be used for that purpose and it has been tested and certified for accuracy by the U. S. Department of Defense. This powerful search tool is also included as part of NTI's suites of software tools.
12. Document File Names, Dates and Times
From an evidence standpoint, file names, creation dates, last modified dates and times can be relevant. Therefore, it is important to catalog all allocated and 'erased' files. NTI includes a program called FileList Pro in its various suites of forensic tools. The FileList Pro program generates its output in the form of a database file. The file can be sorted based on the file name, file size, file content, creation date, last modified date and time. Such sorted information can provide a timeline of computer usage.
13. Identify File, Program and Storage Anomalies
Encrypted, compressed and graphic files store data in binary format. As a result, text data stored in these file formats cannot be identified by a text search program. Manual evaluation of these files is required and in the case of encrypted files, much work may be involved. NTI's TextSearch Plus program has built in features that automatically identify the most common compressed and graphic file formats. The use of this feature will help identify files that require detailed manual evaluation. Depending on the type of file involved, the contents should be viewed and evaluated for its potential as evidence.
14. Evaluate Program Functionality
Depending on the application software involved, running programs to learn their purpose may be necessary. NTI's training courses make this point by exposing the students to computer applications that do more than the anticipated task. When destructive processes are discovered that are tied to relevant evidence, this can be used to prove willfulness. Such destructive processes can be tied to 'hot keys' or the execution of common operating commands tied to the operating system or applications. Before and after comparisons can be made using the FileList Pro program and/or mathematical authentication programs. All these tools are included in most of NTI's suites of forensic tools
15. Document Your Findings
As indicated in the preceding steps, it is important to document your findings as issues are identified and as evidence is found. Documenting all of the software used in your forensic evaluation of the evidence including the version numbers of the programs used is also important. Be sure that you are legally licensed to use the forensic software
1.5¦APPLICATION OF COMPUTER FORENSICS
System forensics is not different from any other forensic science when it comes to application. It can be applied to any activity, where other mainstream traditional forensics such as DNA mapping is used, if there has been an involvement of a system or computer in the event.
Some of the common applications of computer forensics are:-
FINANCIAL FRAUD DETECTION:-
Corporates and banks can be detect financial frauds with the help of evidence collected from systems. Also , insurance companies can detect possible fraud in accident, arson, and workmanâ„¢s compensation cases with the help of computer evidence.
CRIMINAL PROSECUTION:-
Prosecutors can use computer evidence to establish crimes such as homicides, drug and false record-keeping, financial frauds, and child pornography in the court of law.
CIVIL LITIGATION:-
Personal and business records found on the computer systems related to fraud, discrimination, and harassment cases can be used in civil litigations.
CORPORATE SECURITY POLICY AND ACCEPTABLS USE VIOLATIONS:-
A lot of computer forensic work done is to support management and human resources (HR) investigations of employee abuse.
Besides cyber crimes and system crimes, criminals use computers for other criminal activities. In such cases , besides the traditional forensics, system forensic investigation also plays a vital role.
CHAPTER 2
INVESTIGATION OF COMPUTER CRIMES
2.1¦INTRODUCTION
Cyber crime occurs when information technology is used to commit or conceal an offence. Computer crime include:-
- Financial frauds
- Sabotage of data and/or networks
- System penetration from outside and denial of service
- Unauthorized access by insiders and employee misuse of internet access privileges
- Viruses, which are the leading cause of unauthorized users gaining access to systems and networks through the internet.
2.2¦INVESTIGATION
Investigation is the process of collecting, analyzing, and recovering, evidence, and presenting, a report detailing a crime. Evidence is the key factor that determines a crime and helps prosecute the guilty in the court of law.
The investigation process consists of procedures and techniques for finding out what happened, what damage was done, and to what extend, whether the intruder is still a threat, and whether any fixes still need to be implemented. An investigation, to a great extent depends on the skill of the investigator or forensic expert.
2.3¦IMPORTANCE OF INVESTIGATION
With the increase in system and cyber crime and the uses of new tools and techniques, organizations have realized that it is not only important to prevent these crimes and protect information, but to trace the source of crime.
Tracing the footprint of a computer crime is important because:
It helps to understand the system security weaknesses:-
Investigating a computer crime helps an organization understand if the system were exploited for a weakness in the security system. For e.g. administrators need not know if an existing flaw helped someone transfer money from one bank account to another, and whether that flaw still exists.
It helps to understand security violation techniques:-
The techniques could range from implanting spyware in the systems, to recruiting internal employees to gain security information to sabotage organizations from within. An investigation might collect information such as each employeeâ„¢s involvement, and the way the crime was organized.
It helps to identify future security needs:-
These investigations also provide information on new tools that were used or are being developed. The investigations may help companies and even law-enforcement agencies discover future trends and design new tools to protect network s and information.
It helps to prosecute criminals:-
If the crime has led to financial and other losses, prosecution may be initiated against the criminals. Investigation becomes extremely important, because without it, there can be no case.

2.4¦COMPONENTS OF INVESTIGATION
An investigation has three important components. They are:-
EVIDENCE:-
Almost all types of investigation of a system crime relies on the evidence obtained from the target computer. You can collect evidence for a computer crime by analyzing digital data such as e-mails, files, and other system information. Evidence provides vital information about the crime in terms of tools and techniques that were used. E.g. information in a systemâ„¢s RAM can provide clues about the last program executed that may have been used in computer crime. Such type of evidence is volatile as compared to evidence on
paper and must be preserved. Digital evidence may include deleted files or e-mails, computer logs, spreadsheets, and accounting information. electronic data include record, file, source code, program, computer manufacturer specifications, and other information on the computer storage devices.
Digital information can take the following forms:-
- word processing documents
- personal records
- customer lists
- financial information
- e-mail via the local network or internet
- system and application logs
- voice mail transcript
- electronic scheduling system
Linking the chain of evidence:-
After evidence of a crime has been found it is important to figure out the complete sequence of activities that may have taken place during the commission of crime.
Documentation:-
It is the most important factor in investigation of system crimes. Each piece of evidence must be recorded systematically for the law, as well as for better analysis of the system. Failure to do so weakens the investigation, and the result may not be correct.
2.5¦STEPS FOR INVESTIGATION
Every investigation follows a well-defined procedure. The procedure involves the following four steps:-
COLLECTING EVIDENCE:
The first and the most important step in an investigation is collection of evidence. sAs an investigator, it is important to understand, to know, and to choose what is to be treated as evidence from the available information. The evidence varies from
situation to situation. E.g., the evidence from investigating a hard disk may be different from investigating a CD-ROM drive. It is important that the investigator is up-to date with the new technologies, and of what they can and cannot do.
You can locate digital evidence at various sources such as:-
- Workstations
- Servers
- Network attached storage
- Scanners
- Proxy server and ISP logs
ANALYZING EVIDENCE:
The second step is analyzing the evidence. it requires careful and systematic study to determine the answer to questions such as:-
- What damage was done
- Why was the damage done
- What information is there about the technique used to inflict damage
- Why this set of information serve as good evidence
Answering these questions gives you a clear picture of the extent and nature of damage.
There are different tools and techniques that are used to commit computer crime. It is important to identify the tools as well as the techniques. These provide the all important footprints of the crimes. These footprints can be evaluated later to translate them into meaningful sources of evidence. Many vulnerability software manufacturers recognize the fact that their software is also effective hacking tools, so they are designed to leave their identity traces along the path they followed, this serves as strong forensic evidence against the acts of computer crimes and criminals.
RECOVERING EVIDENCE:
There is certain evidence that is removed by computer criminals for various reasons. At times, there are changes in the evidence simply because the system was rebooted. As an investigator, you must attempt to recover all the data that
might have been tampered with, and locate the information that may be of some evidence. e.g. if some data has been deleted from the hard disk, it might be recovered to obtain more accurate information about what actually had happened.
PRESERVING EVIDENCE:
After all the evidence as been collected, it is important to preserve it, as it existed during or soon after the crime. The procedure should follow a well-deviced technique to avoid any changes in the data. Following is a checklist used to ensure that the evidence remains protected and preserved:-
- The evidence is not damaged or altered due to tools and techniques used for investigation.
- The evidence is protected from mechanical or electromagnetic damage.
- The target computer is not infected by any virus during the investigation process.
- Business operations of the organization are not affected during the investigation.
- Continuing chain of evidence is maintained.
2.6¦TYPES OF INVESTIGATION
Investigations are done on different lines under different situations. Although investigation techniques vary, they can be categorized broadly into two types:-
Physical investigation
Logical investigation
These investigations give information about the system usage patterns, including application and resource usage. This information might require application monitoring tools such as sniffers.
2.6.1¦PHYSICAL INVESTIGATION
It includes identifying or locating physical evidence, such as removal of computer hardware. Certain behavior or incident could trigger a physical investigation. Some examples are:-
- Unusual or unauthorized late hours
- Changes in the pattern of system usage
- Changes in the login system
- Making physical attempts to reach connected physical devices.
The above are some of the physical forms of malicious intent that needs to be monitored through physical investigation, such as checking the system for changes in hardware, network monitoring s/w, or asset management s/w to keep a close eye on the systemâ„¢s physical assets.
2.6.2¦LOGICAL INVESTIGATION
It can be referred as digital investigation. Logical investigation takes a look at log
files that can be used as evidence against the criminal. It requires a well designed security policy that clearly defines the process for logging information. It is important that the logs be maintained systematically. Some of the logical investigation requirements are:-
- No modifications :-
The system logs should not be modified at all. The system should remain in the same state as it was when the crime occurred or else it could lead to loss of evidence.

- Log date and time stamp:-
It is important that the date and time stamp of the log has not been changed. Otherwise this will introduce a difference when connecting evidence to the change of activity that may have occurred at time of the crime.
- Logs of the system:-
The logs of the system being investigated must be checked and studied to analyze their integrity.

- System registry:-
System registry keys must be checked to identify the authenticity of the last logged-in users and the integrity of critical files.
- forensic imaging tool:-
forensic imaging tool must be used to make multiple copy of the hard disk that have been taken for investigation. Bib-by-bit copy of the hard disk must be made so that no portion of the hard disk whether filled or empty, is left without being copied. An example of forensic imaging tool is SETBACK.
Table 2.1 shows sample of log user
RECORD 1 RECORD 2
User Id: user1 User Id: user 2
TimeL showed: 12:30:00 TimeL showed: 12:40:50
DateL showed: 22-07-2003 DateL showed: 22-07-2003
TimeS showed: 10:40:00 TimeS showed: 10:50:50
DateS showed: 22-07-2003 DateS showed: 22-07-2003
Duration: 20mins Duration: 30mins
System Id: s1 System Id: s1
Table 2.1

CHAPTER 3
COMPUTER FORENSIC TECHNOLOGY
Computer forensics tools and techniques have proven to be a valuable resource for law enforcement in the identification of leads and in the processing of computer-related evidence. Computer forensic tools and techniques have become important resources for use in internal investigations, civil law suits, and computer security risk management.
Forensic S/w tools and methods can be used to identify passwords, logons, and other information that is automatically dumped from the computer memory. Such forensic tools can be used to tie a diskette to the computer that created it. Some of the tools used are as follows:-
3.1¦TYPES OF LAW ENFORCEMENT COMPUTER FORENSIC TECHNOLOGY
3.1.1¦MIRROR IMAGE BACKUP SOFTWARE
SafeBack is a sophisticated evidence-preservation tool. It was developed primarily for processing of computer evidence. This tool has become the industry standard in the processing of computer evidence in the world.
SafeBack is used to duplicate all storage areas on a computer hard disk drive. The drive size creates no limitation for this tool. It is used to create mirror-image backups of partitions of hard-disk, which may contain multiple partitions and/or operating systems.
The back-up image files, created by SafeBack, can be written to essentially any writable magnetic storage device, including SCSI tape backup units.
PROGRAM FEATURES AND BENEFITS
- Dos based for ease of operating and speed
- Provides a detail audit trail of the backup process for evidence documentation purpose.
- Checks for and duplicates data stored in sectors wherein the sector CRC does not match the stored data.
- Copies all areas of the hard disk drive.
- Allows the archive of non-Dos and non-Windows HDD, (Unix on an Intel based computer).
- Allows for the back-up process to be made via the printer port.
- Duplicate copies of HDD can be made from HD to HD in direct mode.
- SafeBack image file can be stored as one large file or separate files of fixed sizes. This feature is helpful in making copies for archives on CDs
- Tried and proven evidence-preservation technology with a
10-year legacy of success in government agencies.
- Creates a non-compressed file that is an exact and unaltered duplicate of the original. This feature eliminates legal action against the potential alteration of evidence through compression or translation.
- Fast and efficient. Depending on the hardware configuration involved, the data transfer rate exceeds 50 million bytes per minute during the back-up process.
- Copies and restores one or more partitions containing one or more operating systems.
- Can be used accurately to copy and restore Windows NT and Windows 2000 drives in raid configuration.
- Writes to SCSI tape backup units or HDD.
3.1.2¦ANADISK DISKETTE ANALYSIS TOOL
AnaDisk turns your PC into a sophisticated diskette analysis tool. The software was originally created to meet the needs of the U.S. Treasury department.
PRIMARY USES
- Security reviews of floppy diskettes for storage
- Duplication of diskettes that are non-standard or that involve storage anamolies.
- Editing disks at a physical sector level.
- Searching for data on FDs in traditional and non-traditional storage areas.
- Formatting disks in non-traditional ways for training purpose and to illustrate data-hiding techniques.
PROGRAM FEATURES AND BENEFITS
- Dos based for ease of operation and speed
- Keyword searches can be conducted at a very low level and on disks that have been formatted with extra tracks. This feature is helpful in the evaluation of disks that may involve sophisticated data-hiding techniques.
- All dos formats are supported and many non-dos formats, (apple machintosh, unix tar, and many others. If the disk fits in the drive, it is likely that AnaDisk can be used to analyze it.
- Allows custom formatting of disks with extra tracks and sectors.
- Scans for anamolies will identify odd formats, extra tracks and extra sectors. Data mismatches concerning certain file formats are also identified when file extensions have been changed in an attempt to hide data.
- This S/w can be used to copy any disk, including most
copy-protected disks.
3.1.3¦TEXT SEARCH PLUS
TextSearch plus was specifically designed and enhanced for speed and accuracy in security reviews. It was widely used by classified government agencies and corporations that support these agencies. The s/w is also used by hundreds of law enforcement agencies throughout the world in computer crime investigations.
PRIMARY USES
- Used to find occurrences of words or strings of text in data stored in files, slack, and unallocated file space.
- Used in exit reviews of computer storage media from classified facilities.
- Used in internal audits to identify violations of corporate policy.
- Used by fortune 500 corporations, government contractors, and government agencies in security reviews and risk assessments.
- Used in corporate due diligence efforts regarding proposed mergers.
- Used to find occurrences of keywords strings of text in data found at a physical sector level.
- Used to find evidence in corporate, civil, and criminal investigation that involve computer-related evidence.
- Used to find embedded text in formatted word processing documents.
PROGRAM FEATURES AND BENEFITS
- Dos based for ease of operation and speed
- Small memory footprint, which allows the s/w to run on even the original IBM PC.
- Compact program size, which easily fits on one FDisk with other forensic s/w utilities.
- Searches files, slack, and erased space in one fast operation.
- Has logical and physical search options that maintain compatibility with government security review requirements.
- User defined search configuration feature.
- User configuration is automatically saved for future use.
- Embedded words and strings of text are found in word processing files.
- Alert for graphic files (secrets can be hidden in them)
- Alert for compressed files
- High speed operation. This is the fastest tool on the market, which makes for quick searches on huge HDDs.
- False hits donâ„¢t stop processing.
- Screen and file output.
- Government tested “ specifically designed for security reviews in classified environments.
3.1.3¦INTELLIGENT FORENSIC FILTER
This enhanced forensic filter is used to quickly make sense of nonsense in analysis of ambient computer data. This tool is so unique that process patents have been applied for with the U.S. patent office.
Filter_I relies on preprogrammed artificial intelligence to identify fragments of word processing communications, network passwords, fragments of e-mail communication, fragments of internet chat room communication, fragments of internet news group posts, encryption passwords, network log-ons, database enteries, credit card numbers, social security numbers, and the first and last name of individuals who have been listed in communication involving the subject computer. This s/w saves days in processing of computer evidence when compared to traditional methods.
PRIMARY USES
- Used covertly to determine prior activity on a specific computer.
- Used to filter ambient computer data, the existence of which the user is normally unaware of (memory dumps in slack file, window swap files, windows DAT files and erased file space).
- The ideal tool for use by corporate and government internal auditors.
- The ideal tool for use by corporate and government computer security specialists.
- The ideal tool to use for corporate, military, and law enforcement investigators.
- Perfect for covert intelligence gathering when laws permit and you have physical access to the subject computer.
PROGRAM FEATURES AND BENEFITS
- DOS- based for speed. The speed of operation is amazing.
- Automatically processes any binary data object.
- Provides output in an ASCII text format that is ready for import into any word processing application.
- Capable of processing ambient data files that are up to 2GB in size.
3.2¦TYPES OF BUSINESS COMPUTER FORENSIC TECHNOLOGY
Letâ„¢s look at the following types of business computer forensics technology:
REMOTE MONITORING OF TARGET COMPUTERS
Data interception by remote transmission (DIRT) from codex data system (CDS), Inc, is a powerful remote control monitoring tool that allows stealth monitoring of all activity on one or more target computers simultaneously from a remote command center. No physical access is necessary. Application also allows agents to remotely seize and secure digital evidence prior to physically entering suspect premises.
CREATES TRACKABLE ELECTRONIC DOCUMENT
Binary audit identification transfer (BAIT) is another powerful intrusion detection tool from CDS that allows the user to create trackable electronic documents. Unauthorized intruders who access, download, and view these tagged documents will be identified (including their location) to security personnel. BAIT also allows security personnel to trace the chain of custody and chain of commands of all who possess the stolen electronic document.
THEFT RECOVERY SOFTWARE FOR YOUR PCâ„¢s AND LAPTOPS
If your pc or laptop is stolen, is it smart enough to tell you where it is CDs has a solution: PC PhoneHome-another software application that will track and locate a lost or stolen pc or laptop anywhere in the world. It is easy to install. It is also completely transparent to the user. If your PhoneHome computer is lost or stolen, all you need to do is make a report to the local police and call CDS “ 24 hour command center. CDS™s recovery specialists will assist local law enforcement in recovery of your property.
BASIC FORENSIC TOOLS AND TECHNIQUES
The digital detective workshop from CDS was created to familiarize investigators and security personnel with the basic techniques and tools necessary for a successful investigation of internet and computer related crimes. Topics include:
- Types of computer crimes
- Cyber law basics
- Tracing e-mail to source.
- Digital evidence acquisition
- Cracking password
- Monitoring computer remotely
- Tracking online activity
- Finding and recovering hidden and deleted data
- Locating stolen computers
- Creating trackable files
- Identifying software pirates and so on.
3.3¦FORENSIC SERVICES AVAILABLE
Through forensic evidence acquisition services, CDS forensic expert can provide management with a potent arsenal on digital tools at its disposal. Services include but are not limited to:
- Lost password and file recovery
- Location and retrieval of deleted and hidden files
- File and e-mail decryption
- E-mail supervision and authentication
- Threatening e-mail traced to source
- Identification of internet activity
- Computer usage policy and supervision
- Remote PC and network monitoring
- Tracking and location of stolen electronic files
- Honeypot sting operation
- Location and identity of unauthorized SW users
- Theft recovery s/w for laptops and PCs.
- Investigative and security software creation
- Protection from hackers and viruses
CHAPTER 4
Skills Required to Conduct Forensic Computer Investigations
To conduct a forensic computer investigation, the investigator requires certain
skills, some of which we have already discussed. The following list provides
an overview of the skill s a manager should look for when deciding which
option to use for an investigation.
- Programming or computer-related experience
- Broad understanding of commonly used operating systems and
applications
- Strong analytical skills
Patience to invest days in taking computers apart in search of
evidence
- Strong computer science fundamentals
- Broad understanding of security vulnerabilities
- Strong system administrative skills
- Excellent verbal and written communication skills
- Knowledge of the latest intruder tools
- Knowledge of and experience with the latest forensic tools
- Knowledge of cryptography and steganography
- Strong understanding of the rules of evidence and evidence
handling
-The ability to be an expert witness in a court of law
4.1¦TRAINING
There are many training courses to learn the art of computer forensics.
¢eSec Limited and Foundstone Education - conduct 4 day training
courses on Incident Response and Computer Forensics.
¢Guidance Software - offers six, four day courses: EnCase Introduction to
Computer Forensics, EnCase Intermediate Analysis and Reporting , EnCase Internet
and E-Mail Examinations, EnCase EScript Programming, EnCase Prosecutor
Training, and EnCase Advanced Training . Each has a curriculum designed
to address the various skill levels of the students. Not all of these
courses are available in Australia.
¢Guidance Software “ offers the EnCase Certified Examiner (EnCE)
program. Certification is available to anyone who meets the minimum
requirements for the program. Information can be found at
http://www.guidancesoftware.com/html/ence.htm.
SUMMARY
Today computers are used in every facet of life to create messages, compute profits, transfer funds, access bank accounts, and browse the internet for good and for bad purposes. Computers have increased productivity in business, but they have also increase the likelihood of company policy abuses, government security breaches, and criminal activity. Computer forensics plays an important role in tracking such crimes and keeping them in-check.
Computer forensics involves evidence collection, various methodologies to investigate cyber crimes. It carries out various types of forensics such as disk forensics, network forensics, and system forensics.
Computer forensics uses various technologies for data recovery, monitoring a target PC, etc. These are essential components that are used to keep cyber crime under control.
CONCLUSION
Reporting of economic and cyber crime is problematic and grossly underestimated, as is estimated from the many risk associated with corporations in reporting or sharing fraud losses and activity. A uniform computer forensics crime reporting system should be developed that includes economic crimes.
The computer forensic needs and challenges can be accomplished only with the cooperation of the private, public, and international sectors. All stakeholders must be more willing to exchange information on the effect economic and cyber crime has on them and the methods they are using to detect and prevent it.
BIBLIOGRAPHY
BOOKS
1. JOHN R VACCA, COMPUTER FORENSICS, FIREWALL MEDIA
2. NIIT, UNDERSTANDING FORENSICS IN IT, PRENTICE-HALL OF INDIA PVT LTD.
WEBSITES
http://www.guidancesoftware.com/html/ence.htm
http://www.nti.com
http://www.labmice.com
http://www.sinch.com.au/articles/2000/computer forensics.html
http://www.prodiscover.com
CONTENTS
CHAPTER PAGE.NO


1. Introduction¦¦¦¦¦¦..¦¦¦¦¦¦¦¦¦¦¦¦¦1
1.1 THREATS TO THE SYSTEM
1.2 COMPUTER FORENSICS
1.3 IMPORTANCE OF SYSTEM FORENSICS
1.4 COMPUTER FORENSIC METHODOLOGY
1.5 APPLICATION OF COMPUTER FORENSICS
2. Investigation of Computer Crimes¦¦¦¦¦¦¦¦¦¦.12
2.1 INTRODUCTION
2.2 INVESTIGATION
2.3 IMPORTANCE OF INVESTIGATION
2.4 COMPONENTS OF INVESTIGATION
2.5 STEPS FOR INVESTIGATION
2.6 TYPES OF INVESTIGATION
3. Computer Forensic Technology¦¦¦¦¦¦¦¦¦¦¦¦21
3.1 TYPES OF LAW ENFORCEMENT COMPUTER FORENSIC
TECHNOLOGY
3.2 TYPES OF BUSINESS COMPUTER FORENSIC TECHNOLOGY
3.3 FORENSIC SERVICES AVAILABLE
4. Skills Required to Conduct Forensic
Computer Investigations......................................................¦...29
4.1. TRAINING
CONCLUSION¦..........................................................................32
BIBLIOGRAPHY¦¦¦¦¦¦¦¦¦¦¦¦¦¦¦..¦¦...33
CHAPTER 1

Please Use Search http://www.seminarprojects.com/search.php wisely To Get More Information About A Seminar Or Project Topic
28-02-2010, 09:50 PM
Post: #2
RE: Computer Forensics Full Download Seminar Report and Paper Presentation

.ppt  Computer forensics.ppt.ppt (Size: 185 KB / Downloads: 575)

What is Computer Forensics

Acquisition of Computer Evidence
Preservation
Analysis
Court Presentation


What constitutes digital evidence

“ Any information being subject to human intervention or not, that can be extracted from a computer.
“ Must be in human-readable format or capable of being interpreted by a person with expertise in the subject.

History & Development

¢ Francis Galton (1822-1911)
“ First definitive study of fingerprints
¢ Leone Lattes (1887-1954)
“ Discovered blood groupings (A,B,AB, & 0)
¢ Calvin Goddard (1891-1955)
“ Firearms and bullet comparison
¢ Albert Osborn (1858-1946)
“ Developed principles of document examination
¢ Hans Gross (1847-1915)
“ First treatise on using scientific disciplines in criminal investigations.

Computer Forensics examples

“ Recovering thousands of deleted emails
“ Performing investigation post employment
termination
“ Recovering evidence post formatting hard
drive
“ Performing investigation after multiple
users had taken over the system

Types of Cyber crime

¢ Unauthorized Access
¢ Denial of Service
¢ Extortion
¢ Theft
¢ Spoofing or Imposter Sites
¢ Sabotage
¢ Espionage
¢ Computer Fraud
¢ Copyright Violation
¢ Cyber terrorism
¢ Forgery and Counterfeiting
¢ Internet Fraud
¢ SEC Fraud and Stock Manipulation
¢ Child Pornography
¢ Stalking & Harassment
¢ Credit Card Fraud & Skimming
¢ Identity theft
¢ Tsunami fraud


Types of Computer Forensics

¢ Disk (data) Forensics
¢ Network Forensics
¢ Email Forensics
¢ Internet Forensics
¢ Portable Device Forensics (flash cards, PDAs, Blackberries, email, pagers, cell phones, IM devices, etc.)

Disk Forensics

Disk forensics is the process of acquiring and analyzing the data stored on some form of physical storage media.
Includes the recovery of hidden and deleted data.

Network Forensics

Network forensics is the process of examining network traffic.
After-the-fact analysis of transaction logs
Real-time analysis via network monitoring
1.Sniffers
2.Real-time tracing

Email Forensics

Email forensics is the study of source and content of electronic mail as evidence.
identifying the actual sender and recipient of a message, date/time it was sent.
Often email is very incriminating.

Tracking down the email evidence

Reading Email Headers
How to interpret Email Headers
How do I get my email program to reveal the full, unmodified email
Internet Forensics

Internet or Web forensics is the process of piecing together where and when a user has been on the Internet.
E.g., Scott Peterson,
Michael Jackson


Source Code Forensics

To determine software ownership or software liability issues.
Review of actual source code.
Examination of the entire development process
e.g., development procedures, documentation review, and review of source code revisions.

Computer Forensics evidence processing guidelines

1. Understand the suspects
2. Electronic evidence considerations
3. Secure the machine and the data
4. Examine the Live System and record open applications
5. Power down carefully
6. Inspect for traps
7. Fully document hardware configuration
8. Duplicate the hard drives
9. E-mail review



Who Uses Computer Forensics

¢ Criminal Prosecutors
“ Rely on evidence obtained from a computer to prosecute suspects and use as evidence
¢ Civil Litigations
“ Personal and business data discovered on a computer can be used in fraud, divorce, harassment, or discrimination cases
¢ Insurance Companies
“ Evidence discovered on computer can be
used to mollify costs (fraud, workerâ„¢s
compensation, arson, etc)
¢ Private Corporations
“ Obtained evidence from employee computers can
be used as evidence in harassment, fraud, and embezzlement cases
¢ Law Enforcement Officials
“ Rely on computer forensics to backup search warrants and post-seizure handling
¢ Individual/Private Citizens
“ Obtain the services of professional computer forensic specialists to support claims of harassment, abuse, or wrongful termination from employment

Computer Forensics requirements

¢ Hardware
“ Familiarity with all internal and external devices/components of a computer
“ Thorough understanding of hard drives and settings
“ Understanding motherboards and the various chipsets used
“ Power connections
“ Memory
¢ BIOS
“ Understanding how the BIOS works
“ Familiarity with the various settings and limitations of the BIOS
¢ Operation Systems
“ Windows 3.1/95/98/ME/NT/2000/2003/XP
“ DOS
“ UNIX
“ LINUX
“ VAX/VMS
¢ Software
“ Familiarity with most popular software packages
such as Office
¢ Forensic Tools
“ Familiarity with computer forensic techniques and the software packages that could be used

Future of Computer Forensics

¢ Computer forensics is now part of criminal investigations.
¢ Crimes & methods to hide crimes are becoming more sophisticated.
¢ Computer forensics will be in demand for as long as there are criminals and misbehaving people.
¢ Will attract students and law professionals who need to update their skills.
21-03-2010, 10:55 AM
Post: #3
RE: Computer Forensics Full Download Seminar Report and Paper Presentation

.ppt  Computer_ Forensics.ppt (Size: 1.12 MB / Downloads: 581)

Computer Forensics



Objectives

The Field of Computer Forensics
History of Computer Forensics
Collecting Evidence
Advantages of Computer Forensics
Disadvantages of Computer Forensics
How Computer Forensics is used by government, corporate America, and the public
Computer Forensic Companies in New Jersey
The Field of Computer Forensics
What is Computer Forensics?


Scientific process of preserving, identifying, extracting, documenting, and interpreting data on computer

Used to obtain potential legal evidence
History of Computer Forensics
Michael Anderson
Father of computer forensics
special agent with IRS

Meeting in 1988 (Portland, Oregon)
creation of IACIS, the International Association of Computer Investigative Specialists
the first Seized Computer Evidence Recovery Specialists (SCERS) classes held

Certification for Computer Investigative Specialists
CEECS (Certified Electronic Evidence Collection Specialist Certification)
Awarded to individuals who complete the CEECS regional certification course
Also awarded to individuals in the Certified Forensic Computer Examiner course that successfully pass the written test
Certification for Forensic Computer Examiner
Internal Certification Training Program
Must successfully complete two week training course offered by IACIS and correspondence proficiency problems
External Certification Testing Process
Not a training course
Testing process
Active Law Enforcement
Individuals qualified for IACIS membership
Recertification
Every three years must complete recertification process
Must be in good standing with IACIS
Complete proficiency test
Questions to ask Computer Forensic Specialists
What are their daily, weekend, after-hours rates?
Do they charge for machine time?
Ask how many forensic cases they have worked on
Ask how long they have been in the forensic business
How many cases have they done similar to yours?
Ask to see their training and certifications
Ask they if they ever testified as an expert witness
Ask them for references from previous clients
Collecting Evidence
Make Exact copies of all hard drives & disks using computer software
Date and Time stamped on each file; used for timeline
Protect the Computer system
Avoid deletion, damage, viruses and corruption
Discover files
Normal Files
Deleted Files
Password Protected Files
Hidden Files
Encrypted Files

Reveal all contents of hidden files used by application and operating system
Access contents of password protected files if legally able to do so
Analyze data
Print out analysis
Computer System
All Files and data
Overall opinion
Provide expert consultation/testimony
How Evidence is Protected
A Computer Forensic Specialist promises to:
Not delete, damage or alter any evidence
Protect the computer and files against a virus
Handle all evidence properly to prevent any future damage
Keep a log of all work done and by whom
Keep any Client-Attorney information that is gained confidential
Advantages of Computer Forensics
Ability to search through a massive amount of data

Quickly
Thoroughly
In any language
Disadvantages of Computer Forensics
Digital evidence accepted into court
must prove that there is no tampering
all evidence must be fully accounted for
computer forensic specialists must have complete knowledge of legal requirements, evidence handling and storage and documentation procedures
Disadvantages of Computer Forensics
Costs
producing electronic records & preserving them is extremely costly
Sattar vs. Motorola Inc
Presents the potential for exposing privileged documents
Legal practitioners must have extensive computer knowledge


How Computer Forensics are Used
Criminal Prosecutors
Child Pornography cases
Michael Jackson Case
Homicides
Scott Peterson Trial
Embezzlement
John Gotti, Bugsy Siegal
Financial Fraud
ENRON
Civil Litigations
Fraud
Divorce
Breach of Contract
Copy right
Insurance Companies
False Accident Reports
Workmanâ„¢s Compensation Cases

Large Corporations

Embezzlement
Insider Trading
Martha Stewart Case
Law Enforcement
Any Individual
Claims
Sexual harassment
Age discrimination
Wrongful termination from job
Background checks

Computer Forensic Services in New Jersey
Computer Forensic Services, LLC
All State Investigations, Inc.

Other Computer Forensic Services Locations in New Jersey
Conclusion

With computers becoming more and more involved in our everyday lives, both professionally and socially, there is a need for computer forensics. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system.
Bibliography


All State Investigations, Inc. January 2005 http://www.allstateinvestigation.com/Com...rvices.htm
Computer Forensics, Inc. http://www.forensics.com/
Computer Forensic Services, LLC. January 2005. http://www.computer-forensic.com/index.html
International Association of Computer Investigative Specialists. January 2005. http://www.cops.org/
Middlesex County Computer Technology. January 2005. http://www.respond.com/countyguides/1800000002/NJ/023
Virtue, Emily. Computer Forensics: Implications for Litigation and Dispute Resolutions. April 2003. http://ncf.canberra.edu.au/publications/...irtue1.pdf

Please Use Search http://seminarprojects.com/search.php wisely To Get More Information About A Seminar Or Project Topic
21-03-2010, 06:49 PM
Post: #4
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
speed detection of moving vehicles using speed cameras seminar ppt

reference: http://www.seminarprojects.com/search.php#ixzz0iodO3RNT
12-06-2010, 08:37 PM
Post: #5
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
I would like to have this topic .Please.
seminar on computer forensics
seminar report and presentation is needed
24-06-2010, 07:26 PM
Post: #6
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
Hey,
the report and ppt is posted in the previous posts of this thread! You can scroll up this page to view this.

Please Use Search http://seminarprojects.com/search.php wisely To Get More Information About A Seminar Or Project Topic
12-09-2010, 09:44 PM
Post: #7
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
please get me the full report on computer forensics
12-10-2010, 10:21 AM
Post: #8
RE: Computer Forensics Full Download Seminar Report and Paper Presentation

.pptx  COMPUTER FORENSICS.pptx (Size: 708.53 KB / Downloads: 270)
COMPUTER FORENSICS

C.U.SHAH COLLEGE OF ENGG. AND TECH.
WADHWANCITY-363030


Objectives:

Introduction of Computer Forensics
History of Computer Forensics
What is Computer Forensics?
Common Computer Forensics Cases includes.
Computer Forensics Process.
Collecting Evidence
How Evidence Protected..
Who can use Evidence?
Analysis
Reporting
22-02-2011, 08:44 PM
Post: #9
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
what is CRYPTOVIROLOGY?
03-03-2011, 02:44 PM
Post: #10
RE: Computer Forensics Full Download Seminar Report and Paper Presentation

.ppt  Computer Forensic.ppt (Size: 2.18 MB / Downloads: 193)
Computer Forensic
 Computer Forensics also called
cyber-forensics, is the detailed examination of computer systems in an investigation.
 Computer forensics involves the preservation, identification, extraction, documentation, interpretation of computer media for evidentiary, root cause analysis.
CF Scope and Characteristics
 Scope: The collection and search of specific data that will serve as acceptable evidence in a court of law.
 Computer forensics deals with:
• Storage media (e.g. hard disks),
• The examination and analysis of network logs.
 The most repeatable and scientific process.
 An expert follows a step-by-step methodology, preserving the integrity of the evidence.
Uses of Computer Forensics
 Discovering data on computer system
 Recovering deleted, encrypted, or damaged file information
 Recovering evidence post formatting hard drive.
 Performing investigation after multiple users had taken over the system.
Who Uses Computer Forensics ?
 Criminal Prosecutors
– Rely on evidence obtained from a computer to prosecute suspects and use as evidence
 Insurance Companies
– Evidence discovered on computer can be used to mollify costs (fraud, worker’s compensation, arson, etc)
 Individual/Private Citizens
– Obtain the services of professional computer forensic specialists to support claims of harassment, abuse, or wrongful termination from employment
Main Principles
 Scope: To protect the investigator, the evidence, and the accused party and his/her rights.
 Principles regarding Ethics:
−The investigator must have the authority to seize and search a computer.
−The search should have clearly defined goals.
 Principles regarding process:
−A set of rules eliminates the possibility of tampering with evidence.
Steps Of Computer Forensics
 According to many professionals, Computer Forensics is a four step process.
 Acquisition
• Physically or remotely obtaining possession of the computer, all network mappings from the system, and external physical storage devices.
 Identification
• This step involves identifying what data could be recovered and electronically retrieving it by running various Computer Forensic tools and software suites.
 Evaluation
• Evaluating the data recovered to determine if and how it could be used against the suspect for employment termination or prosecution in court.
 Presentation
• This step involves the presentation of evidence discovered in a manner which is understood by lawyers, non-technically staff , and suitable as evidence as determined by United States and internal laws.
Forensic Process
Computer Forensic Requirements

 Hardware
 Familiarity with all internal and external components of a computer.
 Thorough understanding of hard drives and settings.
 Power connections
 Memory
 BIOS
 Understanding how the BIOS works
 Familiarity with the various settings and limitations of the BIOS
 Computer Forensic Requirements (Cont)
 Operation Systems
 Windows 95/98/NT/2000/2003/XP
 DOS
 UNIX
 LINUX
 Software
 Familiarity with most popular software packages
such as Office
 Forensic Tools
 Familiarity with computer forensic techniques and the software packages that could be used
Anti-Forensics
 Software that limits or corrupts evidence that could be collected by an investigator
 Performs data hiding and distortion
 Exploits limitations of known and used forensic tools
 Works both on Windows and LINUX based systems
 In place prior to or post system acquisition
Limitations
 A forensics examination can, at best, identify the computer involved in an incident.
 Placing a specific person at that computer is extremely difficult without additional evidence.
 Finding evidence that a computer was used to access other systems, is much more difficult.
 A forensics examination that does not also involve other corroborating evidence source cannot be conclusive.
Conclusion and Future Work
 Forensics is an extremely valuable tool in the investigation of computer security incidents.
 Considerable legal issues arise when investigating computer systems.
 Intrusion Detection might support Computer Forensics in the future, and vice versa.
07-03-2011, 10:43 AM
Post: #11
RE: Computer Forensics Full Download Seminar Report and Paper Presentation

.ppt  COMPUTER FORENSICS.ppt (Size: 5.46 MB / Downloads: 243)
COMPUTER FORENSICS
INTRODUCTION

• Definition of computer forensics
• Use of Evidence
- UK Legal Guidelines
• Forensics Process
- Volatile Data
- Techniques : Cross-drive analysis, Live analysis, Deleted files
- Analysis tools : Encase, FTK, PTK forensics, The Sleuth Kit, The Coroner’s Toolkit, COFEE, Selective file dumper.
NEED OF COMPUTER FORENSIC
• Cyber Crime
• Corporations
OBJECTIVE
• Recover, analyze and prevent computer based material for use as evidence in a court of law.
• It is essential that none of the equipment or procedures used during examination of computer obviate this single requirement.
SOURCE OF DATA
• Forensic Acquisition Utilities
• TestDisk
• LiveView
• X-Way Forensic Software
• Hard drive recovery tools
 File Ripper
 Disktype
 Fatback
 File Audit Security Toolkit
 File
DATA ANALYSIS & INTERPRETATION
• The auditor can determine the objectives and is capable of identifying the organizational systems.
• The information that is requested from the organization should be sufficient, relevant, as well as reliable.
• The procedures to extract the data.
• Data is important to determine the authenticity of the data and verify the information by appropriate investigations.
• Data analysis procedures include data profiling.
FINDINGS
• People should have proper awareness of the risk of cybercrime.
• Surf the internet safely.
• Live onscreen data is seen by using forensics techniques and tools with touch screen technology.
FUTURE SCOPE
• We can easily find the criminals with proper proofs to be submitted in the court.
• We can see the live crimes to be happened in the future onscreen.
• The most important thing is that more than other technologies in IT industry computer forensics play a major role.
CONCLUSION
• Computer forensics is also called as cyberforensics.
• It is an application of computer investigation and analysis techniques to gather evidence.
• It performs a structured investigation.
• Investigators use a variety of techniques and proprietary forensic applications.
04-04-2011, 02:33 PM
Post: #12
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
COMPUTER FORENSICS
Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of preserving, recovering, analyzing and presenting facts and opinions about the information. Data lost intentionally or accidentally can be recovered with the help of data recovery experts. Computer forensic is one such type where the cause for data loss is identified.
There are many definitions of computer forensics however generally, computer forensic refers to the detail investigation of the computers to carry out the required tasks. It performs the investigation of the maintained data of the computer to check out what exactly happened to the computer and who is responsible for it. The investigation process starts from the analysis of the ground situation and moves on further to the insides of the computer’s operating system.
Computer forensic is a broader concept which is mainly related to the crimes happening in computer which is against law. Various laws have been imposed to check out the crimes but still they exist and are difficult to find the criminal due to lack of evidence. All these difficulties can be overcome with the help of computer forensics.
The main motto of computer forensic experts is not only to find the criminal but also to find out the evidence and the presentation of the evidence in a manner that leads to legal action of the culprit. The major reasons for criminal activity in computers are:
1. Unauthorized use of computers mainly stealing a username and password
2. Accessing the victims computer via the internet
3. Releasing a malicious computer program that is virus
4. Harassment and stalking in cyberspace
5. E-mail Fraud
6. Theft of company documents.
Computer forensics is rapidly becoming a science recognized on a par with other forensic sciences by the legal and law enforcement communities. As this trend continues, it will become even more important to handle and examine computer evidence properly. This field will enable crucial electronic evidence to be found, whether it was lost, deleted, damaged, or hidden, and used to prosecute individuals that believe they have successfully beaten the system. The computer forensics expert should have a great deal of knowledge of the data recovery software as well as the hardware and should possess the qualification and knowledge required to carry out the task.
23-04-2011, 12:29 PM
Post: #13
RE: Computer Forensics Full Download Seminar Report and Paper Presentation

.docx  robin.docx (Size: 266.42 KB / Downloads: 100)
CHAPTER-1
INTRODUCTION
1.1 COMPUTER FORENSICS

“Forensic computing is the process of identifying, preserving, analyzing and presenting digital evidence in a manner that is legally acceptable.”(Rodney Mckemmish 1999).
From the above definition we can clearly identify four components:-
IDENTIFYING
This is the process of identifying things such as what evidence is present, where and how it is stored, and which operating system is being used. From this information the investigator can identify the appropriate recovery methodologies, and the tools to be used.
PRESERVING
This is the process of preserving the integrity of digital evidence, ensuring the chain of custody is not broken. The data needs to preserved (copied) on stable media such as CD-ROM, using reproducible methodologies. All steps taken to capture the data must be documented. Any changes to the evidence should be documented, including what the change was and the reason for the change. You may need to prove the integrity of the data in the court of law.
ANALYSING
This is the process of reviewing and examining the data. The advantage of copying this data onto CD-ROMs is the fact it can be viewed without the risk of accidental changes, therefore maintaining the integrity whilst examining the changes
PRESENTING
This is the process of presenting the evidence in a legally acceptable and understandable manner. If the matter is presented in court the jury who may have little or no computer experience, must all be able to understand what is presented and how it relates to the original, otherwise all efforts could be futile.
Far more information is retained on the computer than most people realize. Its also more difficult to completely remove information than is generally thought. For these reasons (and many more), computer forensics can often find evidence or even completely recover, lost or deleted information, even if the information was intentionally deleted.
The goal of computer forensics is to retrieve the data and interpret as much information about it as possible as compared to data recovery where the goal is to retrieve the lost data.
1.2 WHAT IS COMPUTER FORENSICS?
Computer forensics is simply the application of disciplined investigative techniques in the automated environment and the search, discovery, and analysis of potential evidence. It is the method used to investigate and analyze data maintained on or retrieved from electronic data storage media for the purposes of presentation in a court of law, civil or administrative proceeding. Evidence may be sought in a wide range of computer crime or misuse cases. Computer forensics is rapidly becoming a science recognized on a par with other forensic sciences by the legal and law enforcement communities. As this trend continues, it will become even more important to handle and examine computer evidence properly. Not every department or organization has the resources to have trained computer forensic specialists on staff.
1.3 History of Computer Forensics
Michael Anderson
 “Father of computer forensics”
 special agent with IRS
Meeting in 1988 (Portland, Oregon)
 creation of IACIS, the International Association of Computer Investigative Specialists
 the first Seized Computer Evidence Recovery Specialists (SCERS) classes held
CHAPTER-2
NEED FOR COMPUTER FORENSICS
2.1 Purpose

The purpose of computer forensics is mainly due to the wide variety of computer crimes that take place. In the present technological advancements it is common for every organization to employ the services of the computer forensics experts. There are various computer crimes that occur on small scale as well as large scale. The loss caused is dependent upon the sensitivity of the computer data or the information for which the crime has been committed.
The computer forensics has become vital in the corporate world. There can be theft of the data from an organization in which case the organization may sustain heavy losses. For this purpose computer forensics are used as they help in tracking the criminal.
The need in the present age can be considered as much severe due to the internet advancements and the dependency on the internet. The people that gain access to the computer systems with out proper authorization should be dealt in. The network security is an important issue related to the computer world. The computer forensics is a threat against the wrong doers and the people with the negative mindsets.
The computer forensics is also efficient where in the data is stored in a single system for the backup. The data theft and the intentional damage of the data in a single system can also be minimized with the computer forensics. There are hardware and software that employ the security measures in order to track the changes and the updating of the data or the information. The user information is provided in the log files that can be effectively used to produce the evidence in case of any crime a legal manner.
The main purpose of the computer forensics is to produce evidence in the court that can lead to the punishment of the actual. The forensic science is actually the process of utilizing the scientific knowledge for the purpose of collection, analysis, and most importantly the presentation of the evidence in the court of law. The word forensic itself means to bring to the court.
The need or the importance of the computer forensics is to ensure the integrity of the computer system. The system with some small measures can avoid the cost of operating and maintaining the security. The subject provides in depth knowledge for the understanding of the legal as well as the technical aspects of computer crime. It is very much useful from a technical stand point, view.
The importance of computer forensics is evident in tracking the cases of the child pornography and email spamming. The computer forensics has been efficiently used to track down the terrorists from the various parts of the world. The terrorists using the internet as the medium of communication can be tracked down and their plans can be known.
There are many tools that can be used in combination with the computer forensics to find out the geographical information and the hide outs of the criminals. The IP address plays an important role to find out the geographical position of the terrorists. The security personnel deploy the effective measures using the computer forensics. The Intrusion Detecting Systems are used for that purpose.
2.2 Why is Computer Forensics Important?
Adding the ability to practice sound computer forensics will help you ensure the overall integrity and survivability of your network infrastructure. You can help your organization if you consider computer forensics as a new basic element in what is known as a “defense-in-depth”1 approach to network and computer security. For instance, understanding the legal and technical aspects of computer forensics will help you capture vital information if your network is compromised and will help you prosecute the case if the intruder is caught.
Two basic types of data are collected in computer forensics.
(a) Persistent data
(b) Volatile data.
2.3 Computer forensics helps the organization in the following way:-
 RECOVER DATA THAT YOU THOUGHT WAS LOST FOREVER:-
Computers systems may crash, files may be accidentally deleted, disks may accidentally be reformatted, viruses may corrupt files, file may be accidentally overwritten, disgruntled employees may try to destroy your files. All of this can lead to loss of your critical data, but computer forensic experts should be able to employ the latest tools and techniques to recover your data.
 ADVICE YOU ON HOW TO KEEP YOUR DATA AND INFORMATION SAFE FROM THEFT OR ACCIDENTAL LOSS:-
Business today relies on computers. Your sensitive records and trade secrets are vulnerable to intentional attacks from, for e.g. hackers, disgruntled employees, viruses, etc. also unintentional loss of data due to accidental deletion, h/w or s/w crashes are equally threatening. Computer forensic experts can advice you on how to safeguard your data by methods such as encryption and back-up.
 EXAMINE A COMPUTER TO FIND OUT WHAT ITS USER HAS BEEN DOING:-
Whether you’re looking for evidence in a criminal prosecution, looking for evidence in a civil suit, or determining exactly what an employee has been up to. Your computer forensics expert should be equipped to find and interpret the clues left behind.
 SWEEP YOUR OFFICE FOR LISTNENING DEVICES:-
There are various micro-miniature recording and transmitting devices available in todays hi-tech world. The computer forensic expert should be equipped to conduct thorough electronic countermeasure (ECM) sweeps of your premises.
 HI-TECH INVESTIGATION:-
The forensic expert should have the knowledge and the experience to conduct hi-tech investigations involving cellular cloning, cellular subscription fraud, s/w piracy, data or information theft, trade secrets, computer crimes, misuse of computers by employees, or any other technology issue.
25-04-2011, 01:32 AM
Post: #14
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
hey hi,
thanx man...
it was jst awesome...u really saved me....
thanx...thanx...a lot......SmileHeartSmile

Ashu-"Prince of my own Kingdom"
30-04-2011, 04:21 PM
Post: #15
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
hey man... love this thread. thanks for coming in here...i love this forum. Great info and great pipol are here. thanks!!
23-06-2011, 07:10 PM
Post: #16
Rainbow RE: Computer Forensics Full Download Seminar Report and Paper Presentation
22-01-2012, 06:13 PM
Post: #17
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
plz give me latest information abt dis
23-01-2012, 11:14 AM
Post: #18
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
to get information about the topic STARFAST: a Wireless Wearable EEG full report,ppt, related topic refer the link bellow
http://www.seminarprojects.com/Thread-di...ull-report

http://www.seminarprojects.com/Thread-co...ion?page=1

http://www.seminarprojects.com/Thread-co...ion?page=2

http://www.seminarprojects.com/Thread-co...ion?page=3


04-02-2012, 12:29 AM
Post: #19
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
my presentation in next week on computer forensics.
please help us
04-02-2012, 09:58 AM
Post: #20
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
to get information about the topic Computer Forensics full report ,ppt and related topic refer the link bellow

http://www.seminarprojects.com/Thread-co...esentation

http://www.seminarprojects.com/Thread-co...-forensics

http://www.seminarprojects.com/Thread-di...ull-report

http://www.seminarprojects.com/Thread-co...sics--1160
24-02-2012, 01:10 PM
Post: #21
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
i need seminar report and ppt on APPLAUS....pls send me soon......
25-02-2012, 11:33 AM
Post: #22
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
to get information about the topic computer forensics full report ppt and related topic refer the link bellow

http://seminarprojects.com/Thread-comput...esentation

http://seminarprojects.com/Thread-computer-forensics

http://seminarprojects.com/Thread-comput...ion?page=3

http://seminarprojects.com/Thread-comput...ion?page=4

http://seminarprojects.com/Thread-comput...ion?page=5
01-03-2012, 11:20 AM
Post: #23
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
to get information about the topic Computer Forensics full report ,ppt and related topic refer the link bellow

http://www.seminarprojects.com/Thread-co...esentation

http://www.seminarprojects.com/Thread-co...-forensics

http://www.seminarprojects.com/Thread-di...ull-report

http://www.seminarprojects.com/Thread-co...sics--1160
12-04-2012, 12:46 AM
Post: #24
RE: Computer Forensics Full Download Seminar Report and Paper Presentation
using web security scanners to detect vulnerabilities in web services ppt
18-04-2012, 11:28 PM
Post: #25
Photo RE: Computer Forensics Full Download Seminar Report and Paper Presentation
jskefrrjtkjrekjtkrjekthtjkdrtjrdhttkrdhtjrdhtrdtdrhdrjhtgdrtdrtjkdhtrdhtkdrhthdkrdrhjrhjrhrjh
Rating Computer Forensics Full Download Seminar Report and Paper Presentation Options
Share Computer Forensics Full Download Seminar Report and Paper Presentation To Your Friends :- Seminar Topics Bookmark
Post Reply 

Marked Categories : forensic s, technichal seminor datarecoverywith document, presentation on cyber forensics, seminar computer forensics, mobile phone forencics seminar report, cyber crime presentation, seminar report on computer forensics, computer forensics report, computer forensics seminar report, paper presentation on cyber crime, technical seminar on computer forensics, report on computer forensics, computer foremsics, seminar topics on use of computer engineering in forensics, paper presentation abstracts download, seminar on computer forensics, forensics for private investigation on computerscience in ieee 2011 paper, cybermethodology, computer forensics project report,

[-]
Quick Reply
Message
Type your reply to this message here.


Image Verification
Image Verification
(case insensitive)
Please enter the text within the image on the left in to the text box below. This process is used to prevent automated posts.

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
Tongue Biometrics (Download Full Report And Abstract) computer science crazy 77 20,710,872 19-07-2016 12:51 PM
Last Post: jaseela123
  underwater wireless communication full report project topics 19 36,484 16-07-2016 04:10 PM
Last Post: dhanabhagya
Star VOIP (Download Full Report And Abstract) computer science crazy 26 7,397,132 14-07-2016 04:27 PM
Last Post: anasek
  PROJECT REPORT ON SHADOWY LEAPING LIZARD seminar projects maker 4 1,181 23-05-2016 10:16 AM
Last Post: dhanabhagya
  xMax : Seminar Report and PPT seminar projects maker 2 502 17-05-2016 09:39 AM
Last Post: dhanabhagya
  Network Security And Firewalls ( Download Full Seminar Report ) computer science crazy 11 317,283 12-05-2016 09:51 AM
Last Post: dhanabhagya
  OBJECT TRACKING AND DETECTION full report project topics 10 14,969 09-05-2016 02:35 PM
Last Post: mkaasees
  ATM WITH AN EYE FULL REPORT study tips 1 2,160 11-04-2016 11:18 AM
Last Post: mkaasees
Photo voice morphing (Download Full Report And Abstract) computer science crazy 34 11,951,457 06-04-2016 03:24 PM
Last Post: dhanabhagya
  Seminar On 3D Internet ppt seminar post 1 943 06-04-2016 12:50 PM
Last Post: mkaasees
This Page May Contain What is Computer Forensics Full Download Seminar Report and Paper Presentation And Latest Information/News About Computer Forensics Full Download Seminar Report and Paper Presentation,If Not ...Use Search to get more info about Computer Forensics Full Download Seminar Report and Paper Presentation Or Ask Here

Options: