digital forensics n.
Skip this Video
Loading SlideShow in 5 Seconds..
Digital Forensics PowerPoint Presentation
Download Presentation
Digital Forensics

Digital Forensics

182 Views Download Presentation
Download Presentation

Digital Forensics

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Digital Forensics Brett Garrison

  2. Quick Facts • More than 90% of today’s information is created and stored or processed electronically. • More than 70% are never printed or produced into a hard copy • Information can be erased, moved around, or hidden with ease. • A good forensic examiner can restore or find this missing information.

  3. Using computer science to aid in the legal process and to conduct investigations. Gathering data for evidence Aid police investigations Recover data Provide testimony in court Gather any other information that can be found on a digital or electronic media. Information gathered can be audio, video, or graphical. Definition

  4. Computer systems PDAs Cell phones USB drives CD-ROMs Laptops Any other storage media Devices

  5. Property disputes Contract disputes Fraud or embezzlement Wrongful termination Sexual harassment suits Medical malpractice When is digital forensics used?

  6. What do they do? • Forensics experts extract both visible and invisible computer data. • More than simply data recovery: • Locate data throughout the system • Recover data • Responsible for maintaining the integrity of the information found, preventing damage, data corruption, or virus exposure. (All data must be acceptable for use in a court of law.) • Results of forensic investigation must be reproducible in such a way that the information is authenticated and reliable • Work closely with law enforcement, government officials, and attorneys. • Must be well-versed in relevant case law.

  7. A skilled forensic worker can recover all of the files on a computer or storage device. Active files Invisible files Deleted but remaining files Hidden files Encrypted files Pass-word protected files Most information that is gathered is undetectable or unviewable to the average computer user. Data Recovery

  8. Data Recovered • Digital forensic practitioners are generally concerned with three types of data: • Active data: information that is readily available and easily accessed on the computer. Ex: Programs, files, and other data used by the operating system. • Archival data: data that has been backed up and stored. Ex: hard disks, cd’s, USB drives • Latent or Ambient data: data that requires special tools or skills to retrieve. Ex: data that has been overwritten or deleted

  9. Steps for Investigating an Electronic Device Step 1 • All files that have been deleted or have not yet been overwritten are recovered. • Computers constantly write data to the hard drive when in use. The operating system over writes data on the hard drive that is no longer needed or used. • This data can be retrieved if not completely overwritten.

  10. All data found in special or inaccessible areas of the device are analyzed. Areas of disk that are not currently in use, but have had data previously stored on them. Slack Space- unused space at end of file where previously created information could be stored Step 2

  11. Final Step • Report the analysis of the device or system • Provide copies of data collected • Arranged into support for legal theories or strategies. • Often provide expert testimony or advice when necessary.

  12. Light analyzers Tools that analyze lighting allow forensics practitioners to determine if a photo has been tampered with Win Hex Data Recovery Microsoft Log Parser Extract information of almost any format PMDump Dumps memory contents of a process into a file without stopping the procedure (Windows). Tools Used

  13. Chandra Levy Last seen alive on April 23, 2001 Digital forensics lead to the discovery that someone had conducted an internet search for Rock Creek Park’s Klingle Mansion, near Washington, D.C. Police scoured the area and a man walking his dog found Levy’s remains on May 22, 2002, approximately one year later, confirming that the case was in fact a homicide. Famous Cases Solved with Digital Forensics

  14. Dennis Rader Known as BTK killer in Wichita, KS area. Murdered 10 people between 1974 and 1991. Communicated with police through letters for years. Sent a message on a floppy disk in February 2005. Examination of the disk’s properties revealed the words “Dennis” and “Christ Lutheran Church.” DNA tests confirmed him a match and he was arrested 9 days later. Rader was planning his first murder since 1991. Famous Cases

  15. Conclusion • Digital forensics is a very high tech field • Can be expensive • Has immense potential in law enforcement, and especially in the future of law enforcement. • Field grows in leaps and bounds every day.

  16. Sources • • • •

  17. Questions?