INTELLIGENCE LEARNING

BCC301 / BCC401/ BCC301H / BCC401H

CYBER SECURITY
UNIT 4 ONE SHOT
UNDERSTANDING COMPUTER
FORENSICS

INTELLIGENCE LEARNING
LIKE, SHARE, COMMENT & SUBSCRIBE
 INTELLIGENCE LEARNING

SYLLABUS
UNDERSTANDING COMPUTER FORENSICS:
Introduction, Digital Forensics Science, The Need for
Computer Forensics, Cyber forensics and Digital
Evidence, Forensics Analysis of E-Mail, Digital
Forensics Life Cycle, Chain of Custody Concept,
Network Forensics, Approaching a Computer
Forensics Investigation. Forensics and Social
Networking Sites: The Security/Privacy Threats,
Challenges in Computer Forensics.
LIKE, SHARE, COMMENT & SUBSCRIBE
 INTELLIGENCE LEARNING
Introduction to Digital Forensics
Digital forensics means finding out what happened on digital devices (like computers,
phones, or tablets) when something wrong or illegal happened like hacking, stealing
data, or cyber bullying. Experts collect and study data from these devices to solve
crimes or help in court.

What is Digital Forensics Science?

Digital Forensics Science is like being a detective for computers and digital devices. It
adheres to strict legal and ethical guidelines to ensure that the evidence is admissible
in court.
Key Phases of Digital Forensics Science
1. Identification – Recognizing potential evidence sources.
2. Preservation – Safeguarding and isolating data to prevent tampering.
3. Collection – Gathering relevant digital information.
4. Examination – Extracting and analyzing data.
5. Analysis – Drawing conclusions from the digital data.
6. Presentation – Reporting findings in a clear, legally acceptable format.

LIKE, SHARE, COMMENT & SUBSCRIBE

 INTELLIGENCE LEARNING
The Need for Computer Forensics
As society becomes more digitally dependent, crimes involving
computers have surged. We need computer forensics because many
crimes now happen online or using computers. There is a strong need
for computer forensics to:

 Investigate cybercrimes (e.g., hacking, identity theft, phishing).

 Detect unauthorized access or data breaches.
 Monitor insider threats and corporate espionage.
 Support legal investigations with digital evidence.
 Catch cybercriminals.
 Find out how a crime happened.
 Show proof in court.
 Protect personal or company information.

LIKE, SHARE, COMMENT & SUBSCRIBE

 INTELLIGENCE LEARNING
Cyber Forensics
Cyber forensics is a subfield of digital forensics focused on crimes committed via the
internet, such as cyber terrorism, online fraud, hacking, and cyber stalking. This is a
part of digital forensics that deals with crimes on the internet. It includes tracing IP
addresses, analyzing network logs, and retrieving data from cloud systems.

Digital Evidence
Digital evidence is any proof stored in digital form. Digital evidence refers to any data
stored or transmitted using digital devices that can be used in court. It includes:
Emails, chat logs, and browsing history.
Documents, images, videos.
Metadata and timestamps.
Network traffic and system logs.
Properties of Digital Evidence:
Volatile – Can be easily altered or erased.
Easily duplicated – Needs proper validation methods (hashing).
Legally sensitive – Must follow the chain of custody and admissibility rules.

LIKE, SHARE, COMMENT & SUBSCRIBE

 INTELLIGENCE LEARNING
What is E-Mail Forensic Analysis?
E-mail forensic analysis is the process of examining emails to find evidence of
cybercrime, fraud, harassment, or unauthorized access.
It helps investigators track the sender, analyze the message, and check attachments
for malware or fake information.
Steps in E-Mail Forensic Analysis
1. Email Collection:- The first step is to collect the email that needs investigation.
Emails can be collected from Inbox or sent items, Email servers (like Gmail, Outlook).
Tools may be used to export emails without changing the original content.
2. Preservation of Evidence:- The email is saved in a read-only format to avoid
tampering.
Investigators create a hash value (a digital fingerprint) to ensure the data is not
changed. Chain of custody is maintained (record of who accessed the email and
when).
3. Header Analysis:- Every email has a header (hidden part) that shows technical
details like:
Sender’s IP address
Email servers used
Time and date stamps
LIKE, SHARE, COMMENT & SUBSCRIBE
This helps investigators track where the email came from.
 INTELLIGENCE LEARNING
4. Body and Content Analysis :- The message body is checked for Threats,
blackmail, or abusive language, Links to phishing websites, Social engineering
tricks (fake login pages, etc.), Spelling patterns to detect fake emails.
5. Attachment and URL Analysis:- Any files attached to the email (PDFs, Word
docs, etc.) are Scanned for viruses or malware, Checked for hidden data
(steganography or metadata)
6. Metadata Examination :- Metadata means data about the email, like: Who
created it,When it was last edited, Device and software used. This helps
identify who actually wrote the email.
7. IP Tracing:- The IP address from the email header is used to Find the
sender’s location, Identify the internet service provider (ISP) used, Know
whether a proxy or VPN was used.
8. Reporting:- After analysis, a detailed forensic report is made which includes
Summary of findings, Evidence with screenshots, Tools used, Conclusion (e.g.,
email was spoofed, malware found, etc.). This report can be submitted in
court as digital evidence.

LIKE, SHARE, COMMENT & SUBSCRIBE

 INTELLIGENCE LEARNING
Digital Forensics Life Cycle
The Digital Forensics Life Cycle is a series of steps followed by investigators to handle and
examine digital evidence properly, from start to finish.
Main Stages of the Digital Forensics Life Cycle:
1. Identification:- Officers can Detect and recognize the incident or crime to Find out digital
device or evidence (computer, phone, server) may contain evidence.
2. Collection:- Gather and collect data from devices, cloud storage, or network without altering
it such as files, emails, log files, or messages.
3. Preservation:- Protect the digital evidence from being changed, deleted, or damaged and
they ensure the evidence remains in its original form.
Example:- Take a copy of the hard drive and lock the original in a secure place.
4. Examination:- Use forensic tools to search, recover, and filter useful data andFind hidden,
deleted, or encrypted information.
Example:- Recover deleted chats or hidden folders.
5. Analysis:- Understand and interpret the evidence. Find out what happened, when, how, and
who was involved.
6. Documentation:- It is a detailed Documentation to Keep records of every step taken what
tools were used, what was found, etc. Create a clear and legal report.
7. Presentation:- They Can Present evidence and report to courtroom, meeting, or legal report.
LIKE, SHARE, COMMENT & SUBSCRIBE
Explain the evidence in a way everyone can understand (lawyers, judges, etc.).
 INTELLIGENCE LEARNING
Chain of Custody
Chain of Custody is the process of keeping a clear and complete record of who collected,
handled, stored, and used digital evidence during an investigation. It ensures that the evidence
is not changed, damaged, or lost from the time it is found until it is used in court. Every person
who touches the evidence must write down when and how they received it, and where it is
stored. This helps prove that the evidence is real and trustworthy, and it hasn't been tampered
with. If the Chain of Custody is broken or not recorded properly, the evidence may not be
accepted in court.
Network forensics
Network forensics is the process of monitoring and analyzing computer network traffic to
detect and investigate cybercrimes. It helps find out what happened during a cyberattack by
looking at the data that moved through the internet or a local network. For example, if
someone hacks into a system or sends a virus, network forensics experts can track where the
attack came from, what data was accessed, and how the attack was carried out. This is done by
capturing data packets (small units of internet data) and examining things like IP addresses,
login attempts, and suspicious downloads. It is very helpful in detecting hacking, phishing, DDoS
attacks, and data theft. Tools like Wireshark or Snort are often used to collect and study this
information. Network forensics plays an important role in improving cybersecurity and
collecting digital evidence for investigations.

LIKE, SHARE, COMMENT & SUBSCRIBE

 INTELLIGENCE LEARNING

LIKE, SHARE, COMMENT & SUBSCRIBE

 INTELLIGENCE LEARNING
Forensics and Social Networking Sites
Social media forensics involves collecting and analyzing digital evidence from social
networking sites like Facebook, Instagram, WhatsApp, Twitter, and LinkedIn to investigate
crimes, misconduct, or data leaks.
Security and Privacy Threats on Social Media
1. Data Theft:- Personal details like name, address, date of birth, and photos can be stolen
and misused.
2. Fake Profiles:- Criminals create fake accounts to scam, harass, or trap people.
3. Cyber bullying and Harassment:- Abusive messages, threats, or blackmail through posts
or DMs.
4. Phishing Attacks:- Trick users into clicking fake links to steal passwords or credit card
info.
5. Image Misuse and Identity Theft:- Photos and videos can be downloaded and used for
fake identity or deep fakes.
6. Data Breaches by Platforms:-Sometimes the platform itself may leak data or get
hacked.
Forensics on Social Media Involves:
• Retrieving deleted messages or posts.
• Tracking IPs and login activity.
• Analyzing friend lists, chats, shares, and likes.
• LIKE, SHARE, COMMENT & SUBSCRIBE
Collecting evidence legally to be used in court.
 INTELLIGENCE LEARNING
Challenges in Computer Forensics

1. Data Volume:- Computers store huge amounts of data. It takes time and powerful tools to
search and analyze it all.
2. Encryption and Password Protection:- Suspects may use strong passwords or encryption to
lock files. Cracking them takes time and advanced tools.
3. Cloud and Remote Storage:- Data stored in Google Drive, Dropbox, etc., may be hard to
access without proper permission.
4. Anti-Forensic Tools:- Criminals use software to delete or hide files. Some tools erase data
permanently or create fake trails.
5. Legal and Jurisdiction Issues:- Data may be stored in a different country. Each country has
different laws, making access and investigation difficult.
6. Rapidly Changing Technology:-New apps, file formats, and storage types keep coming.
Forensic experts must constantly learn and update tools.
7. Chain of Custody Risks:- If digital evidence is not handled properly, it may become invalid in
court.

LIKE, SHARE, COMMENT & SUBSCRIBE

 INTELLIGENCE LEARNING

THANK YOU FOR WATCHING

DO LIKE SHARE COMMENT AND SUBSCRIBE

LIKE, SHARE, COMMENT & SUBSCRIBE