Scribd
Upload
9 views20 pages

Computer Forensics: Scope and Myths

This document discusses the scope and importance of computer forensics in cyber security, highlighting its role in retrieving and analyzing digital evidence for civil and criminal investigations. It addresses common misconceptions about computer forensics, clarifying its distinction from computer security and its application beyond just computer crimes. Additionally, it introduces Locard's exchange principle, emphasizing the significance of physical evidence in investigations.

Uploaded by

vithack28
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
9 views20 pages

Computer Forensics: Scope and Myths

This document discusses the scope and importance of computer forensics in cyber security, highlighting its role in retrieving and analyzing digital evidence for civil and criminal investigations. It addresses common misconceptions about computer forensics, clarifying its distinction from computer security and its application beyond just computer crimes. Additionally, it introduces Locard's exchange principle, emphasizing the significance of physical evidence in investigations.

Uploaded by

vithack28
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

19CSCN1701 – Cyber Security

(UNIT 3 - Session 5)

UNIT 3 : Cyber Safety and Scope of Computer Forensics


TOPIC : Scope of Computer Forensics

Mr. K. PRABHU
Assistant Professor/CSE
UNIT 3

Course Outcome : Discuss Cyber Safety for students and scope & laws of
Computer Forensics for Cyber Security Professionals
Session Outcome : At the end of this session the students will be able to
Understand the Scope of Computer Forensics

Cyber Security 2
Recap of Previous Session

online transaction fraud

How you can protect yourself ?

Safeguards for Social Networking Profiles

Common cyber threats related to social media networks

19CSCN1701 - Cyber Security 3


Scope of Computer Forensics:
1. Introduction
2. Types of Evidence
3. Investigator skills
4. Importance
5. History of Computer Forensics
6. Law Enforcement Training

19CSCN1701 - Cyber Security 4


Introduction

• Computer forensics is the retrieval, analysis, and use


of digital evidence in a civil or criminal investigation.
Ironically, computer forensics is not limited to computers
as the source of evidence.

• Any medium that can store digital files is a potential


source of evidence for a computer forensics
investigator. Therefore, computer forensics involves the
examination of digital files.
19CSCN1701 - Cyber Security 5
Introduction
• Computer forensics is a science because of the accepted practices
used for acquiring and examining the evidence and its admissibility
in court.

• Additionally, the tools used to retrieve and analyze digital evidence


have been subjected to scientific testing over many years.

• In fact, the word forensics means “to bring to court.” This


definition infers that digital evidence used in an investigation needs
to be retrieved, handled, and analyzed in a forensically sound
manner.

19CSCN1701 - Cyber Security 6


Introduction

• Forensically sound means that, during the acquisition of digital evidence and
throughout the investigative process, the evidence must remain in its
original state.
• Moreover, everyone who has been in contact with the evidence must be
accounted for and documented in the Chain of Custody form .
• The use of computer forensics is sometimes used as incriminating evidence
in criminal cases and is often referred to as inculpatory evidence .
However, digital evidence can be used as exculpatory evidence , or
evidence used to prove the innocence of a defendant.

19CSCN1701 - Cyber Security 7


Popular Myths in Computer forensics
• Many people think that computer security and computer forensics are the same, but
they are not. This is one of several misconceptions about computer forensics.
Myth 1: Computer Forensics Is the Same As Computer Security
Computer security is proactive protecting computers and their data from being
stolen or being misused.
Conversely, computer forensics is reactive a crime has been committed, and digital
evidence may be the key to solving a crime and convicting a criminal.
Nevertheless, computer forensics can complement computer security, particularly
in the area of incident handling.
Note, however, that the National Academy of Sciences has identified digital
forensics as a subset of cybersecurity

19CSCN1701 - Cyber Security 8


Popular Myths in Computer forensics

Myth 2: Computer Forensics Is about Investigating Computers

• How any device that stores files can be a medium for computer forensics
investigators to examine.

• For example, a compact disc (CD) is not a computer but may contain
important digital evidence.

19CSCN1701 - Cyber Security 9


Popular Myths in Computer forensics
Myth 3: Computer Forensics Is about Investigating Computer Crime
A popular misconception is that computer forensics is used only for solving computer
crime or cybercrime. While this may be true, computer forensics is often equally
important in murder , embezzlement , and corporate espionage investigations.
On April 16, 2007, Seung-Hui Cho killed 32 people and wounded many more on the
campus of Virginia Polytechnic. He subsequently committed suicide. Computer forensics
investigators examined Cho’s computer to reconstruct the events that led up to the murder
investigation.
They investigated his email account, Blazers5505@[Link], and his user activity on
eBay , with the username blazers5505. Computer forensics investigators were able to
assess who Cho was communicating with and what he was searching for and purchasing
online.

19CSCN1701 - Cyber Security 10


Popular Myths in Computer forensics

Myth 3: Computer Forensics Is about Investigating Computer Crime

Examiners also investigated his cellular telephone. One of the reasons for
the rapid response by computer forensics examiners was to quickly ascertain
whether Cho had an accomplice in this sordid act.

When federal agents searched Enron offices in late 2001, they found that
employees had been shredding a large number of documents.

Computer forensic examiners were needed to retrieve evidence from


computer hard drives. The amount of digital data recovered was estimated
to be equivalent to 10 times the size of the Library of Congress.

19CSCN1701 - Cyber Security 11


Popular Myths in Computer forensics
Myth 4: Computer Forensics Is Really Used to Resurrect Deleted File
The primary purpose of computer forensics is to retrieve and analyze files with
computer forensics hardware and software, utilizing a scientific methodology that
is acceptable in a court of law.
Computer forensics goes well beyond the ability to resurrect deleted files; numerous
other files that are not easily accessible can be retrieved using computer forensics
tools.
Additionally, computer forensic analysis tools have highly effective search and
filtering capabilities. Moreover, many professional tools provide password-cracking
and decryption tools.
AccessData’s FTK and its Password Recovery Toolkit(PRTK) provide these
capabilities.

19CSCN1701 - Cyber Security 12


Definition of Computer forensics:
 Computer forensics is a field of technology that uses
investigative techniques to identify and store evidence from
a computer device
 computer forensics is used to find uncover evidence that
could be used in a court of law
 Computer forensics also includes areas outside of
investigations

19CSCN1701 - Cyber Security 13


19CSCN1701 - Cyber Security 14
Evidences in Computer forensics

Inculpatory Evidence :

Computer forensics is sometimes used as incriminating the evidence in


criminal cases

Exculpatory Evidence :

Digital evidence is used as a Exculpatory Evidence or sometimes


evidence is used to prove the innocent of defendant

19CSCN1701 - Cyber Security 15


Locards exchange principle

[Link] Locard, forensics scientist, developed a theory “Transfer of


Evidence”, the premises was whenever a criminal comes into contact with
his environment, A cross transference of evidence occurs Wherever he steps ,
whatever he touches , whatever he leaves will serve as silent witness against
criminal.

Not only finger prints or foot prints, his hair , class he breaks, fibers from his
clothes, the tool mark he leaves, the paint he scratches, the blood or semen
he deposits or collected. All of these are more bear mute victims against
him.

19CSCN1701 - Cyber Security 16


Locards exchange principle

 It is a factual evidence, physical evidence cannot be wrong it is perjure


itself, only human failure to find it, study and understand it can diminish
its value Where the investigator must be conscious of the entire
environment that the criminal has been in contact
 Investigator focus on a laptop found inside an apartment but to also think
about connections from the laptop, including router connections and also
external hard drives.

19CSCN1701 - Cyber Security 17


Locards exchange principle

 Thumb drives or CD s are also important evidence, login id and


password can be written in any small Size paper might be critical to
access suspects system files and Email
 A TiVo box which is used to store television shows it is also important
evidence, Guidance software's most recent version of Encase Software is
used to imaging and analyzing the content in the TiVo box. Encase is bit
stream imaging tool, it will produce bit for bit copy of original media,
including files marked for deletion.

19CSCN1701 - Cyber Security 18


Summary

• Learned about Computer forensics

• Myths in Computer Forensics

• Locards exchange principle

19
References

• Dr. Darren R. Hayes A Practical Guide to Computer

Forensics Investigations Pearson 2014

20

You might also like