Computer Forensics in todays world Flashcards
What is Computer Forensics?
A set of methodological procedures and techniques that help identify, gather, preserve, extract, interpret, document, and present evidence from computers in a way that is legally admissible.
Objectives of Computer Forensics include:
- Identify, gather, and preserve the evidence of a cybercrime
- Track and prosecute the perpetrators in a court of law
- Interpret, document and present the evidence to be admissible during prosecution
- Estimate the potential impact of a malicious activity on the victim and assess the intent of the perpetrator
- Find vulnerabilities and security loopholes that help attackers
- Understand the techniques and methods used by attackers to avert prosecution, and overcome them
- Recover deleted files, hidden files, and temporary data that could be used as evidence
- Perform incident response to prevent further loss of intellectual property, finances and reputation during an attack
What is Cyber Crime?
is defined as any illegal act involving a computing device, network, its systems, or its applications. There are Internal & External attacks.
Civil
brought for violation of contracts and lawsuits where a guilty outcome generally results in monetary damages to the plaintiff
Criminal
brought by law enforcement agencies in response to a suspected violation of law where a guilty outcome may result in monetary damages, imprisonment, or both
Administrative
non-criminal in nature and are related to misconduct or activities of an employee
Rules of Forensics Investigation
- Limited access to and examination of the original evidence
- Record all changes made to any evidence files
- Create an evidence chain of custody document for tracking ALL access to evidence
- Set standards for investigating all evidence and follow/comply with them
- Hire professionals for analysis of evidence if special skill sets are required
- Evidence should be strictly related to the incident
- The evidence should comply with all jurisdiction standards
- Document the procedures applied to all evidence
- Securely store all evidence
- Use recognized and appropriate tools for analysis
Cyber Crime Investigation Methodology/Steps:
- Identify the computer crime
- Collect preliminary evidence
- Obtain court warrant for discovery/seizure of evidence (if required)
- Perform first responder procedures
- Seize evidence at the crime scene
- Transport evidence to the lab
- Create two bit stream copies of the evidence
- Generate MD5 checksum of the images
- Maintain chain of custody
- Store original evidence in secure location
- Analyze the image copy for evidence
- Prepare a forensic report
- Submit report to client
- Testify in court as an expert witness (if required)
Corporate Investigations / Enterprise Theory of Investigation (ETI)
A methodology for investigating criminal activity. It adopts a holistic approach toward any criminal activity as a criminal operation rather than as a single criminal act.
Locard’s Exchange Principle
anyone or anything, entering a crime scene takes something of the scene with them, and leaves something of themselves behind when they leave.
