Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael JonesDigital Forensic Investigations2.

Slides:



Advertisements
Similar presentations
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Advertisements

Computer Forensics.
Computer Forensics BACS 371
COEN 252 Computer Forensics
Pinpoint Labs Software Presented by: Jonathan P. Rowe President and CEO Certified Computer Examiner Member: The International Society of Forensic Computer.
Evidence Collection & Admissibility Computer Forensics BACS 371.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Guide to Computer Forensics and Investigations, Second Edition
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
BACS 371 Computer Forensics
Guide to Computer Forensics and Investigations Fourth Edition
Computer & Network Forensics
Guide to Computer Forensics and Investigations Third Edition
COS/PSA 413 Day 16. Agenda Lab 7 Corrected –2 A’s, 1 B and 2 F’s –Some of you need to start putting more effort into these labs –I also expect to be equal.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
Applying Digital Forensic techniques to AIM Gareth Knight, FIDO Project Manager Anatomy Theatre & Museum, King’s College London 15 th August 2011.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.
July 9, National Software Reference Library Douglas White Information Technology Laboratory July 2004.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
11 Games and Content Session 4.1. Session Overview  Show how games are made up of program code and content  Find out about the content management system.
Guide to Computer Forensics and Investigations Fourth Edition
Phases of Computer Forensics 1 Computer Forensics BACS Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,
Computer Forensics Additional Notes 1. Acknowledgments Dr. David Dampier and the Center for Computer Security Research (CCSR) I downloaded this series.
Digital Crime Scene Investigative Process
Introduction to Computer Forensics and Hashing 1.
File Structures Foundations of Computer Science  Cengage Learning.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
1 IT Investigative Tools Tools and Services for the Forensic Auditor.
Chapter 11 File Systems and Directories. 2 File Systems File: A named collection of related data. File system: The logical view that an operating system.
Guide to Computer Forensics and Investigations Fourth Edition
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
Investigation of a USB Storage Device (FAT16)
Chapter 9 Computer Forensics Analysis and Validation Guide to Computer Forensics and Investigations Fourth Edition.
Confidentiality Confidentiality is maintained so long as private keys are secure. Authenticity is possible via public-key encryption by encrypting messages.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Chapter 14: Files and Streams. 2Microsoft Visual C# 2012, Fifth Edition Files and the File and Directory Classes Temporary storage – Usually called computer.
CE Operating Systems Lecture 17 File systems – interface and implementation.
Selective and Intelligent Imaging Using Digital Evidence Bags.
Files Chapter 4.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
OPERATING SYSTEMS Frans Sanen.  Analyze a FAT file system manually  FAT12 first and simplest version  Still used on smaller disks (e.g. floppies) 
2007/5/ Digital Forensic Research Workshop (DFRWS) New Orleans, LA 1 Data Hiding in Journaling File Systems Knut Eckstein, Marko Jahnke 報告人:陳晉煒.
Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA Search.
Chapter 11 File Systems and Directories. 2 File Systems (Chapter 11.1) File: 1. A named collection of related data. 2.smallest amount of information that.
Digital Forensics. Hardware components Motherboard Motherboard System bus System bus CPU CPU ROM ROM RAM RAM HDD HDD Input devices Input devices Output.
Mobile Device Collection More Than Just a Phone. More than just a phone… Cell phone Address book Planner & Organizer Messenger Photo & Video camera GPS.
Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.
MANAGEMENT OF STEGANOGRAPHY OLALEKAN A. ALABI COSC 454.
Forensic Investigation Techniques Michael Jones. Overview Purpose People Processes Michael Jones2Digital Forensic Investigations.
Triage and Analysing Large Numbers of Files Michael Jones.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
Analysing Image Files Michael Jones. Overview Images and images Binary, octal, hexadecimal File headers and footers Example (image) files Looking for.
Pass4itsure Cisco Dumps
Computing Science Computer Structure: Lesson 1: Processor Structure
Creighton Barrett Dalhousie University Archives
Guide to Computer Forensics and Investigations Fifth Edition
Digital Forensics 2 Lecture 2: Understanding steganography in graphic files Presented by : J.Silaa Lecture: FCI Based on Guide to Computer Forensics and.
Chapter 5 EnCase Concepts.
Acquisition and Examination of Forensic Evidence
CHFI & Digital Forensics [Part.1] - Basics & FTK Imager
Hiding Information, Encryption, and Bypasses
Digital Forensics CJ
Thursday April 19, 2018 (Discussion – Storing and Retrieving Data, Processing the Electronic Crime Scene)
Understanding Forensic Images
Digital Forensics Andrew Schierberg, Fort Mitchell Police, Schierberg LAw Jay Downs, Kenton County Police.
Creating your multimedia product – setting up pages and navigation
FAT File System.
Presentation transcript:

Forensic Investigation Techniques Michael Jones

Overview Purpose People Processes Michael JonesDigital Forensic Investigations2

The (Digital) Forensic Process Photographs Faraday bags Photographs Faraday bags Imaging - forensically sound copying Analyse file system and analyse files Produce Report Scene Store Laboratory Chain of Custody Michael Jones3Digital Forensic Investigations

Review: Logical and Physical Views Logical view – As seen via the file manager Physical view – What is (physically) on the device Questions – What might these be different? – What is ‘striping’? – Is ‘physical’ really physical? Michael JonesDigital Forensic Investigations4

Imaging Low (device) level – Duplicating the bit sequence – Output is a file – Multiple copies may be taken Verification – Applying (hashing) algorithms to device and copy MD5, SHA1 If device and copy hashes match then copy is forensically sound Devices and copies returned to (case) store Michael JonesDigital Forensic Investigations5

Analysing the Image Before: apply hashing algorithms Processes: – Identify file system – Scan for known file types – Compare with logical view – Match logical and physical views and identify deleted files – Deeper analysis After: apply hashing algorithms Michael JonesDigital Forensic Investigations6

Digital Forensics Triage Triage – Quick analysis to identify priorities – why? Focus on logical view – Plus deleted files Ideal outcomes of triage Michael JonesDigital Forensic Investigations7

Main Analysis That which is actually there – File dates and times – File and directory (folder) names – Metadata That which might require interpretation – Examples encoding and encryption File manipulation (e.g., changing first byte of a jpeg) Michael JonesDigital Forensic Investigations8

Deeper Analysis Can be time consuming Secondary data – Additional processes needed Examples – Use of slack space, unused space – Encoding and encryption – Steganography E.g., Snow Michael JonesDigital Forensic Investigations9

Summary Rigorous processes need to be followed – E.g., ACPO guidelines All investigations produce documentation All documents and artefacts must be labelled and stored appropriately Chain of custody must be unbroken Michael JonesDigital Forensic Investigations10

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.