Presented by Steve Abrams, M.S. Charleston, SC / Long Island, NY

Slides:



Advertisements
Similar presentations
Collaboration Model for Law Enforcement X-Ways Investigator (investigator version of X-Ways Forensics)
Advertisements

File Management Chapter 3
Class Name, Instructor Name Date, Semester Criminal Justice 2011 Chapter 14: SPECIAL INVESTIGATIONS: Vice, White-Collar, Computer, and Hit-and-Run Crimes.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
2 Language of Computer Crime Investigation
No Nonsense File Collection Presented by: Pinpoint Labs Presenter: Jon Rowe, CCE, ISFCE Certified Computer Examiner Members: The International Society.
Guide to Computer Forensics and Investigations, Second Edition
Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Computer Forensics 101 Essential Knowledge for 21 st Century Investigators with Case Studies Presented by Steve Abrams, M.S. Abrams Computer Forensics.
Guide to Computer Forensics and Investigations Fourth Edition
1 Book Cover Here Copyright © 2014, Elsevier Inc. All Rights Reserved Chapter 3 THE CRIME SCENE Discovery, Preservation, Collection, and Transmission of.
Guide to Computer Forensics and Investigations Fourth Edition
Computer & Network Forensics
Guide to Computer Forensics and Investigations Third Edition
1 Chapter 15 Search Warrants. 2 Search warrants fall under the 4 th Amendment Search warrants fall under the 4 th Amendment The police must have “probable.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Legal Aspects of Criminal Investigation: Arrest, Search and Seizure
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
By Drudeisha Madhub Data Protection Commissioner Date:
Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.
Hands-on: Capturing an Image with AccessData FTK Imager
July 9, National Software Reference Library Douglas White Information Technology Laboratory July 2004.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Guide to Computer Forensics and Investigations, Second Edition
7. Legal. Topics Fourth Amendment E-Discovery Duty to Preserve Private Searches ECPA Searching With & Without a Warrant.
Computer Related Evidence & What is this computer geek going to do now that I have done all the hard work?
Chapter 9 Computer Forensics Analysis and Validation Guide to Computer Forensics and Investigations Fourth Edition.
Digital Crime Scene Investigative Process
Computer Forensics Principles and Practices
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 1 Computer Forensics and Investigations as a Profession.
1 IT Investigative Tools Tools and Services for the Forensic Auditor.
Computer Forensics specialist By Andrew Shore Davis Sanders.
Technology in Computer Forensics  Alicia Castro  Thesis Defense  Master of Software Engineering  Department of Computer Science  University of Colorado,
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
CJ386-Unit 7 Review A questioned document is any material that contains marks, symbols or signs conveying a meaning or message and whose source or authenticity.
CJ 317 – Computer Forensics
Forensics Jeff Wang Code Mentor: John Zhu (IT Support)
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
ASHRAY PATEL Protection Mechanisms. Roadmap Access Control Four access control processes Managing access control Firewalls Scanning and Analysis tools.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Digital Forensics Anthony Lawrence. Overview Digital forensics is a branch of forensics focusing on investigating electronic devises. Important in for.
Data Breach ALICAP, the District Insurance Provider, is Now Offering Data Breach Coverage as Part of Our Blanket Coverage Package 1.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
Forensic Science Legal Systems
Courts System Search Warrants.
Creighton Barrett Dalhousie University Archives
Technology Skills for Life, Career, and Academic Success
Computer Forensics By: Chris Rozic.
Chapter 7: Investigating Theft Acts
IT Security  .
Forensic and Investigative Accounting
Lesson # 7 A Practical Guide to Computer Forensics Investigations
Computer Forensics 1 1.
Guide to Computer Forensics and Investigations Fifth Edition
Computer Forensics Discovery and recovery of digital evidence
Introduction to Computer Forensics
Red Flags Rule An Introduction County College of Morris
CHFI & Digital Forensics [Part.1] - Basics & FTK Imager
Dr. Bhavani Thuraisingham The University of Texas at Dallas
Fourth Amendment: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall.
Guide to Computer Forensics and Investigations Fourth Edition
Digital Forensics CJ
Guide to Computer Forensics and Investigations Fourth Edition
Presentation transcript:

Presented by Steve Abrams, M.S. Charleston, SC / Long Island, NY SCALI Annual Seminar May 8, 2004 Computer Forensics 101 Essential Knowledge for 21st Century Investigators with Case Studies Presented by Steve Abrams, M.S. Abrams Computer Forensics Charleston, SC / Long Island, NY (866) 301-5331 * www.AbramsForensics.com

What is Computer Forensics ? The search for, and the collection of, evidence from computer systems in a standardized and well-documented manner to maintain its admissibility and probative value in a legal proceeding.

Computer Forensics is not “Hacking” Never use “Spy-ware” Never “hack” a password Never login to an account unauthorized (without a warrant or court order) Keystroke loggers no longer legal All of these violations are now (usually) a felony. The law is in flux, beware!

Computer Forensics is not “Hacking” Stick to the evidence left on the hard drive, and you should be on safe legal ground. Provided you have proper consent to search the hard drive.

Component Steps of Computer Forensics Make a Forensic Image Create Indexes and setup “case” Look for evidence within the image Generate Report (CD-ROM / Written)

Component Steps of Computer Forensics Make a Forensic Image Requires Extensive Knowledge of Computer Hardware and Software, Especially Operating Systems and File Systems. Requires Special “Forensics” Hardware and Software Requires Knowledge of Proper Evidence Handling. In Most States Requires a P.I. License, and Consent to Search the Computer.

Consent Who Can Consent to a Search Get it in Writing (Spouse, Parent, Business Owner) Get it in Writing (Boilerplate Affidavits)

Affidavit of _______________________ STATE OF SOUTH CAROLINA ) ) COUNTY OF _______________ ) Affidavit of _______________________ Consent given to search a personal computer.     PERSONALLY appeared before me the undersigned who duly sworn and says as follows: 1.     My Name is _______________________________________. I reside at _____________________________________________________ 2.  I have hired Steven M. Abrams, M.S., P.I., to conduct a computer forensics examination of a hard drive from a personal computer, which is in my possession. 3.     I have consented to a search by Mr. Abrams of all data contained on the hard drive. 4.     I attest that the computer hard drive which I have consented to have searched is marital property; to which I have had unfettered access. 5.     I acknowledge that I have been informed that state and federal law requires Mr. Abrams to notify law enforcement authorities of any suspected child pornography or evidence of criminal activity found on a computer during his examination.

Component Steps of Computer Forensics Make a Forensic Image Rule #1 – Never Alter the Evidence Media in the Process of making a Forensic Image. This necessitates special hardware and software.

Component Steps of Computer Forensics Create Indexes and setup “case” Access Data Forensic Toolkit (FTK) Based on the dtSearch Engine, requires an index step which can take several hours or days to complete. After which keyword / expression searches are instantaneous.

Component Steps of Computer Forensics Create Indexes and setup “case” Access Data Forensic Toolkit (FTK) Implements “Hashing” which allows standard system software and duplicate files to be safely ignored, and dangerous files (e.g. Child Porn) to be identified automatically. FTK Hashing is Based on the Known File Filter (KFF) Engine.

Hashing A hash value (or simply hash), also called a message digest, is a number generated from a string of text. The hash is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value. In Computer Forensics, hashes are used to uniquely identify a specific file. The hash value generated from a file becomes its “digital fingerprint”. MD5 and SHA are the two most common hash algorithms used in computer forensics.

Hashing Hash codes can be used to quickly match files found during your investigations to lists of “Known Files” maintained by the Federal Government and Federal Law Enforcement Agencies. These “Known Files” can include innocent files, such as components of MS Windows and “off the shelf” application software, that can safely be ignored by your investigations. These “Known Files” can also include contraband files, such as child pornography and hacker tools, that should be highlighted by your investigations.

Component Steps of Computer Forensics Look for evidence within the image View Graphics, Emails, Documents, etc. Keyword Searches Bookmark relevant material for inclusion into report Good investigation skills needed, must interview the client to get background material needed to focus the CF investigation.

Component Steps of Computer Forensics Generate CF Report Usually in HTML format Can be printed or on CD-ROM Basis for Investigation Report, Affidavits, Deposition and Testimony. CF Report often supplemented with other investigation methods (Online Databases, Email / Phone Interviews)

Demonstrate Steps of a Computer Forensics Examination Live FTK Demo Demonstrate Steps of a Computer Forensics Examination

Case Histories

Case Histories Domestic Relations

Case Histories Domestic Relations Pornography Adultery Financial Assets

Case Histories Wiretap / E.C.P.A.

Case Histories Financial Crimes

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.