Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC CF NZ OUR PRIME OBJECTIVE: To successfully recover lost, damaged, hidden or.

Published byJeffry Clarke Modified over 9 years ago

Similar presentations

Presentation on theme: "Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC CF NZ OUR PRIME OBJECTIVE: To successfully recover lost, damaged, hidden or."— Presentation transcript:

1 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC CF NZ OUR PRIME OBJECTIVE: To successfully recover lost, damaged, hidden or deleted files from a computer system after an accidental, deliberate or malicious action. COMPUTER FORENSICS NZ LTD

2 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC  What is computer forensics?  Disk operating system considerations.  How data is recovered.  What to do when data can’t be recovered, and how to prevent recovery.  Commercial and paralegal aspects.  The process.  Q & A. THIS PRESENTATION

3 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC WHAT IS COMPUTER FORENSICS Computer Forensics is the acquisition, preservation, preparation, analysis and presentation of computer-related evidence utilising secure, controlled methodologies and auditable procedures.

4 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC THE FATHER OF FORENSICS “For any two points of contact there is always a cross-transference of material from one to the other.” Edmond Locard 1877-1966 Every contact leaves a trace.

5 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC MODERN PERSPECTIVE For ever interaction with a PC there will always be material left behind on that PC OR

6 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC EVERY INTERACTION WITH A PC LEAVES TRACE DATA BEHIND MODERN PERSPECTIVE #2

7 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC  Master Boot Record.  Partition table.  File Allocation Table.  Data storage area. GENERIC DISK OS

8 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC  Reference only is deleted  Space is flagged as available for re use.  FDISK and FORMAT Urban myths WHEN DELETE IS NOT DELETE

9 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC  Full files.  ASCII text.  Graphics. WHAT INFO CAN BE RECOVERED

10 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC When the hard disc platter has been:  Badly distorted by fire.  Significant physical damage.  Subjected to abnormally high magnetic fields. WHEN IS THERE PROBABLY NO CHANCE

11 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC  Overwrite all sectors.  Once, many times.  Protect from whom.  Ultimate protection. PROTECT AGAINST DATA RECOVERY??

12 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC  Case 1 – Avco.  Case 2 – Government departments.  Happens every day every where. DON’T GIVE THE COMPANY’S SECRETS AWAY

13 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC Main Causes:  Accidental delete.  Advised to reformat by IT advisor.  Partition table corrupt.  Disk hardware failure.  Malicious damage.  Viral contamination. COMMERCIAL DATA RECOVERY

14 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC  Unintended left evidence.  High usage of PCs at home.  Private use of company PC.  Files on archival backups.  Electronic media discovery. PARALEGAL DATA RECOVERY

15 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC Cases:  Professional practice 2 years ago.  Ex-employee using company data.  Senior manager and PA setting up competitive company. PARALEGAL DATA RECOVERY #2

16 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC Similar for data recovery and paralegal:  Acquire.  Preserve.  Prepare.  Analyse.  Present. THE RECOVERY PROCESS

17 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC Three key points to leave with you.  Data is rarely completely deleted from a hard disk.  Implications for commercial security.  Implications for prosecution and defence in court. RECAP

18 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC Paralegal  www.forensic-computing. com/subjects.html  http://www.dcfl.gov/ General Data Recovery  http://www.cs.auckland.ac.nz/~pgut001/  http://www.cerberussystems.com/INFOSEC/ privacy.htm SUGGESTED SURFING

19 Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC YOUR TURN Q & A TIME

Download ppt "Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC CF NZ OUR PRIME OBJECTIVE: To successfully recover lost, damaged, hidden or."

Similar presentations

Utility program + driver program Thomas Wat 4D (21)

Utility program + driver program Thomas Wat 4D (21)
Backing up and Archiving Data Chapter 1. Introduction This presentation covers the following: – What is backing up – What is archiving – Why are both.

Backing up and Archiving Data Chapter 1. Introduction This presentation covers the following: – What is backing up – What is archiving – Why are both.
FAT vs NTFS.

FAT vs NTFS.
Backing Up Your Computer Hard Drive Lou Koch June 27, 2006.

Backing Up Your Computer Hard Drive Lou Koch June 27, 2006.
1 X-Ways Security: Permanent Erasure Supervised By: Dr. Lo’ai Tawalbeh Prepared By :Murad M. Ali.

1 X-Ways Security: Permanent Erasure Supervised By: Dr. Lo’ai Tawalbeh Prepared By :Murad M. Ali.
Backup Strategy. An Exam question will ask you to describe a backup strategy. Be able to explain: Safe, secure place in different location. Why? – For.

Backup Strategy. An Exam question will ask you to describe a backup strategy. Be able to explain: Safe, secure place in different location. Why? – For.
Computer Forensics, The Investigators Persepective Paul T. Mobley Sr. Computer Forensics Consultant Jawz Inc.

Computer Forensics, The Investigators Persepective Paul T. Mobley Sr. Computer Forensics Consultant Jawz Inc.
Princeton PC Users Group Hard Drive Disaster! By Paul Kurivchack March 14, 2005.

Princeton PC Users Group Hard Drive Disaster! By Paul Kurivchack March 14, 2005.
5-9/12/2005 CPE 101 1 How to format your computer and re-install Windows XP.

5-9/12/2005 CPE How to format your computer and re-install Windows XP.
1 Pertemuan 23 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 23 Contingency Planning Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Chapter 12 File Management Systems

Chapter 12 File Management Systems
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.

COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
Applications with Warrants In Mind. The Law  Why are there laws specifically for computer crimes?  A persons reasonable right to privacy  The nature.

Applications with Warrants In Mind. The Law  Why are there laws specifically for computer crimes?  A persons reasonable right to privacy  The nature.
File System Security Jason Eick and Evan Nelson. What does a file system do? A file system is a method for storing and organizing computer files and the.

File System Security Jason Eick and Evan Nelson. What does a file system do? A file system is a method for storing and organizing computer files and the.
Data Elimination 101. What Does Degauss Mean? Computer hard drives use magnetic fields to store data on special discs called platters. Degaussing is the.

Data Elimination 101. What Does Degauss Mean? Computer hard drives use magnetic fields to store data on special discs called platters. Degaussing is the.
Data Recovery Techniques By Danny Seltzer and Evan Hollander.

Data Recovery Techniques By Danny Seltzer and Evan Hollander.
Source XP vs Windows 7 XPWin 7.

Source XP vs Windows 7 XPWin 7.
Procedures for Backup and Recovery Section 14. Key points and questions What data should be backed up and how often? What do we mean by full backup, incremental.

Procedures for Backup and Recovery Section 14. Key points and questions What data should be backed up and how often? What do we mean by full backup, incremental.
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (

Similar presentations

Ads by Google