3 Basics of Digital Forensic Digital forensic is

3 -Basics of Digital Forensic Digital forensic is a branch of forensic science encompassing the recovery and investigation of material found in digital devices often in relation to computer crime. Digital forensics includes the identification, recovery, investigation, validation and presentation of facts regarding digital evidence found on computer and similar storage media devices.

1980 s Field of pc forensics began History of forensic 1984 FBI, Federal Bureau of Investigation was created which was referred as magnet media program. Currently referred as Computer Analysis and Response Time(CART) Michael Anderson, the Father of Computer Forensics came into limelight during this period. 1995 International organization on Computer Evidence(IOCE) was formed 1997 Great countries declared that law enforcement personnel should be trained and equipped to deal with sophisticated crimes.

1998 INTERPOL forensic science symposium was History of forensic apprehended (International Criminal police organization that facilitates worldwide police cooperation and crime control 1999 The FBI CART case load goes beyond 2000 case examining. 2000 The first FBI Regional computer forensic laboratory was recognized. 2003 FBI CART case load exceeds 6500 cases.

Traditional Crimes Cyber Crimes Kidnapping Electronic fund transfer fraud Murder Copyright violation Sexual assault Cyber terrorism Robbery Motor vehicle theft Identity theft Cyber bullying(mistreatmen t) and harassment

Rules of Digital Forensics 1. An examination should never be performed over original media. 2. 3. 4. 5. 6. A copy is made onto forensically sterile media. New media should always be used if available. The copy of evidence must be exact, bit by bit. The computer and data on it must be protected during the acquisition of the media to ensure that the data is not modified. The examination must be conducted in such as way as to prevent any modification of the evidence. The chain of the custody of all evidence must be clearly maintained to provide an audit log.

• DFI digital forensic investigation: • It is special type of investigation where the scientific procedures and techniques used will be allowed to view the result digital evidence (to be admissible in a court of law)

Goals of Digital Forensic Investigation The main objective is to examine digital evidences and to ensure that they have not been tampered in any manner. To achieve this goal, investigation must be able to handle all below obstacles: 1. Handle and locate certain amount of valid data from large amount of files stored in computer system. 2. It is viable that information has been deleted, in such situation searching inside the file is worthless.

Goals of Digital Forensic Investigation 3. If the files are secured by some password, investigators must find a way to access a data by some unauthorized way. 4. Data may be stored in damaged device but the investigator searches the data in working devices. 5. Major obstacle is that , each and every case is different identifying the techniques and tools will take long time.

Goals of Digital Forensic Investigation 6. The digital data must be protected being modified. It is very tedious to prove that data under examination is unaltered. 7. Common procedure for investigation and standard techniques for collecting and preserving digital evidences are desired.

Ethics issues in Digital Forensic: 1. Honesty towards the investigation. 2. Prudence means carefully handling the digital evidences. 3. Compliance with law and professional norms.

General Ethical norms for investigator 1. To contribute to the society and human beings. 2. To avoid harm to others. 3. To be honest and trustworthy. 4. To be fair and take action not to discriminate. 5. To honor property rights, including copyrights and patents. 6. To give proper credit to intellectual property. 7. To respect the privacy of others. 8. To honor confidentiality.

Unethical norms for digital forensic investigation Investigator should not: 1. Uphold any relevant evidence. 2. Declare any confidential matters or knowledge. 3. Express an opinion on the guilt or innocence belonging to any party. 4. Engage or involve in any kind of unethical or illegal conduct. 5. deliberately or knowingly undertake an assignment beyond him or her capability.

Models of Digital Forensics: 1. Road map for Digital Forensic Research(RMDFR). 2. Abstract digital forensic model(ADFM). 3. Integrated digital investigation process (IDIP) 4. End to end digital investigation process(EEDIP) 5. An Extended Model of Cybercrime Investigation(EMCI). 6. UML modeling of digital forensic process model(UMDFPM)

1. _______is a branch of forensic science encompassing the recovery and investigation of material found in digital devices often in relation to computer crime. a. Analog forensic b. Digital forensic c. Cyber forensic

2. _______ includes the identification, recovery, investigation, validation and presentation of facts regarding digital evidence found on computer and similar storage media devices. a. Analog forensic b. Digital forensic c. Cyber forensic

3. Field of pc forensics began in a. 1977 b. 1980 c. 1982

4. FBI stands for_______ a. Federal Bureau of Investigation b. F c. F

5. CART stands for _______ a. Computer Analysis and Request Time b. Computer Analysis and Response Time c. Crime Analysis and Response Time

______the Father of Computer Forensics. a. Michael paterson b. Michael Andrew c. Michael Anderson

International organization on Computer Evidence(IOCE) was formed in a. 1995 b. 1992 c. 1990

• INTERPOL stands for ____ a. International police organization b. International Criminal patrol organization c. International Criminal police organization

• All are cyber crimes except a. Electronic fund transfer fraud b. Copyright violation. c. Kidnapping d. Cyber bullying

RMDFR stands for_______ a. Roll map for digital forensic research. b. Road map for digital forensic research. c. Road model for digital forensic research.

• Which step is not included in RMDFR model A. Identification B. Preservation C. Collection D. Examination E. Analysis F. Reporting G. Approach strategy

1. ADFM stands for _____ a. Analog digital forensic model b. Abstract digital forensic model c. Analytical digital forensic model

steps included in ADFR model A. Identification B. Preparation: tools, techniques, monitoring authorization and management support. C. Approach strategy: formulating procedures and approach in order to maximize the collection of evidence D. Preservation E. Collection F. Examination G. Analysis A. Presentation B. Returning evidence: physical and digital property returned to proper owner

• IDIP stands for ______ a. Investigated digital Integration process b. Integrated digital investigation process c. Inherited digital investigation process

• 1. Readiness phase : The goal of this phase to ensure that the operations and infrastructure able to fully support an investigation. It includes two phases a. Operations readiness b. Infrastructure readiness

• 2. Deployment phase: The purpose to provide a mechanism for an incident to be detected and confirmed. It includes two phases a. Detection and notification phase b. Confirmation and authorization phase

• 3. physical crime investigation phase: The goal of these phase is to collect and analyze the physical evidence and reconstruct the actions that took place during the incident. it includes 6 phases. a. Preservation phase b. Survey phase c. Documentation phase d. Search and collection phase e. Reconstruction phase f. Presentation phase

• 4. Digital crime investigation phase: collect and analyze digital evidence. It includes all phases of physical crime investigation phase. • 5. Review phase: This entails a review of the whole investigation and identifies areas of improvement.