Digital Forensics PDF

Digital Forensics
1
Digital Forensics Services
I. DigitalI.Evidence Recovery Recovery Service
Digital Evidence
II. Forensic Data Analytics
III. Cyber Investigation
IV. E-Discovery Management
2
Digital Forensic Methodology
Phase I: Identification of Phase II: Preservation of Phase III: Analysis of Phase IV:Presentation of
Evidence Evidence Evidence Evidence
• We identify the areas where • All evidence must be inventoried • With the use of powerful systems • The secured evidence, initially
electronic indications and and secured to preserve its and tools, we analyse the secured available only in electronic form, is
evidence can be found, taking into integrity; the aim is to map the data in our laboratory according to processed in accordance with
account locally available data digital footprint in a way that is case-specific requirements and formal legal requirements and
sources and network structures admissible as evidence in court. put the jigsaw together, enabling presented in a way that can be
with external data pools (e.g. • This can be carried out either in differentiated evidence used in court.
cloud services). our Forensic laboratory or directly management. • Our approach and results are
• Our investigations focus on all at our clients’ premises. • In some cases we already perform always clearly traceable,
available data storage media Such • We locate deleted or hidden files an initial analysis on site. repeatable and transparent.
as from laptops to the Unix (or fragments) and preserve • We can also provide expert
mainframe, from mobile phones to evidence that the perpetrators witness testimony if required.
GPS device believed to be untraceable.
• Neither the original data nor the
systems are compromised or
impaired in this process.
3
Digital
Evidence
Recovery
Digital Evidence Recovery Services
Digital Evidence Recovery can be seen as:
• The use of science or technology in an investigation to establish facts and evidence found in
computers and digital repositories and ensuring its accuracy and reliability.
Digital Evidence Recovery comprise of:
• Identifying
• Preserving
• Analysing
• Presenting digital evidence in a manner that is legally acceptable in any judicial or administrative
hearing.
5
Digital Evidence - Sources
• Documents •Contact Details • System logs

• Financial Records •Call Logs • Server Access Logs
• Log files •SMS & MMS • ERP Logs
• IM Chat Logs •Documents • User ID audit trails
• Internet History files •Emails • I.P. Addresses
• E-Mails •IM chat logs • MAC Addresses
• Temporary Files •Internet History Files • E-Mail messages
• Deleted files etc.. •Deleted Files etc.. • Firewall audit trails etc..
6
The Digital Forensic Examiner must
serve Two Masters
Technology
The Law
7
Admissibility of Electronic Evidence
• Information Technology Act,2000
• Indian Evidence Act ,1872
• Last 40 years have witnessed rapid development in
technology
• Many features such as low cost, ease of use and anonymity
have fuelled cyber fraudulent activity
• Criminal activity + technology = abundance of evidence
• Stored data and messages are now a valuable source of
evidence in civil and criminal proceedings
8
The nature of Digital Evidence
Admissibility of digital evidence can easily be lost due to its mere nature.
Digital Evidence is:
• Intangible in nature
• Volatile
• Susceptible to manipulation
• Located on IT Systems worldwide
• In need of forensic technology to examine
• Transient in nature
9
Chain of Custody
An important tool used by investigators to safeguard evidence is the “Chain of Custody”
• It is a means of accounting who has touched a given piece of evidence

• When they touched it; and
• What they did to the evidence.
• It is a way of demonstrating that evidence hasn’t

been damaged or tampered with while in the care
of the investigator
• NO item should ever be left alone unless stored
in a secure place of storage
• Whenever items are handed to another party it has
to be recorded for future reference.
10
Sample reports
11
Forensic Data
Analysis
Forensic Data analytics Framework
Data Database Processing Reporting
- SAP - MySQL
- Oracle - Microsoft
SQL Server
- SQLite
Analytics scripts
13
Forensic Data Analytics in different Sectors
Financial Services Manufacturing Life Science Oil and Gas
• AML Analytics • Sales Analytics

• Procurement Analytics • ABC Analytics
• Compliance Analytics • Marketing Analytics
• Sales Analytics • Compliance Analytics
• Loan Analytics • Compliance Analytics
• Payroll Analytics • Procurement Analytics
• Credit Card Analytics • ABC Analytics
• Spend Analytics • T&E analytics
• Claims Analytics • T&E Analytics
• Compliance Analytics • Cyber Analytics
• Cyber Analytics • Cyber Analytics
• Cyber Analytics
• Transaction Analytics
Mining Retail Automobile Telecom
• ABC Analytics • Supply Chain Analytics  Warranty Analytics • Procurement Analytics

• Customer Analytics
• Compliance Analytics • POS Analytics  Compliance Analytics • Revenue Analytics
• Procurement Analytics • Compliance Analytics
 Procurement Analytics • Payroll Analytics
• Vendor Analytics
• Payroll Analytics • Stores review Analytics  Payroll Analytics • Compliance Analytics
• T&E analytics • Cyber Analytics
• Cyber Analytics
• Cyber Analytics
14
Financial Sector Analytics
Compliance Credit Card Loan
AML Analytics Analytics
Analytics Analytics
Compliance analytics helps to Credit card analytics helps the Loan analytics helps the bank
AML Analytics help the banks to identify behavioral anomalies, bank to identify the high to identify the fraudulent loans
uncover illicit activity and comply Unusual patterns , trends, hidden volumes of transactions, both in retail sector and
with AML regulations and CTF relationship and high level of
unsecured lending, default corporate finance
regulations. activities with high risk countries
and entities. Helps to comply with patterns and credit limit
CSSF regulations. alterations.
Cyber Transaction Claims

Analytics Analytics Analytics
Cyber analytics helps the bank Transaction analytics helps the Claims analytics helps the
to identify and monitor any bank to identify any anomalies in insurance companies to
Cyber attack on their IT the online transaction happened identify the fraudulent claims
Infrastructure, Core Banking in online banking and mobile and leakages in different
application and Swift etc. banking. insurance policies.
15
Retail Analytics
Customer Inventory POS Compliance
Analytics
Compliance analytics helps to
Analyzing data related to
Understanding Customer identify behavioral anomalies,
Evaluating stock demand customer orders, invoices,
needs by analyzing data to Unusual patterns , trends,
and its movements and freight and evaluating OTC
Identify relationships Profiles, hidden relationship and high
creating flexibility process and identify areas of
trends and anomalies level of activities with high
improvement
risk countries and entities
Supply Procurement
Cyber Chain Analytics
Analytics Analytics
Cyber analytics helps the bank Identify and tracks most Procurement analytics helps
to identify and monitor any profitable products, supplier the organization to identify the
Cyber attack on their IT management bottlenecks, coalition between employee &
Infrastructure, Core Banking quality issues and track vendors, leakages in
application and Swift etc. operational performance to procurement .
improve customer satisfaction
16
Life Science Analytics
Marketing Sales ABC
Sales analytics helps the ABC analytics helps the

Marketing Analytics helps the organization to identify the
organization to identify the organization to drill down the
sales performance by payment made for the third
marketing expenses by sales person , in detail by
employees, by region etc. party i.e. who, what, when,
region, district and why.
country.
Compliance
Cyber T&E Analytics
Analytics Analytics
Cyber analytics helps the bank T&E Analytics help the Compliance analytics helps to
to identify and monitor any organization to identify the identify behavioral anomalies,
Cyber attack on their IT employee expenses i.e. Unusual patterns , trends,
Infrastructure, Core Banking who, where, when, why, what hidden relationship and high
application and Swift etc. level of activities with high
& how.
risk countries and entities.
17
Manufacturing Analytics
Procurement Sales Payroll
Procurement analytics helps Sales analytics helps the Payroll analytics helps the
the organization to identify the organization to identify organization to find the ghost
coalition between employee & the sales performance employees, leakages in
vendors, leakages in by sales person , in detail payroll, coalition between
procurement . by region , district and vendor & employees.
country.
Compliance
Cyber Analytics ABC
Analytics Analytics
Cyber analytics helps the bank Compliance analytics helps to

to identify and monitor any identify behavioral anomalies, ABC analytics helps the
Cyber attack on their IT Unusual patterns , trends, organization to drill down the
Infrastructure, Core Banking hidden relationship and high payment made for the third
application and Swift etc. level of activities with high party i.e. who, what, when,
risk countries and entities why
18
Oil & Gas Analytics
ABC Compliance T&E
ABC analytics helps the Compliance analytics helps to T&E Analytics help the
organization to drill down the identify behavioral anomalies, organization to identify the
payment made for the third Unusual patterns , trends, employee expenses i.e.
party i.e. who, what, when, hidden relationship and high who, where ,when, why , what
why level of activities with high & how.
Cyber Procurement
Analytics Analytics
Cyber analytics helps the bank Procurement analytics helps

to identify and monitor any the organization to identify the
Cyber attack on their IT coalition between employee &
Infrastructure, Core Banking
vendors, leakages in
application and Swift etc.
procurement .
19
Automotive Analytics
Procurement Sales Payroll
Procurement analytics helps Sales analytics helps the Payroll analytics helps the
the organization to identify the organization to identify organization to find the ghost
coalition between employee & the sales performance employees, leakages in
vendors, leakages in by sales person , in detail payroll, coalition between
procurement . by region , district and vendor & employees.
country.
Compliance
Cyber Warranty
Cyber analytics helps the bank Warranty analytics helps the Compliance analytics helps to
to identify and monitor any organization to keep track of identify behavioral anomalies,
Cyber attack on their IT warranty and also provide Unusual patterns , trends,
Infrastructure, Core Banking with any anomalies pattern of hidden relationship and high
application and Swift etc. misuse of warranty by the level of activities with high
customers . risk countries and entities
20
Telecom Analytics
Compliance Revenue
Procurement
Procurement analytics helps Compliance analytics helps to Revenue analytics helps the
the organization to identify the identify behavioral anomalies, client to recognize their
coalition between employee & Unusual patterns , trends, revenue generated in the
vendors, leakages in hidden relationship and high CDR and reconcile with the
procurement . level of activities with high different plans/ Schemes
Cyber Sales Payroll

Cyber analytics helps the bank Sales analytics helps the Payroll analytics helps the
to identify and monitor any organization to identify the organization to find the ghost
Cyber attack on their IT sales performance by sales employees, leakages in
Infrastructure, Core Banking person , in detail by region , payroll, coalition between
application and Swift etc. district and country. vendor & employees.
21
Mining Analytics
ABC Compliance T&E
ABC analytics helps the Compliance analytics helps to
organization to drill down the T&E Analytics help the
identify behavioral anomalies, organization to identify the
payment made for the third Unusual patterns , trends,
party i.e. who, what, when, employee expenses i.e.
hidden relationship and high who, where ,when, why , what
why. level of activities with high & how .
Cyber Procurement
Analytics Analytics
Cyber analytics helps the bank Procurement analytics helps

to identify and monitor any the organization to identify the
Cyber attack on their IT coalition between employee &
Infrastructure, Core Banking vendors, leakages in
application and Swift etc. procurement .
22
Sample Report
23
Cyber
Investigations
It’s All About the Data
Sensitive information is being shared using many forms of data transfer, with multiple stakeholders
using the data for different business purposes. Organizations need to understand where sensitive
data is being handled by the organization and on its behalf by third parties.
Data Storage Data Sharing
Data Collection Data Usage Data Destruction

& Retention
In terms of data protection (Information security, Cyber Security ), history has proven that protective
technologies are not sufficient enough to protect organizations from Cyber criminals.
Early Detection and Quick Response are the keys to effective data protection.
25
Types of Data
Websites
Databases
Email technologies (Exchange)
Devices (digital, cameras, smartphones, gps)
Social media
Mobile Apps
Computers (servers, laptops, desktops, tablets etc)
Networking (Logs, IDS, IPS)
Storage technologies (CD, DVD, USB, HDD, SSD,

tapes)
Internet
Audio records
Files etc
26
Cyber Investigations
■ Cyber Fraud Risk Assessment
■ On Demand Cyber Investigation
■ Email Forensics
■ ERP and Application Forensics
■ Network Forensics
■ Database Forensics
■ Cloud Forensics
■ Data Leak Forensics
■ Pre-exit Forensics
■ Malware Forensics and Analysis
■ Cyber Evidence Recovery
■ Cyber Expert Testimony
27
Sample Reports
28
E-Discovery
Management
E-Discovery Management
Methodology
Processing
Preservation
Information
Management Identification
Review Production Presentation
Collection
Analysis
30
E-Discovery Framework
Risk & Compliance
31
Digital Forensics Apply to All sectors
Financial
Pharmaceutical
Oil & Gas
Media
Transport
Commerce
Health
Legal
Government
Construction
Education etc.
32
Digital Forensic Lab
33
Contact
■ Name: Karthik Palaniappan
■ Email: jkarthik142@gmail.com
■ LinkedIn: www.linkedin.com/in/karthikpalaniyappan
34

Digital Forensics PDF

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Digital Forensics PDF

Uploaded by

Copyright:

Available Formats

Digital Forensics

II. Forensic Data Analytics

III. Cyber Investigation

IV. E-Discovery Management

Digital Evidence Recovery comprise of:

• Documents •Contact Details • System logs

Digital Evidence is:

• It is a means of accounting who has touched a given piece of evidence

• It is a way of demonstrating that evidence hasn’t

Data Database Processing Reporting

• AML Analytics • Sales Analytics

Mining Retail Automobile Telecom

• ABC Analytics • Supply Chain Analytics  Warranty Analytics • Procurement Analytics

Cyber Transaction Claims

Sales analytics helps the ABC analytics helps the

Cyber analytics helps the bank Compliance analytics helps to

Cyber analytics helps the bank Procurement analytics helps

Cyber Sales Payroll

Cyber analytics helps the bank Procurement analytics helps

Data Storage Data Sharing

Data Collection Data Usage Data Destruction

Email technologies (Exchange)

Devices (digital, cameras, smartphones, gps)

Computers (servers, laptops, desktops, tablets etc)

Networking (Logs, IDS, IPS)

Storage technologies (CD, DVD, USB, HDD, SSD,

Risk & Compliance

You might also like