Professional Documents
Culture Documents
Digital Forensics PDF
Digital Forensics PDF
1
Digital Forensics Services
I. DigitalI.Evidence Recovery Recovery Service
Digital Evidence
2
Digital Forensic Methodology
Phase I: Identification of Phase II: Preservation of Phase III: Analysis of Phase IV:Presentation of
Evidence Evidence Evidence Evidence
• We identify the areas where • All evidence must be inventoried • With the use of powerful systems • The secured evidence, initially
electronic indications and and secured to preserve its and tools, we analyse the secured available only in electronic form, is
evidence can be found, taking into integrity; the aim is to map the data in our laboratory according to processed in accordance with
account locally available data digital footprint in a way that is case-specific requirements and formal legal requirements and
sources and network structures admissible as evidence in court. put the jigsaw together, enabling presented in a way that can be
with external data pools (e.g. • This can be carried out either in differentiated evidence used in court.
cloud services). our Forensic laboratory or directly management. • Our approach and results are
• Our investigations focus on all at our clients’ premises. • In some cases we already perform always clearly traceable,
available data storage media Such • We locate deleted or hidden files an initial analysis on site. repeatable and transparent.
as from laptops to the Unix (or fragments) and preserve • We can also provide expert
mainframe, from mobile phones to evidence that the perpetrators witness testimony if required.
GPS device believed to be untraceable.
• Neither the original data nor the
systems are compromised or
impaired in this process.
3
Digital
Evidence
Recovery
Digital Evidence Recovery Services
Digital Evidence Recovery can be seen as:
• The use of science or technology in an investigation to establish facts and evidence found in
computers and digital repositories and ensuring its accuracy and reliability.
• Identifying
• Preserving
• Analysing
• Presenting digital evidence in a manner that is legally acceptable in any judicial or administrative
hearing.
5
Digital Evidence - Sources
6
The Digital Forensic Examiner must
serve Two Masters
Technology
The Law
7
Admissibility of Electronic Evidence
• Information Technology Act,2000
• Indian Evidence Act ,1872
• Last 40 years have witnessed rapid development in
technology
• Many features such as low cost, ease of use and anonymity
have fuelled cyber fraudulent activity
• Criminal activity + technology = abundance of evidence
• Stored data and messages are now a valuable source of
evidence in civil and criminal proceedings
8
The nature of Digital Evidence
Admissibility of digital evidence can easily be lost due to its mere nature.
• Intangible in nature
• Volatile
• Susceptible to manipulation
• Located on IT Systems worldwide
• In need of forensic technology to examine
• Transient in nature
9
Chain of Custody
An important tool used by investigators to safeguard evidence is the “Chain of Custody”
10
Sample reports
11
Forensic Data
Analysis
Forensic Data analytics Framework
- SAP - MySQL
- Oracle - Microsoft
SQL Server
- SQLite
Analytics scripts
13
Forensic Data Analytics in different Sectors
Financial Services Manufacturing Life Science Oil and Gas
14
Financial Sector Analytics
Compliance Credit Card Loan
AML Analytics Analytics
Analytics Analytics
Compliance analytics helps to Credit card analytics helps the Loan analytics helps the bank
AML Analytics help the banks to identify behavioral anomalies, bank to identify the high to identify the fraudulent loans
uncover illicit activity and comply Unusual patterns , trends, hidden volumes of transactions, both in retail sector and
with AML regulations and CTF relationship and high level of
unsecured lending, default corporate finance
regulations. activities with high risk countries
and entities. Helps to comply with patterns and credit limit
CSSF regulations. alterations.
Cyber analytics helps the bank Transaction analytics helps the Claims analytics helps the
to identify and monitor any bank to identify any anomalies in insurance companies to
Cyber attack on their IT the online transaction happened identify the fraudulent claims
Infrastructure, Core Banking in online banking and mobile and leakages in different
application and Swift etc. banking. insurance policies.
15
Retail Analytics
Customer Inventory POS Compliance
Analytics Analytics Analytics
Analytics
Compliance analytics helps to
Analyzing data related to
Understanding Customer identify behavioral anomalies,
Evaluating stock demand customer orders, invoices,
needs by analyzing data to Unusual patterns , trends,
and its movements and freight and evaluating OTC
Identify relationships Profiles, hidden relationship and high
creating flexibility process and identify areas of
trends and anomalies level of activities with high
improvement
risk countries and entities
Supply Procurement
Cyber Chain Analytics
Analytics Analytics
Cyber analytics helps the bank Identify and tracks most Procurement analytics helps
to identify and monitor any profitable products, supplier the organization to identify the
Cyber attack on their IT management bottlenecks, coalition between employee &
Infrastructure, Core Banking quality issues and track vendors, leakages in
application and Swift etc. operational performance to procurement .
improve customer satisfaction
16
Life Science Analytics
Marketing Sales ABC
Analytics Analytics Analytics
Compliance
Cyber T&E Analytics
Analytics Analytics
Cyber analytics helps the bank T&E Analytics help the Compliance analytics helps to
to identify and monitor any organization to identify the identify behavioral anomalies,
Cyber attack on their IT employee expenses i.e. Unusual patterns , trends,
Infrastructure, Core Banking who, where, when, why, what hidden relationship and high
application and Swift etc. level of activities with high
& how.
risk countries and entities.
17
Manufacturing Analytics
Procurement Sales Payroll
Analytics Analytics Analytics
Procurement analytics helps Sales analytics helps the Payroll analytics helps the
the organization to identify the organization to identify organization to find the ghost
coalition between employee & the sales performance employees, leakages in
vendors, leakages in by sales person , in detail payroll, coalition between
procurement . by region , district and vendor & employees.
country.
Compliance
Cyber Analytics ABC
Analytics Analytics
18
Oil & Gas Analytics
ABC Compliance T&E
Analytics Analytics Analytics
ABC analytics helps the Compliance analytics helps to T&E Analytics help the
organization to drill down the identify behavioral anomalies, organization to identify the
payment made for the third Unusual patterns , trends, employee expenses i.e.
party i.e. who, what, when, hidden relationship and high who, where ,when, why , what
why level of activities with high & how.
risk countries and entities
Cyber Procurement
Analytics Analytics
19
Automotive Analytics
Procurement Sales Payroll
Analytics Analytics Analytics
Procurement analytics helps Sales analytics helps the Payroll analytics helps the
the organization to identify the organization to identify organization to find the ghost
coalition between employee & the sales performance employees, leakages in
vendors, leakages in by sales person , in detail payroll, coalition between
procurement . by region , district and vendor & employees.
country.
Compliance
Cyber Warranty
Analytics Analytics Analytics
Cyber analytics helps the bank Warranty analytics helps the Compliance analytics helps to
to identify and monitor any organization to keep track of identify behavioral anomalies,
Cyber attack on their IT warranty and also provide Unusual patterns , trends,
Infrastructure, Core Banking with any anomalies pattern of hidden relationship and high
application and Swift etc. misuse of warranty by the level of activities with high
customers . risk countries and entities
20
Telecom Analytics
Compliance Revenue
Procurement
Analytics Analytics Analytics
Procurement analytics helps Compliance analytics helps to Revenue analytics helps the
the organization to identify the identify behavioral anomalies, client to recognize their
coalition between employee & Unusual patterns , trends, revenue generated in the
vendors, leakages in hidden relationship and high CDR and reconcile with the
procurement . level of activities with high different plans/ Schemes
risk countries and entities
Cyber analytics helps the bank Sales analytics helps the Payroll analytics helps the
to identify and monitor any organization to identify the organization to find the ghost
Cyber attack on their IT sales performance by sales employees, leakages in
Infrastructure, Core Banking person , in detail by region , payroll, coalition between
application and Swift etc. district and country. vendor & employees.
21
Mining Analytics
ABC Compliance T&E
Analytics Analytics Analytics
ABC analytics helps the Compliance analytics helps to
organization to drill down the T&E Analytics help the
identify behavioral anomalies, organization to identify the
payment made for the third Unusual patterns , trends,
party i.e. who, what, when, employee expenses i.e.
hidden relationship and high who, where ,when, why , what
why. level of activities with high & how .
risk countries and entities
Cyber Procurement
Analytics Analytics
22
Sample Report
23
Cyber
Investigations
It’s All About the Data
Sensitive information is being shared using many forms of data transfer, with multiple stakeholders
using the data for different business purposes. Organizations need to understand where sensitive
data is being handled by the organization and on its behalf by third parties.
In terms of data protection (Information security, Cyber Security ), history has proven that protective
technologies are not sufficient enough to protect organizations from Cyber criminals.
Early Detection and Quick Response are the keys to effective data protection.
25
Types of Data
Websites
Databases
Social media
Mobile Apps
Internet
Audio records
Files etc
26
Cyber Investigations
■ Cyber Fraud Risk Assessment
■ On Demand Cyber Investigation
■ Email Forensics
■ ERP and Application Forensics
■ Network Forensics
■ Database Forensics
■ Cloud Forensics
■ Data Leak Forensics
■ Pre-exit Forensics
■ Malware Forensics and Analysis
■ Cyber Evidence Recovery
■ Cyber Expert Testimony
27
Sample Reports
28
E-Discovery
Management
E-Discovery Management
Methodology
Processing
Preservation
Information
Management Identification
Review Production Presentation
Collection
Analysis
30
E-Discovery Framework
31
Digital Forensics Apply to All sectors
Financial
Pharmaceutical
Oil & Gas
Media
Transport
Commerce
Health
Legal
Government
Construction
Education etc.
32
Digital Forensic Lab
33
Contact
■ Name: Karthik Palaniappan
■ Email: jkarthik142@gmail.com
■ LinkedIn: www.linkedin.com/in/karthikpalaniyappan
34