Professional Documents
Culture Documents
1 CP041
1 CP041
BY
B.Brahmani ITIII\IV K.Ahalya ITIII\IV
Email:brahmani09@gmail.com Contact:9963072821
email:01ahalya@gmail.com
GUDLAVALLERU ENGINEERING COLLEGE GUDLAVALLERU.-521356 KRISHNA DIST,ANDHRA PRADESH technologies, and requires the Abstract
In todays day and age, there is no such thing as 100% secure. But with the stroke of a key, the bad guys can erase all of their data and hide their tracks when using computers for not so legal purposes, or can they? Just because you hit the delete key doesnt mean that the evidence is gone. Today, there is a growing demand for computer forensics professionals to aid in the fight against those that would use the very technology we depend on against day, identity us. We see the evidence every theft, viruses, malware, computer intrusion and more. But what about the things we dont think or hear about? The emails, downloaded programs, or even the corporate espionage that we only used to read about. What about those threats such as the latest and greatest viruses that attack our cell phones, PDAs, etc. Law enforcement is in a perpetual race with criminals in the application of digital development systematically of tools to search digital
devices for pertinent evidence. Another part of this race, and perhaps more crucial, is the development of a methodology in digital encompasses forensics the that forensic
analysis of all genres of digital crime scene investigations. This paper explores the development of the computer forensics, tools. its basics, anti forensics and computer forensics
Introduction
The field of computer forensics is relatively young. In the early days of computing, courts considered evidence from computers to be no different from any other kind of evidence. As computers advanced became and more sophisticated,
opinion shifted -- the courts learned that computer evidence was easy to corrupt, destroy or change.
possible warrant.
when
requesting
Investigators realized that there was a need to develop specific tools and processes to search computers for evidence without affecting the information itself. Detectives partnered with computer scientists to discuss the appropriate procedures and tools they'd need to use to retrieve evidence from a computer. Gradually, they developed the procedures that now make up the field of computer forensics. Usually, detectives have to secure a warrant to search a suspect's computer for evidence. The warrant must include where detectives can search and what sort of evidence they can look for. In other words, a detective can't just serve a warrant and look wherever he or she likes for anything suspicious. In addition, the warrant's terms can't be too general. Most judges require detectives to be as specific as Every investigation unique. Some is computer somewhat investigations
might only require a week to complete, but others could take months. Here are some factors that can impact the length of an investigation:
of the detectives
computers searched
The amount of
Whether
the
suspect attempted to
hide
or The
delete presence
can detect and retrieve deleted data. 4. files Reveal with of the contents of all hidden programs hidden and designed to detect the presence data. 5. 6. Decrypt Analyze disks, access protected files. special areas of the computer's including parts that are normally inaccessible.
7.
lists
the
every 8. expert
procedure. Be prepared to witness in testify in court as an computer forensics. All of these steps are important, but the first step is critical. If investigators can't prove that they secured the computer system, the evidence they find may not be admissible. It's also a big job. In the early days of computing, the system might have included a PC and a few floppy disks. Today, it could include multiple computers, disks, thumb drives, external
equipment and data are Find every file the are computer encrypted, by
on that
passwords, hidden or deleted, but not yet overwritten. 3. much Recover as deleted
drives, servers.
peripherals
and
Web
There are dozens of ways people can hide information. Some Some criminals have programs by can fool the computers changing
found ways to make it even more difficult for investigators to find information on their systems. They use programs known as and antiapplications
information in files' headers. A file header is normally invisible to humans, but it's extremely important -- it tells the computer what kind of file the header is attached to. Some programs let you change the information in the header so that the computer thinks it's a different kind of file. Detectives looking for a specific file format could skip over important evidence because it looked like it wasn't relevant. It's also possible to hide one file inside another. Executable files -- files that computers recognize as programs -- are particularly problematic. Programs called packers can insert executable files into other kinds of files, while tools called
forensics. Detectives have to be aware of these programs and how to disable them if they want to access the information in computer systems.
Anti-Forensics
Anti-forensics can be a computer investigator's worst nightmare. Programmers design anti-forensic tools to make it hard or impossible to during retrieve an information
binders
can
bind is
multiple another
executable files together. Encryption way to hide data. When you encrypt data, you use a complex set of rules called an algorithm to make to use the data computer The unreadable. programs more Without the key, detectives have designed to crack the encryption algorithm. sophisticated the algorithm, the longer it will take to decrypt it without a key. Other anti-forensic tools can change to the files. metadata Metadata attached Some computer
applications will erase data if an unauthorized user tries to access the system. Some programmers have examined how computer forensics programs work and have tried to create applications that either block or attack the programs computer themselves. forensics If specialists
includes information like when a file was created or last altered. Normally you can't change this information, but there are programs that can let a person alter the metadata attached to files. Imagine examining a file's metadata and discovering that it says the file won't exist for another three years and was last accessed a century ago. If the metadata is compromised, it makes it more difficult to present the evidence as reliable.
come up against such a criminal, they have to use caution and ingenuity to retrieve data. A few people use antiforensics to demonstrate how vulnerable and unreliable computer data can be.
Criminal document
The when to
is, the prosecution must be able to prove that the information presented as evidence came from the suspect's computer and that it remains unaltered. Another consideration the courts take into account with computer evidence is hearsay. Hearsay is a term referring to statements made outside of a court of law. In most cases, courts can't allow hearsay as evidence. The courts have determined that information on a computer does not constitute hearsay in most cases, and is therefore basis. admissible. Courts determine this on a case-by-case
investigators
include computers in a search, what kind of information is admissible, how the rules of hearsay apply to computer information and guidelines for conducting a search. If the investigators believe the computer system is only acting as a storage device, they usually aren't allowed to seize the hardware itself. This limits any evidence investigation to the field. On the other hand, if the investigators believe the hardware itself is evidence, they can seize the hardware and bring it to another location. For example, if the computer is stolen property, then the investigators could seize the hardware.
In order to use evidence from a computer system in court, the prosecution must authenticate the evidence. That
Disk imaging
These tools are only useful as long as investigators follow the right procedures. Otherwise, a good suggest gathered course, a defense that in few lawyer any the could evidence computer
Software
or
hardware write tools copy and reconstruct hard drives bit by bit.
Hashing tools
investigation isn't reliable. Of anti-forensics experts argue that no computer evidence is completely reliable. Whether courts continue to accept computer evidence as reliable remains to be seen. Antiforensics experts argue that it's only a matter of time before someone proves in a court of law that manipulating computer data without being detected is both possible and plausible. If that's the case, courts may have a hard time justifying the inclusion of computer evidence in a trial or investigation.
use
There
are
several in a
access
memory (RAM). Analysis software sifts through all the information on a hard drive, looking for specific content.
Encryption and
decoding password
software
Advantages
Ability to search through a massive amount of data
o o o
Conclusion
The purpose of computer forensics techniques is to search, preserve and analyze information on computer systems to find potential evidence for a trial. Many of the techniques have digital detectives use in crime scene investigations counterparts, but there are also some unique aspects to computer investigations. Each year, there is an increase in the number of digital crimes worldwide. As technology evolves, software changes, and users become digitally savvy, the crimes becoming Law perpetual they more race commit is with in are sophisticated. a these
playing
field
remains
level.
Part of this race includes developing tools that have the ability to systematically search digital devices for pertinent evidence. Another part of this race, and perhaps more crucial, is the development of a methodology in digital forensics that encompasses the forensic analysis of all genres of digital crime scene investigations. Thus criminals and by Computer them Forensics we can trace out the punish according to the law and provides security to the computers and its data.
enforcement
References
Caloyannides, Michael A. Computer Forensics and Privacy. Artech House, Inc. 2001. Digital Forensics Research Workshop. A Road Map for Digital Forensics Research 2001 www.dfrws.org http://www.fish.com/fore nsics/class.html. http://www.fbi.gov/hq/lab /handbook/scene1.htm. http://www.howstuffwork s.com http://abcnews.go.com/se ctions/us/DailyNews/cybe rcrime_000117.html. http://www.fbi.gov/hq/lab /handbook/scene1.htm.