Professional Documents
Culture Documents
Lecture 1 CSNC4583
Lecture 1 CSNC4583
FARAZ ALI
FarazAli@ucp.edu.pk
+92-321-404-1740
•Masters in Digital Forensic from University of East London, UK
•Computer Forensic Analyst (Punjab Forensic Science Agency)
•Founding member of Digital Forensic Community in Pakistan
•Case worked:
• Blasphemy
• Corporate fraud
• Data leak
• Banking fraud
• Terrorism
• Pornography
• Murder
• IED’s (improvised explosive device)
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Grading Policy
Quizzes ………. 04 15%
Assignments ……… 04 15%
Class participation ..….…. 05%
Mid-exam ..….…. 30%
Final-exam .……… 35%
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Academic Honesty
• Your work in this class must be your own
• Further infractions…
• will result in failure in course
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Attendance Policy
Strictly in accordance with the Univ policy…
Office Hours
Office :CL207 Final year lab
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Digital Forensics and Incident Management
• Introduction to Digital Forensics
• Digital Investigation, Registry and File Structure, Data Acquisition
• Memory Forensics
• Memory Acquisition, Process Memory, Hunting Malware.
• Online Investigation and Email Forensics
• Network Forensics
• Mobile Forensics
• Cloud Forensics
• Incident Management
• Contingency Strategies, Incident response Planning, Detection Strategies, and Prevention Systems
• Mitre ATT&CK Framework
• Report Writing for Investigation
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Recommended Reading
• Michael Hale Ligh, Andrew Case, Jamie Levy, Aaron Walters (2014),
• “The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory”
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Definition and Importance of Digital
Forensics
Digital forensics is the retrieval, analysis, and use of digital evidence in a civil or criminal investigation.
Any medium that can store digital files is a potential source of evidence for a computer forensics investigator.
Computer forensics is a science because of the accepted practices used for acquiring and examining the evidence
and its admissibility in court.
Forensically sound means that during the acquisition of digital evidence and throughout the investigative
process the evidence must remain in its original state.
Moreover, everyone who has been in contact with the evidence must be accounted for and documented in the
Chain of Custody form.
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Scope of Digital Forensics
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Scope Matrix and Objective
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Why do we need to investigate?
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Taxonomy of Digital Forensics
Knowledge
Tools
Experience
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Types of Forensic Evidence and How
It Is Used
Practically every type of file can be recovered using digital forensics.
Email is arguably the most important type of digital evidence
Images
Video File Metadata
Websites visited and Internet searches
Cellphones
IoT Devices
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Digital Forensic Activities
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Cyberspace and Criminal Behavior
The societal impact of the Digital Revolution is as great as the Industrial Revolution .
Type of Crime:
Computer crime: crimes committed with computers
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Cyberspace and Criminal Behavior
The societal impact of the Digital Revolution is as great as the Industrial Revolution .
Type of Crime:
Computer crime: crimes committed with computers
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
The goal of Forensic Investigation
Includes:
Collect useful evidence
Ensure that evidence has a positive impact on outcomes and legal actions.
Assist any potential investigation of crimes and persuade adversaries to avoid further actions against the
organization
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
What Skills Must a Digital Forensics
Investigator Possess?
Computer Science Knowledge
Legal Expertise
Communication Skills
Linguistic Abilities
Continuous Learning
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Forensic Roles
Internal IT Security Operations
Responsible for security-technology related items
This includes computers, applications, networking, storage, and associated data
Different groups within the organization may have specific focuses, such as a data center team or
information security group
Legal Team
Legal matters are typically handled by members with a legal education
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Forensic Roles
Finances
Teams that defend financial transactions could be part of IT security, but there may also be specific
members of a financial-focused group.
Other Roles
Specific functions such as capturing a crime scene, and human resources when employees are
involved with an incident
Or an evidence manager responsible for documenting what is collected.
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Forensic Job Markets
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Forensic Job Markets
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Lets Start the Course…
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
What is Digital forensics?
• Digital forensics is a branch of forensic science that uses scientific knowledge for collecting , analyzing ,
documenting , and presenting digital
• evidence related to computer crime for using it in a court of law.
• The ultimate goal is knowing what was done, when it was done, and who did it.
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
How did we arrive here?
• The use of computing devices:
• There is a growing dependence on computerized systems to provide services and store information becomes
prevalent in both the public and private sectors.
• Individuals also use computing devices heavily in their daily lives (to organize their digital data or to
communicate with others).
• The threat of cybersecurity is unquestionably growing more serious over
• time:
• It is estimated that cybercrime damages will cost the world trillions of dollars
• annually, while the spending on information security products and services will only grow to billions of
dollars.
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
PURPOSE
• The goal of computer Forensics is to examine digital media in a forensically
sound manner with the aim of identifying, preserving, recovering, analyzing
and presenting facts and opinions about the information.
• Computer Forensics will be an important and integral part of Legal evidence
found in computer systems, digital media / storage and mobile phones.
• Maintaining the documented chain of custody so that it can be presented in
the court of law as and evidence.
• Understanding ISO 17025.
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
SCOPE OF COMPUTER FORENSIC
• Scientific Examination and analysis of Digital storage media i.e; Hard Drives,
Flash Memory, Floppy Disk, CD/DVD etc.
• Forensic Analysis of Mobile Phones and Digital Communication devices.
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Introduction of Computer Forensic
Fundamentals
• Forensic and Digital Forensic Definitions
• Digital Evidence
• Conclusion
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
WHAT IS FORENSIC?
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
WHAT IS DIGITAL FORENSIC?
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Definition F rensic Ch ice
• Bertillon
• Galton
• Lattes
• Goddard
• Osborn
• Locard
• These are the names of individuals to develop the principles and techniques for the
modern way of identification and comparison of Physical evidence.
Faraz Ali
(Digital Forensic Scientist)
Forensic Science F rensic Ch ice
• The application of science helps the law to decide the fate of a criminal using modern techniques that are
enforced by the police in a criminal justice system.
• The scientific principles of technology to the legal system. It involves the characterization and examination
of physical evidence.
• There are 13 disciplines of Forensic science which are implemented all around the world:
• Firearms and Tool Marks • Narcotics Analysis
• Question document Analysis • Audio & Video Analysis
• Polygraph Examination • Digital Forensics
• DNA & Serology • Latent Finger Print Analysis
• Forensic Toxicology • Crime Scene Investigation
• Trace Chemistry Analysis • Death Scene Investigation
• Forensic Photography • Forensic Pathology
Faraz Ali
(Digital Forensic Scientist)
BRANCHES OF DIGITAL FORENSICS
o Database Forensics
o Network Forensics
• The typical forensic process covers the seizure, forensic imaging and analysis
of digital media and the production of a report into collected evidence.
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
DIGITAL EVIDENCE
• Evidence
o A piece of information that supports a conclusion
• Digital evidence
o Any data that is recorded or preserved on any medium in or by a
computer system or other similar digital device, that can be read or
understood by a person or a computer system or other similar device.
o It includes a display, printout or other output of that data.
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
CHARACTERISTICS OF DIGITAL
EVIDENCE
• An evidence must be:
• Admissible
o Conformity with the common law and legislative rules
• Authentic
o In linking data to specific individuals and events
• Fragile
o Easily altered, damaged, or destroyed
• Accurate
o Believed and is consistent
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
CHARACTERISTICS OF DIGITAL
EVIDENCE
• Complete
o With a full story of particular circumstances.
• Convincing to juries
o To have probative value, subjective and practical test of
presentation – To proving beyond doubt
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
EXAMPLES OF DIGITAL EVIDENCE
ACCEPTED BY PAKISTAN COURTS
• E-mails,
• Digital photographs,
• Microsoft Documents,
• Databases,
• Computer Backups
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
TYPES OF DIGITAL EVIDENCE
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
LOCATION FOR EVIDENCE
• Slack/Unallocated Space
• Chat records
• Software/Hardware added
• Identification
• Preservation
• Analysis
• Documentation
• Presentation
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
DIGITAL FORENSIC MODEL
IDENTIFICATION
EVIDENCE
ACQUISITION
EVIDENCE
COMPUTER AUTHENTICITY MOBILE
ANALYSIS
REPORTING
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
PRESERVATION
o Secure
o Preserve
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
ANALYSIS
o Draw conclusions
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
DOCUMENTATION
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
REPORTING
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
DIGITAL FORENSICS NEED
• Evidence that can lead criminal to punishment from the court of Law.
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
CHALLENGES IN DIGITAL
FORENSICS
• Increase of computers, mobile phones and internet access has made the
exchange of information quick and inexpensive.
o Easy availability for Hackers
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
SKILLS REQUIRED FOR DIGITAL
FORENSICS
• Programming or computer-related experience
• Analytical skills
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)
Thank You
Question and Answers
Faraz Ali
(Lecturer FOIT)
(University of Central Punjab)