Scribd
Upload
15 views14 pages

Fallsem2023-24 Cse4004 Eth3

Uploaded by

lol
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
15 views14 pages

Fallsem2023-24 Cse4004 Eth3

Uploaded by

lol
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 14

An Overview of a Computer

Crime

9/14/2023 1
• The role of digital forensics professional is to gather evidence
to prove that a suspect committed a crime or violated a
company policy
• Collect evidence that can be offered in court or at a
corporate inquiry
• Investigate the suspect’s computer
• Preserve the evidence on a different computer
• Chain of custody
• Route the evidence takes from the time you find it until the case is
closed or goes to court

9/14/2023 2
• Computers can contain information that helps law
enforcement determine:
• Chain of events leading to a crime
• Evidence that can lead to a conviction
• Law enforcement officers should follow proper
procedure when acquiring the evidence
• Digital evidence can be easily altered by an overeager
investigator
• A potential challenge: information on hard disks
might be password protected so forensics tools may
be need to be used in your investigation

9/14/2023 3
An Overview of a Company Policy Violation
• Employees misusing resources can cost companies millions of dollars
• Misuse includes:
• Surfing the Internet
• Sending personal e-mails
• Using company computers for personal tasks

9/14/2023 4
Taking a Systematic Approach
• Steps for problem solving
• Make an initial assessment about the type of case you are investigating
• Determine a preliminary design or approach to the case
• Create a detailed checklist
• Determine the resources you need
• Obtain and copy an evidence drive

9/14/2023 5
Taking a Systematic Approach
• Steps for problem solving (cont’d)
• Identify the risks
• Mitigate or minimize the risks
• Test the design
• Analyze and recover the digital evidence
• Investigate the data you recover
• Complete the case report
• Critique the case

9/14/2023 6
Assessing the Case
• Systematically outline the case details
• Situation
• Nature of the case
• Specifics of the case
• Type of evidence
• Known disk format
• Location of evidence
• Based on these details, you can determine the case
requirements

9/14/2023 7
Planning Your Investigation
• A basic investigation plan should include the following activities:
• Acquire the evidence
• Complete an evidence form and establish a chain of custody
• Transport the evidence to a computer forensics lab
• Secure evidence in an approved secure container

9/14/2023 8
Planning Your Investigation
• A basic investigation plan (cont’d):
• Prepare your forensics workstation
• Retrieve the evidence from the secure container
• Make a forensic copy of the evidence
• Return the evidence to the secure container
• Process the copied evidence with computer forensics tools

9/14/2023 9
Planning Your Investigation
• An evidence custody form helps you document what has been done
with the original evidence and its forensics copies
• Also called a chain-of-evidence form
• Two types
• Single-evidence form
• Lists each piece of evidence on a separate page
• Multi-evidence form

9/14/2023 10
Planning Your Investigation

9/14/2023 11
Planning Your Investigation

9/14/2023 12
Securing Your Evidence
• Use evidence bags to secure and catalog the evidence
• Use computer safe products when collecting computer evidence
• Antistatic bags
• Antistatic pads
• Use well padded containers
• Use evidence tape to seal all openings
• CD drive bays
• Insertion slots for power supply electrical cords and USB cables

9/14/2023 13
Securing Your Evidence
• Write your initials on tape to prove that evidence has not been
tampered with
• Consider computer specific temperature and humidity ranges
• Make sure you have a safe environment for transporting and storing it until a
secure evidence container is available

9/14/2023 14

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy