Scribd
Upload
83 views

An Introduction To Digital Forensics: Submitted By: Afroz Khan Neelam Sharma Sneha Jain

This document provides an introduction to digital forensics. It defines digital forensics as the recovery and investigation of material found on digital devices for use as potential legal evidence. It discusses how digital forensics involves the analysis of computers, phones, and other devices that store digital data. The document also outlines some examples of digital evidence that may be collected, such as emails, meeting details, or technical data, and describes different branches of forensics including computer, network, mobile, and database forensics.

Uploaded by

Ritu Raghuwanshi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
83 views

An Introduction To Digital Forensics: Submitted By: Afroz Khan Neelam Sharma Sneha Jain

This document provides an introduction to digital forensics. It defines digital forensics as the recovery and investigation of material found on digital devices for use as potential legal evidence. It discusses how digital forensics involves the analysis of computers, phones, and other devices that store digital data. The document also outlines some examples of digital evidence that may be collected, such as emails, meeting details, or technical data, and describes different branches of forensics including computer, network, mobile, and database forensics.

Uploaded by

Ritu Raghuwanshi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 17

An Introduction to Digital

Forensics

Submitted by:

Afroz khan
Neelam sharma
Sneha jain
Digital forensics

 Digital forensics is a branch of forensic science encompassing


the recovery and investigation of material found in digital devices
,this devices include computers, PDAs, cellular phones etc.

 Digital forensics is the application of computer investigation and


analysis techniques in the interests of determining potential legal
evidence .
Digital forensics

 The term digital forensics was originally used as a


synonym for computer forensics but has expanded to cover
all devices capable of storing digital data .
Examples of Digital Evidence
 Computers increasingly involved in criminal and corporate
investigations
 Digital evidence may play a supporting role or be the “smoking gun”
 Email
 Harassment or threats
 Blackmail
 Illegal transmission of internal corporate documents
 Meeting points/times for drug deals
 Suicide letters
 Technical data for bomb making
 Evidence of inappropriate use of computer resources or attacks
 Use of a machine as a spam email generator
 Use of a machine to distribute illegally copied software
Forensics are categorization
The technical side of investigations is divided into several
sub-branches like…
• Computer forensics
• Network forensics
• Database forensics
• Mobile device forensics
Network forensics

 Network forensics relates to the monitoring and analysis of


computer network (both local network and WAN/internet)
traffic for the purposes of information gathering, legal
evidence or intrusion detection.
 Traffic is intercepted (usually at the packet level) and either
stored for later analysis with specialist tools or filtered in real
time for relevant information.
Network forensics
 The digital forensic process encompasses the seizure,
forensic imaging (acquisition) and analysis of digital
media. Finally producing a report of the digital
evidence & then computer devices tend to store large
amounts of information in cache/log files and deleted
space and forensic examiners can recover this data as
part of the analysis process.
Investigations & Result
 Intrusion  The investigation should
answer
• data theft or misuse
• who did
• gathering evidence for
• what
other legal cases • when
(warez, porn, blackmail, ..)
• intelligence
Secure and investigate the scene

 None intrusive
 physical location
 Network topology

 IP addresses
 state of the computer or device

( power on/off, network, etc)


Gather information
 Information about the victim

Name, IP addresses, OS and version


• system time!
• uptime
• file system, mount points or volumes
• hardware
• User and groups
• Port Scan from external
compare to net stat output
• running processe
What is Packet Sniffer ?
• A packet sniffer is a program that can see all of the information
passing over the network it is connected to. As data streams back
and forth on the network, the program looks at, or “sniffs,” each
packet.
• A packet is a part of a message that has been broken up.
Normally, a computer only looks at packets addressed to it and
ignores the rest of the traffic on the network.
But when a packet
sniffer is set up on a computer, the sniffer’s network interface is
set to promiscuous mode. This means that it is looking at
everything that comes through.
Packet Sniffer
 A packet sniffer can usually be set up in one of two
ways:

1. Unfiltered – captures all of the packets

2. Filtered – captures only those packets containing


specific data elements
Advantage of the system

• Analyze network problems


• Detect network intrusion attempts
• Detect network misuse by internal and external users
• Gain information for effecting a network intrusion
• Isolate exploited systems
• Monitor network usage (including internal and external users
and systems)
• Monitor data-in-motion
Technology used
 S/w used  H/W used

• JpCap0.6 • RAM
• WinpCap • Wireless Network
• Internet Explor • NIC Card
• Windows O.S
What is WinPcap

 WinPcap is an open source library for packet capture and


network analysis for the Win32 platforms.
 The purpose of WinP cap is to give this kind of access to
Win32 applications; it provides facilities to:-

1) capture raw packets, both the ones destined to the machine


where it's running and the ones exchanged by other hosts (on
shared media)
2) filter the packets according to user-specified rules before
dispatching them to the application
3) transmit raw packets to the network
4) gather statistical information on the network traffic
What kind of programs use WinPcap
• The WinPcap programming interface can be used by many
types of network tools for analysis, troubleshooting,
security and monitoring. In particular, classical tools that
rely on WinPcap are:
• network and protocol analyzers
• network monitors
• traffic loggers
• traffic generators
• user-level bridges and routers
• network intrusion detection systems (NIDS)
• network scanners
• security tools
CONCLUSTION

 This project gives you each and every information


about the packet that you have send through the
network.
 This project will recovery and investigation of material
found in digital devices, often in relation to computer
crime

You might also like