digita forensic

8/7/2019 digita forensic ..

http://slidepdf.com/reader/full/digita-forensic- 1/17

An Introduction to DigitalForensics

Submitted by:

Afroz khanNeelam sharma

Sneha jain



Digital forensics

Digital forensics is a branch of forensic science encompassing

the recovery and investigation of material found in digital devices,this devices include computers, PDAs, cellular phones etc.

Digital forensics is the application of computer investigation and

analysis techniques in the interests of determining potential legalevidence .



Digital forensics

The term digital forensics was originally used as a

synonym for computer forensics but has expanded to cover

all devices capable of storing digital data .



Examples of Digital Evidence

Computers increasingly involved in criminal and corporateinvestigations

Digital evidence may play a supporting role or be the ³smoking

gun´ Email

Harassment or threats

Blackmail

Illegal transmission of internal corporate documents

Meeting points/times for drug deals Suicide letters

Technical data for bomb making

Evidence of inappropriate use of computer resources or attacks

Use of a machine as a spam email generator

Use of a machine to distribute illegally copied software



Forensics are categorization

The technical side of investigations is divided into several

sub-branches like«

� Computer forensics

� Network forensics

� Database forensics

� Mobile device forensics



Network forensics

Network forensics relates to the monitoring and analysis of

computer network (both local network and WAN/internet)

traffic for the purposes of information gathering, legalevidence or intrusion detection.

Traffic is intercepted (usually at the packet level) and either

stored for later analysis with specialist tools or filtered in real

time for relevant information.



Network forensics

The digital forensic process encompasses the seizure,

forensic imaging (acquisition) and analysis of digital

media. Finally producing a report of the digital

evidence & then computer devices tend to store largeamounts of information in cache/log files and deleted

space and forensic examiners can recover this data as

part of the analysis process.



Investigations & Result

Intrusion

� data theft or misuse

� gathering evidence for

other legal cases

(warez, porn, blackmail, ..)

� intelligence

The investigation should

answer

� who did

� what

� when



Secure and investigate the scene

None intrusive

physical location

Network topology IP addresses

state of the computer or device

( power on/off, network, etc)



Gather information

Information about the victim

Name, IP addresses, OS and version

� system time!� uptime

� file system, mount points or volumes

� hardware

� User and groups

� Port Scan from externalcompare to net stat output

� running processe



What is Packet Sniffer ?

� A packet sniffer is a program that can see all of the informationpassing over the network it is connected to. As data streams back and forth on the network, the program looks at, or ³sniffs,´ eachpacket.

� A packet is a part of a message that has been broken up.Normally, a computer only looks at packets addressed to it andignores the rest of the traffic on the network.

But when a packetsniffer is set up on a computer, the sniffer¶s network interface is

set to promiscuous mode. This means that it is looking ateverything that comes through.



Packet Sniffer

A packet sniffer can usually be set up in one of two

ways:

1. Unfiltered ± captures all of the packets

2. Filtered ± captures only those packets containing

specific data elements



Advantage of the system

� Analyze network problems

� Detect network intrusion attempts

� Detect network misuse by internal and external users

� Gain information for effecting a network intrusion

� Isolate exploited systems

� Monitor network usage (including internal and external

users and systems)

� Monitor data-in-motion



Technology used

S/w used

� JpC

ap0.6� WinpCap

� Internet Explor

� Windows O.S

H/W used

� RAM� Wireless Network

� NIC Card



What is WinPcap

WinPcap is an open source library for packet capture andnetwork analysis for the Win32 platforms.

The purpose of WinP cap is to give this kind of access to

Win32 applications; it provides facilities to:-

1) capture raw packets, both the ones destined to the machinewhere it's running and the ones exchanged by other hosts (onshared media)

2) filter the packets according to user-specified rules beforedispatching them to the application

3) transmit raw packets to the network

4) gather statistical information on the network traffic



What kind of programs use WinPcap

� The WinPcap programming interface can be used by manytypes of network tools for analysis, troubleshooting, securityand monitoring. In particular, classical tools that rely onWinPcap are:

� network and protocol analyzers

� network monitors

� traffic loggers

� traffic generators

� user-level bridges and routers� network intrusion detection systems (NIDS)

� network scanners

� security tools



CONCLUSTION

This project gives you each and every information

about the packet that you have send through the

network.

This project will recovery and investigation of material

found in digital devices, often in relation to computer

crime

Documents

digita forensic