Post on 21-Feb-2023
INTRODUCTION1. CRIME AND DIGITAL EVIDENCE2. DIGITAL EVIDENCE3. INCREASING AWARENESS OF DIGITAL EVIDENCE4. DIGITAL FORENSICS: PAST, PRESENT AND FUTURE5. PRINCIPLES OF DIGITAL FORENSICS6. CHALLENGING ASPECTS OF DIGITAL EVIDENCE7. FOLLOWING THE CYBERTRAIL
CRIME AND DIGITAL EVIDENCE• With the internet explosion, there is a need to create complete procedures for investigators to solves challenges in cases have crime committed on internet.
• Types of crime committed via internet:• Information theft• Illegal intrusion• Terrorist• Launder money• Share information illegally.
They all try to use tools, techniques to avoid detection and apprehension from the
police
CRIME AND DIGITAL EVIDENCE• Main targets of network-based attacks are the critical infrastructure of organizations such as government, financial, health…
• Digital evidence is useful for all computer-related crime:• Homicide• Sex offenses• Missing person • Child abuse• Drug dealing• Fraud• Theft of personal information
CRIME AND DIGITAL EVIDENCE
• Digital evidence:
• ---------------------------------------------------------------------------------------
• Make clear:
Reveal how a crime was committed
Provide investigative leads
Disprove or support witness statements
Identify likely suspects
When events occurred Where victims and suspects wereWhom they communicated
Whether crime committed with intention
DIGITAL EVIDENCE• Definition:
Any data Stored or transmitted using a computer Support or refute a theory of how an offense occurred Or that address critical elements of the offense such as intent or
alibi
• Other defines: • Provide a link between a crime and its victim or a crime and its perpetrators
• Probative value
• Be relied on court
DIGITAL EVIDENCE• Sources of digital evidence are devided into 3 categories:1: OPEN COMPUTER SYSTEMInclude: Hardware, keyboard,
mornitor(desktop, laptops, server obey standards)
Information: Contain incriminating information useful for investigation.
2: COMMUNICATION SYSTEMInclude: Traditional telephone systems, wireless tele-communication systems,
internet, networks.Information: Contain useful information: details of a message was sent(time, who
sent, its content); log files from intermediate servers and routers.
3: EMBEDDED COMPUTER SYSTEM
Include: mobile devices, smart cards…
Information: Contain communication information,
digital photograph, video... or other personal
details
INCREASING AWARENESS OF DIGITAL EVIDENCE• An increasing number of organizations are faced with the necessity of collecting evidence when they meet the situation, illegal information theft…
DIGITAL FORENSICS: PAST, PRESENT AND FUTURE• There are needs for qualified practitioners in three areas of specialization:
To reduce the risk of mishandled evidence or errors in analysis and interpretation.
Preservation of digital evidence
Extraction of usable information from digital evidence
Interpretation of digital evidence to gain insight into key aspects of offense
DIGITAL FORENSICS: PAST, PRESENT AND FUTURE
Three main remaining challengesDo not have an agreed
certification program or
list of qualificatio
ns for digital forensic
examiners.
Some places treat
examination of digital evidence as
an investigative rather than a
forensic activity.
Wide variability
and uncertainty
about education, experience
and training of those
practicing this
discipline
DIGITAL FORENSICS: PAST, PRESENT AND FUTURE
Requirements for practitioners
Competence of individual experts for both the
defense and prosecution
The training experts
3 levels of competence in
terms of electronic evidence –
basic retrieval, analysis, and
the interpretation of data.
PRINCIPLES OF DIGITAL EVIDENCEa) Evidence exchange
b) Evidence characteristics
Follow the trails that offenders leave during the commission of a crime and to tie perpetrators to the victims and crime scenes.
Class characteristics
They are common traits in similar items
They are more specific with unique traits that determine a specific object. They are rarer but we can find if we get closer analysis.
Individual characteristics
PRINCIPLES OF DIGITAL EVIDENCEc) Forensic soundness
The measure of forensic soundness does not require the original to be left unaltered.
Digital evidence must be preserved and examined in a forensically sound manner.
Forensic soundness
PRINCIPLES OF DIGITAL EVIDENCEd) Authentication ( tính đúng đắn)
Authentication is actually a two-step process: an initial examination of the evidence to determine what should be examined.
Closer analysis to determine its probative value
The contents of the record have remained unchanged
The information in the record does originate from its purported source
The apparent date of the record is accurate
PRINCIPLES OF DIGITAL EVIDENCEe) Chain of custody• Wikipedia: “The documentation showing the full process of
requisition, tranfer handling, deposition of physical on electric value”
• To demonstrate that digital evidence has not been altered since it was collected.
PRINCIPLES OF DIGITAL EVIDENCEf) Evidence integrity• To show that evidence has not been altered from the time it was collected support the authentication process.
• NOTICE: have basic comprehension about: Message Digest & Cryptographic HASH Values.
g) Objectivity• Let the evidence speak for itself as much as possible.
h) Repeatability
CHALLENGING ASPECTS OF DIGITAL EVIDENCE• As a physical evidence, digital evidence creates several challenges for analysts:
It is messy so it is difficult to handleAn abstraction
D.E is usually circumstantial D.E can be manipulated or destroyed.
CHALLENGING ASPECTS OF DIGITAL EVIDENCE
Evidence dynamics and the introduction of error• Evidence dynamics(thay đổi):
Any influence that changes, relocates, obscures, or obliterates evidence• Some examples of Evidence Dynamics• Installing software on origional evidential computer to attempt to recover deleted files.
• Installing a pirated version of a forensic tool then altered and overwrote data on the evidential computer.
Evidence dynamics created investigative and legal challenges
FOLLOWING THE CYBERTRAIL• Crime on internet actually sometimes ties to a crime in the physical world.
Cybercrime reflects a crime in physical world
Criminals feel safe on the internet
A crime on physical world may relate digital evidence on the internet
Causes