0% found this document useful (0 votes)

143 views54 pages

Cyber Forensics for Investigators

The document discusses cyber forensics principles and live forensics. It outlines the challenges of live forensics, including needing access to the system with minimal impact, and timely evidence acquisition. Methods of live forensics are described, such as retrieving volatile data, forensic imaging, and memory analysis using tools like Win-LiFT, COFEE, and EnCase Portable. Specific live forensic data sources and tools available in Kali Linux are also detailed.

Uploaded by

Martin Humphrey

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

143 views54 pages

Cyber Forensics for Investigators

Uploaded by

Martin Humphrey

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PPTX, PDF, TXT or read online on Scribd

You are on page 1/ 54

CYBER FORENSICS PRINCIPLES

Jayaram P

CDAC

Wednesday, August 11, 2021 1

 Plan
Cyber Crime
Cyber Forensics Steps
Live Forensics

Wednesday, August 11, 2021 2

Wednesday, August 11, 2021 3
Wednesday, August 11, 2021 4
Wednesday, August 11, 2021 5
Wednesday, August 11, 2021 6
Wednesday, August 11, 2021 7
Wednesday, August 11, 2021 8
Wednesday, August 11, 2021 9
Wednesday, August 11, 2021 10
Wednesday, August 11, 2021 11
Wednesday, August 11, 2021 12
Wednesday, August 11, 2021 13
Wednesday, August 11, 2021 14
Wednesday, August 11, 2021 15
Wednesday, August 11, 2021 16
Wednesday, August 11, 2021 17
Wednesday, August 11, 2021 18
Wednesday, August 11, 2021 19
Wednesday, August 11, 2021 20
Wednesday, August 11, 2021 21
Wednesday, August 11, 2021 22
Wednesday, August 11, 2021 23
Wednesday, August 11, 2021 24
Wednesday, August 11, 2021 25
Wednesday, August 11, 2021 26
Wednesday, August 11, 2021 27
Wednesday, August 11, 2021 28
Wednesday, August 11, 2021 29
Wednesday, August 11, 2021 30
Wednesday, August 11, 2021 31
Live Forensics

Wednesday, August 11, 2021 32

Live Forensics - Challenges

 Need access to the system

 Minimize impact on system.

 Some tools leave footprint and hence proper

audit/notes to be made.

 Timely evidence acquisition and analysis.

Wednesday, August 11, 2021 33

Conducting Live Forensics

1. Retrieval of volatile data

2. Forensic imaging of live system

3. Analysis of evidence collected

Wednesday, August 11, 2021 34

Scenario : Ongoing Crime

 Want to catch them “in the act”

 See how things change (web pages, file access
times, registry, memory, etc.)
 Want to understand:
 How they got in
 What they compromised
 Where they are
 Who they are

Wednesday, August 11, 2021 35

Live Data

 Process memory
 System time  Network status
 Logged-on user(s)  Clipboard contents
 Open files  Service/driver information
 Network information  Command history
 Network connections  Mapped drives
 Process information  Shares
 Process-to-port mapping

Wednesday, August 11, 2021 36

Non-volatile Data

 Event logs
 Registry
 Disks

Wednesday, August 11, 2021 37

Memory Analysis

Memory Acquisition

Perform Ram Dump to a

file [Using Tools like Dump file
DumpIt, mdd etc]

Dump File Analysis

Report Generation
Dump file
Analyzed using tools
(eg.Volatility , Win-LiFT)

Wednesday, August 11, 2021 38

Live Forensics Tools

Wednesday, August 11, 2021 39

 C-DAC’s Win-LiFT

 COFEE(Computer Online
Forensic Evidence Extractor )

 EnCase Portable

Wednesday, August 11, 2021 40

https://cyberforensics.in/

Wednesday, August 11, 2021 41

Investigator’s
Machine

Suspect’s
Machine

Investigator’s
Machine

Wednesday, August 11, 2021 42

Wednesday, August 11, 2021 43
Wednesday, August 11, 2021 44
Wednesday, August 11, 2021 45
Wednesday, August 11, 2021 46
Live Forensic Tools - COFEE

Wednesday, August 11, 2021 47

 Easy to use
 Capture important "live" computer
evidence
 Special forensics expertise not
needed.

Computer Online Forensics Evidence Extractor

Wednesday, August 11, 2021 48

Computer Online Forensics Evidence Extractor

Wednesday, August 11, 2021 49

Live Forensic Tools - Encase
Portable

 Easy to Use
 Forensically Sound
 Ultra-Portable
 Stealth

Wednesday, August 11, 2021 50

Forensic Tools in Kali Linux

Wednesday, August 11, 2021 51

 More than 200 penetration testing tools are packaged in Kali Linux.
 More than 20 tools for forensics packaged inside Kali Linux.

1. Binwalk tool:
 searches a specified binary image for executable code and files.
2. Bulk extractor tool:
 Extracts credit card numbers, URL links, email addresses etc..
 Works on compressed data and incomplete or damaged data.
3. HashDeep tool:
 For hashing of files.
4. Magic rescue tool:
 Performs scanning operations on a blocked device.
 Recovers files deleted or from corrupted partition.
5. Guymager tool:
 Used to acquire media for forensic imagery

Wednesday, August 11, 2021 52

6. Pdfid tool:
 Scans pdf files for specific keywords.

7. Pdf-parser tool:
8. Peepdf tool:

9. Autopsy tool:
 An autopsy is all in one forensic utility for fast data recovery and hash
filtering.
 This tool carves deleted files and media from unallocated space.

10. img_cat tool:

Wednesday, August 11, 2021 53

THANK YOU
jayaram@cdac.in

Wednesday, August 11, 2021 54

CSF Unit 4
No ratings yet
CSF Unit 4
21 pages
Computer Forensics Guide
No ratings yet
Computer Forensics Guide
40 pages
Module 02 - Computer Forensics Investigation Process - AG - 25
No ratings yet
Module 02 - Computer Forensics Investigation Process - AG - 25
53 pages
Digital Forensics
No ratings yet
Digital Forensics
52 pages
Method of Digital Forensic
100% (1)
Method of Digital Forensic
6 pages
Cloud Forensics
No ratings yet
Cloud Forensics
6 pages
Cyber Law of India
No ratings yet
Cyber Law of India
14 pages
DMF Lessonplan
No ratings yet
DMF Lessonplan
8 pages
COIT20263 Information Security Management - Assignment 2
No ratings yet
COIT20263 Information Security Management - Assignment 2
5 pages
Cyber Crime Unit-I - Part-1
No ratings yet
Cyber Crime Unit-I - Part-1
69 pages
Cyber Forensics Course Guide
No ratings yet
Cyber Forensics Course Guide
14 pages
DFIR Lab Manual
No ratings yet
DFIR Lab Manual
27 pages
DMF Lab Manual
No ratings yet
DMF Lab Manual
31 pages
Digital Forensics: Module 1: Computer Forensics and Investigation
No ratings yet
Digital Forensics: Module 1: Computer Forensics and Investigation
33 pages
Cyber Security and Digital Forensics Lab Manual 4361601
No ratings yet
Cyber Security and Digital Forensics Lab Manual 4361601
25 pages
Chapter 5 Forensic
No ratings yet
Chapter 5 Forensic
84 pages
Introduction To Digital Forensics
No ratings yet
Introduction To Digital Forensics
24 pages
Digital Forensics Course Logistics / Contents Preview
No ratings yet
Digital Forensics Course Logistics / Contents Preview
61 pages
Cyber Forensics Imp Questions
No ratings yet
Cyber Forensics Imp Questions
8 pages
Computer Forensics - 2
No ratings yet
Computer Forensics - 2
41 pages
Lab Digital Assignment Iv - Prodiscover
No ratings yet
Lab Digital Assignment Iv - Prodiscover
21 pages
CHFIv9 STUDY GUIDE - NEW
No ratings yet
CHFIv9 STUDY GUIDE - NEW
75 pages
Module 1 - Introduction To Digital Investigation and Forensics
No ratings yet
Module 1 - Introduction To Digital Investigation and Forensics
34 pages
CS8074 - Cyber Forensics
No ratings yet
CS8074 - Cyber Forensics
8 pages
A Study of Cybercrimes in India Using Digital Forensics
No ratings yet
A Study of Cybercrimes in India Using Digital Forensics
15 pages
Question Bank Cyber Forensics in Engineering Study
No ratings yet
Question Bank Cyber Forensics in Engineering Study
10 pages
What Is Forensic Toolkit (FTK) ?
No ratings yet
What Is Forensic Toolkit (FTK) ?
7 pages
Sara - Unit-4
No ratings yet
Sara - Unit-4
28 pages
Cyber Forensics and Its Applications
No ratings yet
Cyber Forensics and Its Applications
10 pages
Digital Forensics Insights
No ratings yet
Digital Forensics Insights
23 pages
Cybersecurity Tools & Techniques
No ratings yet
Cybersecurity Tools & Techniques
14 pages
Cyber Forensics Course Overview
No ratings yet
Cyber Forensics Course Overview
2 pages
Cloud & OT Security Quiz
No ratings yet
Cloud & OT Security Quiz
10 pages
Sara - Unit-5
No ratings yet
Sara - Unit-5
20 pages
Computer Forensics
No ratings yet
Computer Forensics
20 pages
File Recovery Digital Forensics
No ratings yet
File Recovery Digital Forensics
7 pages
Digital Forensics Tools Overview
No ratings yet
Digital Forensics Tools Overview
10 pages
2 CSF
No ratings yet
2 CSF
43 pages
A Survey of Honeypots and Honeynets For Internet of Things Industrial Internet of Things and Cyber-Physical Systems
No ratings yet
A Survey of Honeypots and Honeynets For Internet of Things Industrial Internet of Things and Cyber-Physical Systems
33 pages
Unit 4
No ratings yet
Unit 4
35 pages
DIGITAL FORENSICS Syllabus
No ratings yet
DIGITAL FORENSICS Syllabus
2 pages
Open Source and Proprietary Tools in Digital Forensics
No ratings yet
Open Source and Proprietary Tools in Digital Forensics
10 pages
Data Formats
No ratings yet
Data Formats
89 pages
Cybercrime Case Studies in India
No ratings yet
Cybercrime Case Studies in India
55 pages
Importance of Information Security Policy
No ratings yet
Importance of Information Security Policy
11 pages
Unit 2
No ratings yet
Unit 2
20 pages
CSDF Endsem
100% (1)
CSDF Endsem
33 pages
Unit Iii Reconnaissance
No ratings yet
Unit Iii Reconnaissance
41 pages
Chapter 1: Introduction 1.1.2 Internet of Things (Iot) : Basic Concept
No ratings yet
Chapter 1: Introduction 1.1.2 Internet of Things (Iot) : Basic Concept
29 pages
Digital Forensics Lec2 Spring 2021
No ratings yet
Digital Forensics Lec2 Spring 2021
50 pages
Prolog Solution for Water Jugs
100% (1)
Prolog Solution for Water Jugs
5 pages
Forensic USB Analysis Guide
No ratings yet
Forensic USB Analysis Guide
10 pages
Security Practics Unit 1
No ratings yet
Security Practics Unit 1
68 pages
Computer Forensics
No ratings yet
Computer Forensics
18 pages
Design and Implementation of Digital Forensics Labs
No ratings yet
Design and Implementation of Digital Forensics Labs
22 pages
Seminar Report
No ratings yet
Seminar Report
29 pages
Digital Forensics - Notes For Everything
No ratings yet
Digital Forensics - Notes For Everything
160 pages
01 Introducation To Digital Forensic
No ratings yet
01 Introducation To Digital Forensic
6 pages
Cyber Check Manual Version 3.0
No ratings yet
Cyber Check Manual Version 3.0
316 pages
Basic CYBER Forensics
No ratings yet
Basic CYBER Forensics
64 pages
CISA Notes
100% (2)
CISA Notes
7 pages
Cys 102
No ratings yet
Cys 102
33 pages
Digital Forensic Analysis Lab Exercise
75% (4)
Digital Forensic Analysis Lab Exercise
3 pages
Digital Forensics for Law Practitioners
No ratings yet
Digital Forensics for Law Practitioners
14 pages
Computer Forensics Final Grade
No ratings yet
Computer Forensics Final Grade
15 pages
Digital Forensics of Cybercrimes and The Use of Cyber Forensics Tools To Obtain Digital Evidence
No ratings yet
Digital Forensics of Cybercrimes and The Use of Cyber Forensics Tools To Obtain Digital Evidence
24 pages
@vtucode - in BETCK105l Module 5 2022 Scheme
No ratings yet
@vtucode - in BETCK105l Module 5 2022 Scheme
28 pages
IA 111 Lecture 01 Year 2022-2023
No ratings yet
IA 111 Lecture 01 Year 2022-2023
19 pages
CHFI Computer Hacking Forensic Investigator 1st Edition by Charles L Brooks ISBN 9780071831567 Available All Format
100% (5)
CHFI Computer Hacking Forensic Investigator 1st Edition by Charles L Brooks ISBN 9780071831567 Available All Format
111 pages
SCI4201 Lecture 5 - Processing Crime and Incident Scenes
No ratings yet
SCI4201 Lecture 5 - Processing Crime and Incident Scenes
66 pages
M.Tech Cyber Security Syllabus
No ratings yet
M.Tech Cyber Security Syllabus
20 pages
Computer Forensics Investigation
No ratings yet
Computer Forensics Investigation
46 pages
Forensic Investigator Certification
No ratings yet
Forensic Investigator Certification
9 pages
Recover & Analyze Your Evidence in One Case
No ratings yet
Recover & Analyze Your Evidence in One Case
2 pages
MH17
No ratings yet
MH17
143 pages
Digital Forensics - A Literature Review: September 2019
No ratings yet
Digital Forensics - A Literature Review: September 2019
6 pages
Digital Forensics: A Methodical Guide
No ratings yet
Digital Forensics: A Methodical Guide
8 pages
Student Membership Brochure
No ratings yet
Student Membership Brochure
6 pages
Module 4 CF
No ratings yet
Module 4 CF
21 pages
Cyber Security - Indian Perspective PDF
No ratings yet
Cyber Security - Indian Perspective PDF
30 pages
In Private
No ratings yet
In Private
6 pages
Cyber Laws&Forensic
No ratings yet
Cyber Laws&Forensic
20 pages
Digital Forensic Principles & Methods
No ratings yet
Digital Forensic Principles & Methods
14 pages
1S00156A
No ratings yet
1S00156A
494 pages
Weaponization Unveiled Navigating Stage Two
No ratings yet
Weaponization Unveiled Navigating Stage Two
83 pages
Incident Response
100% (1)
Incident Response
59 pages
Cyber Security and Ethical Hacking Syllabus- [AY 25-26] 3rd Sem
No ratings yet
Cyber Security and Ethical Hacking Syllabus- [AY 25-26] 3rd Sem
3 pages
Computer Hacking Forensic Investigator Version 4 (CHFI) : Course Introduction 6m Computer Forensics in Today's World
No ratings yet
Computer Hacking Forensic Investigator Version 4 (CHFI) : Course Introduction 6m Computer Forensics in Today's World
34 pages

Cyber Forensics for Investigators

Uploaded by

Cyber Forensics for Investigators

Uploaded by

CYBER FORENSICS PRINCIPLES

Wednesday, August 11, 2021 1

Wednesday, August 11, 2021 2

Wednesday, August 11, 2021 32

 Need access to the system

 Minimize impact on system.

 Some tools leave footprint and hence proper

 Timely evidence acquisition and analysis.

Wednesday, August 11, 2021 33

1. Retrieval of volatile data

2. Forensic imaging of live system

Wednesday, August 11, 2021 34

 Want to catch them “in the act”

Wednesday, August 11, 2021 35

Wednesday, August 11, 2021 36

Wednesday, August 11, 2021 37

Perform Ram Dump to a

Dump File Analysis

Wednesday, August 11, 2021 38

Wednesday, August 11, 2021 39

Wednesday, August 11, 2021 40

Wednesday, August 11, 2021 41

Wednesday, August 11, 2021 42

Wednesday, August 11, 2021 47

Computer Online Forensics Evidence Extractor

Wednesday, August 11, 2021 48

Wednesday, August 11, 2021 49

Wednesday, August 11, 2021 50

Wednesday, August 11, 2021 51

Wednesday, August 11, 2021 52

10. img_cat tool:

Wednesday, August 11, 2021 53

Wednesday, August 11, 2021 54

You might also like