Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Electronic Forensics

No description

rasha alqrtoubi

on 30 April 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Electronic Forensics

The main four stages for forensics
place to found evidence?
“Log files were useless because they didn't place the employee at the computer at the time of activity” what could be the reasons?
It might be Trojan horse which is use unexpected functionality and

remotely access to the employees computer and hide their actions on

that PC. Also it might have been another employees or cookies.
As investigation team, you are asked to check the hard drive. You have to explain the whole steps that you are going to do while you are dealing with the hard drive including the technology, software and the main steps of forensics to protect your evidence (integrity).
Electronic Forensics
how to find hidden files on windows 7
software to discover hidden protected files
Hidden File Finder
HData Recovery Master program
Recover the data such that files, images, document, and e-mails from any storage device like hard drive.
Yodot File Recovery
is a software use for file recovery from
hard drives and other external drives.It
recover hidden files and folders which
remove or lost from pen drive.
software for scanning and
finding the files which are
A user's computer
operating system
1- Put hidden camera to monitor the employees.
2- install a sniffer program to the PCs of employeesز

3- Trains first responders who deal with forensics investigation.
4- Built department for forensics investigation which include training staff ,equipment and software.
first will take hard drive and make two copies , one as evidence and save it in save location and the second copy to Examinations to found the truth. Then, return bake the hard drive to the user computer and start to traces the work of an user in the computer. Must kept evidence in secure location and Protecting evidence from unauthorized access , fire, water smoke, dust and magnetic emanations. We found that the employee was so careful when he delete any file but they May be do same error when he delete an image, he think that image are delete from hard drive but it is not. From that we do timeline for the activity that employee do it before.
The recommendations to get more evidences
“chain of custody”
also we found hidden file. when we try to open it, we found that file have password. we copy of every things from hard drive like word, number and characters. so from that we able to get password and open file. we found list of favorite websites that user was visit it. Now we start doing the report about all the evidence that we found it. we do the chain-of-custody and we do the recommended for the company also. After that we Watching surveillance Cameras and found that the user is the only person who used his computer. Now we have all the evidence against the user so we confronted him and he Denied all the accused against him. But all the evidence against him and prove what we have
Full transcript