Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Computer Forensics

Operating Systems Final Presentation

Kate Slaughter

on 5 February 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Computer Forensics

Computer Forensics Operating Systems
Farid Bourennani Keenan Dutt , Frank Ong , Brian Perry, Katelyn Slaughter Introduction Data is valuable
Recover from loss
Law Enforcement
Malicious Purposes
Forensics vs Anti-Forensics Windows uses disk drives to store non-volatile data
each volume are made up of files and folders
features a hierarchal sorting system
the file system used to organize data
current version of Windows supports FAT, NTFS, and exFAT file systems
uses drives letters to represent disk drives Data Structure in Windows Computer Forensics Relatively new

“Computer forensics is the science of locating, extracting, and analyzing types of data from different devices, which specialists then interpret as legal evidence”

? ? ? Reasons for a “computer forensics” investigation: Fraud audits
Identity theft
Instances of homicide
Child pornography
Peer-to-peer file sharing
Unlawful access
Compromising private data Not just used by law enforcement

Businesses are using “enterprise computer forensics”

Protect things like IP (Intellectual Property)

Job opportunities! Computer Forensics - Non- Volatile Memory
Hard drive
Windows Registry
- Volatile Memory
Page File Where to look Used for a variety of reasons:

Protection of confidential data
Businesses and Law Enforcement

Prevention of corporate espionage

Concealing criminal activities Anti-Forensics Techniques Decryption
File Carving
Virtual Stenographic Laboratory Tools Physical Destruction


Software-Based Data Wiping
Different standards (DoD, RCMP, NIST)

Erasing Files

Hiding Data
"Hidden" Files in Windows
Software Tools
Slack Space Steganography
Least Significant Bit
Can be combined with encryption

MetaData Removal

Registry Key Removal

Encrypting Files & Folders
Encrypting Drives contains a system and bootable partition
system partition - used to specifiy the location of Windows in order to boot
boot partition - contains operating system files to boot, page file, boot sector, and the user files. Windows File System known as the New Technologies File System
journaled file system
disk encryption
disk quotas
object permissions
faster than the FAT file system
suffers the same exploits that FAT has NTFS File System known as the File Allocation Table
placed at the beginning at the partition
two copies placed to prevent corruption
needs to be updated regularly
shouldn't be used with large volumes
FAT 16 had a limit of 2GB
superseded by exFAT and FAT32 FAT File System Can anyone think of circumstances that would require the confiscation of a device for a forensics investigation?? Conclusion By understanding forensics, one can develop anti-forensics, and vice-versa.

NOTE: Do not hide your data for law enforcement, just from malicious sources Thank you for watching!
Full transcript