Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.
Transcript of Computer Forensics
Farid Bourennani Keenan Dutt , Frank Ong , Brian Perry, Katelyn Slaughter Introduction Data is valuable
Recover from loss
Forensics vs Anti-Forensics Windows uses disk drives to store non-volatile data
each volume are made up of files and folders
features a hierarchal sorting system
the file system used to organize data
current version of Windows supports FAT, NTFS, and exFAT file systems
uses drives letters to represent disk drives Data Structure in Windows Computer Forensics Relatively new
“Computer forensics is the science of locating, extracting, and analyzing types of data from different devices, which specialists then interpret as legal evidence”
? ? ? Reasons for a “computer forensics” investigation: Fraud audits
Instances of homicide
Peer-to-peer file sharing
Compromising private data Not just used by law enforcement
Businesses are using “enterprise computer forensics”
Protect things like IP (Intellectual Property)
Job opportunities! Computer Forensics - Non- Volatile Memory
- Volatile Memory
Page File Where to look Used for a variety of reasons:
Protection of confidential data
Businesses and Law Enforcement
Prevention of corporate espionage
Concealing criminal activities Anti-Forensics Techniques Decryption
Virtual Stenographic Laboratory Tools Physical Destruction
Software-Based Data Wiping
Different standards (DoD, RCMP, NIST)
"Hidden" Files in Windows
Slack Space Steganography
Least Significant Bit
Can be combined with encryption
Registry Key Removal
Encrypting Files & Folders
Encrypting Drives contains a system and bootable partition
system partition - used to specifiy the location of Windows in order to boot
boot partition - contains operating system files to boot, page file, boot sector, and the user files. Windows File System known as the New Technologies File System
journaled file system
faster than the FAT file system
suffers the same exploits that FAT has NTFS File System known as the File Allocation Table
placed at the beginning at the partition
two copies placed to prevent corruption
needs to be updated regularly
shouldn't be used with large volumes
FAT 16 had a limit of 2GB
superseded by exFAT and FAT32 FAT File System Can anyone think of circumstances that would require the confiscation of a device for a forensics investigation?? Conclusion By understanding forensics, one can develop anti-forensics, and vice-versa.
NOTE: Do not hide your data for law enforcement, just from malicious sources Thank you for watching!