Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Computer Forensics

Operating Systems Final Presentation
by

Kate Slaughter

on 5 February 2013

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Computer Forensics

Computer Forensics Operating Systems
INFR-2830
Farid Bourennani Keenan Dutt , Frank Ong , Brian Perry, Katelyn Slaughter Introduction Data is valuable
Recover from loss
Law Enforcement
Malicious Purposes
Forensics vs Anti-Forensics Windows uses disk drives to store non-volatile data
each volume are made up of files and folders
features a hierarchal sorting system
the file system used to organize data
current version of Windows supports FAT, NTFS, and exFAT file systems
uses drives letters to represent disk drives Data Structure in Windows Computer Forensics Relatively new

“Computer forensics is the science of locating, extracting, and analyzing types of data from different devices, which specialists then interpret as legal evidence”

? ? ? Reasons for a “computer forensics” investigation: Fraud audits
Identity theft
Hacking
Embezzlement
Instances of homicide
Child pornography
Peer-to-peer file sharing
Unlawful access
Compromising private data Not just used by law enforcement

Businesses are using “enterprise computer forensics”

Protect things like IP (Intellectual Property)

Job opportunities! Computer Forensics - Non- Volatile Memory
Hard drive
Windows Registry
Artifacts
- Volatile Memory
Page File Where to look Used for a variety of reasons:

Protection of confidential data
Businesses and Law Enforcement

Prevention of corporate espionage

Concealing criminal activities Anti-Forensics Techniques Decryption
OPHcrack
File Carving
Steganalysis
Virtual Stenographic Laboratory Tools Physical Destruction

Degaussing

Software-Based Data Wiping
Different standards (DoD, RCMP, NIST)

Erasing Files

Hiding Data
"Hidden" Files in Windows
Software Tools
Slack Space Steganography
Least Significant Bit
Can be combined with encryption

MetaData Removal

Registry Key Removal

Encryption
Encrypting Files & Folders
Encrypting Drives contains a system and bootable partition
system partition - used to specifiy the location of Windows in order to boot
boot partition - contains operating system files to boot, page file, boot sector, and the user files. Windows File System known as the New Technologies File System
journaled file system
disk encryption
disk quotas
object permissions
compression
faster than the FAT file system
suffers the same exploits that FAT has NTFS File System known as the File Allocation Table
placed at the beginning at the partition
two copies placed to prevent corruption
needs to be updated regularly
shouldn't be used with large volumes
FAT 16 had a limit of 2GB
superseded by exFAT and FAT32 FAT File System Can anyone think of circumstances that would require the confiscation of a device for a forensics investigation?? Conclusion By understanding forensics, one can develop anti-forensics, and vice-versa.

NOTE: Do not hide your data for law enforcement, just from malicious sources Thank you for watching!
Full transcript