Computer Forensics
Shri U.Rama Mohan
Computer forensics expert

Forensic Objectives & Principles
Legal Requirements
The Handling of Evidence
The Size of the Problem
Four Types of Suspect Matrix
- Not computer literate
- Did not know
+ Computer literate
- Did not know
Levels of Forensic Analysis
Active files
Deleted files
Slack space
Orphaned clusters
etc.,
Tools for analysis
DIBS Analyzer
EnCase
Expert witness
I-Look
P C Inspector Tools
Ana Disk
N T I Tools
Compare it
Sim card reader
Tools for Imaging
Disk image backup system ( UK )
Encase acquiring ( USA )

Penal sections in I T Act
Types of Computer Crimes

Category I: Unauthorised access and interception
Hacking
Interception
Time theft



Category II: Alteration of computer data
Logic Bomb
Trojan Horse
Virus
Worm
False Data Entry (Data Diddling)
Salami techniques
Trapdoors
Data Leakage
Evaluating Evidence
At all stages of the analysis stop at regular times and evaluate the information obtained.
Is it suitable for use as evidence?
Does it support the case?
Is it sufficient?
Does it really mean what you think?
Conclusion


Category III: Computer related frauds

Cash dispensers
Computer forgery
Programme manipulation
Programme piracy
Fraud at payment points
Telephone Phreaking
Category IV: Unauthorised reproduction
Software piracy
Category V: Computer Sabotage
Hardware
Software

Category VI: Miscellaneous computer crimes

Theft of trade secrets
Distribution of antisocial material
Eavesdropping and spying
Masquerading (impersonation)
Piggybacking and Tailgating
Scavenging and Reuse
Scanning
Asynchronous attacks
Computer and components theft
Team Members
Search & Seizure of Computers

General Computing Principles 
General Computing Principles 
Hard disks and floppy disks
Storage capacity
Sectors, heads, cylinders, sizes
General Computing Principles 
Computer memory
The BIOS
The operating system
MS-DOS – DOS v5


The Physical Hard Disk
TRACK
HEAD
SECTOR
BYTES
BYTES
BYTES
Logical Structure of a FAT Drive
Master Boot Record
Partition Boot Record

File Allocation Table
File Allocation Table
File Allocation Table
File Allocation Table
File Allocation Table
Root Directory
Directories and Sub-Directories
Locating Files
NTFS
Master File Table
Logical Structure of an NTFS Drive
The Tree Diagram
The Tree Diagram
Hard Disk Areas
Active Files
Deleted Files
Deleted Files
Hard Disk Areas
Slack Space
Slack Space
Unallocated Space
Orphaned Clusters
Forensic Analysis
The Windows® Internal View
The Windows® External View
The Forensic View
The Windows® View
The Forensic View
Tools used for Specified analysis
Access Password cracker
NTI Advanced Password recovery tool
I cain Software Password recovery tool
Zip crackers-AZPWR
Wincomp-Source Code Comparision Tool
SIM Detective-SIM card analysis
Audio to Text Convertor
Stegano Tools/Comaflouge Tools
Call on for assistance
U.Rama mohan
Ph 040 23307138 (o) Fax 040 23394449
E-mail : rukkalam@hotmail.com
APFSL,RED HILLS,HYDERABAD-4.
THAN ‘Q’