[DF'25] Lecture 1 (Chapter 1, 2, 6)

Page 1: Introduction

• Course Title: Fundamentals of Computer Forensics

• Instructor: Dr. Hanan Hindy

• Contact Information: hanan.hindy@cis.asu.edu.eg

Page 2: Expectations

• Expectation outline provided.

Page 3: Main Textbook

• Author: Joakim Kävrestad

• Title: Fundamentals of Digital Forensics

• Focus: Theory, Methods, and Real-Life Applications

• Publisher: Springer

Page 4: General Rules and Guidelines

• Assignments must be submitted on time; missing deadlines is unacceptable.

• Plagiarism is prohibited.

• Emphasis on enjoying the learning process and encouraging questions.

Page 5: Grades Distribution

• Total Grade: 100 points

  • Breakdown:

    • Final Exam: 50 points

    • Year Work: 50 points:

      • Midterm Exam: 15 points

      • Case Report: 5 points

      • Practical Exam: 20 points

      • Lab work and assignments: 10 points

Page 6: Office Hours

• Day: Tuesday

• Time: 1 PM - 2 PM

• Location: Office on Second Floor

• Email: hanan.hindy@cis.asu.edu.eg

Page 7: Course Outline

• Topics Covered:

  • Introduction

  • Ethical Guidelines for Digital Forensics

  • Digital Evidence

  • Computer Theory for Digital Forensics

  • Notable Artifacts

  • Collecting Evidence

  • Open-Source Tools for Digital Forensics

Page 8: Proposed Practical Outline

• Practical Topics:

  • Data Acquisition (Windows & Linux)

  • File Analysis

  • FAT & NTFS File Systems

  • Windows Analysis

  • Windows Registries

  • Recycle Bin Analysis

  • Traffic Analysis

  • Analyzing SSL & TLS

Page 9: Introduction to Digital Forensics

• Reference Material: YouTube Video

Page 10: Agenda

• Key Questions:

  • What is Digital Forensics?

  • What is Forensic Examination?

  • Process Overview

  • Who is involved?

  • What can digital forensics do?

  • Ethical Guidelines for Digital Forensics

  • Discussion on Digital Evidence and Cybercrime

Page 11: Definition of Digital Forensics

• Scientific methods for:

  • Preservation

  • Collection

  • Validation

  • Identification

  • Analysis

  • Documentation

  • Presentation of digital evidence

• Purpose: Assist in reconstructing criminal events and anticipating unauthorized actions.

• Origin: Defined at the First Digital Forensics Research Workshop in 2001.

Page 12: Basic Explanation of Digital Forensics

• Focus: Examination of digital environments to determine:

  • If a crime was committed

  • Events such as remote control or intrusion.

Page 13: Scope of Digital Forensics

• Examination includes what is currently happening, focusing on:

  • Law enforcement applications

  • Corporate investigations

Page 14: NIST Definition of Digital Forensics

• Focus on retrieving, storing, and analyzing electronic data relevant to criminal investigations:

  • Includes data from computers, hard drives, mobile devices, etc.

Page 15: Challenges in Digital Forensics

• Issues:

  • Extracting data from damaged devices

  • Locating evidence in vast data

  • Ensuring methods capture data without alteration

Page 16: Formal Definition

• Definition: Collection, analysis, and reporting of digital data in a legally admissible manner.

• Importance: Supports crime detection and the resolution of disputes involving digital evidence.

• Comparison with other forensic disciplines.

Page 17: Forensic Examination Process

• Foundation: Practice of collecting, analyzing, and reporting digital data.

• Parties involved:

  • Requester of examination

  • Individual or device being examined

Page 18: Forensic Examination Overview

• Figure 1.1: Overview of forensic processes including input, processes, and output.

• Differences in targeting between criminal and corporate investigations.

Page 19: Examination Targets in Crime vs. Corporate

• Criminal Investigation: Targeting a person suspected of a crime after obtaining a warrant.

• Corporate Investigation: More focus may be on examining devices rather than individuals based on specific reasons.

Page 20: Digital Environment Investigation

• Exploration of digital actions and events conducted with devices.

• Investigation complexities lead to new questions arising.

Page 21: Iterative Process in Digital Forensics

• Forensic Examination Overview revisited with an emphasis on its iterative nature.

Page 22: Capabilities of Digital Forensics

• Functions:

  • Uncover actions performed using a digital device

  • Analyze device storage

  • Track internet activities and document ownership

  • Geographic tagging of multimedia

  • Overall, skilled experts can reveal comprehensive actions within digital devices

Page 23: Group Discussion Topic

• Exploration of various criminal investigations involving computer forensic experts.

Page 24: Role of Forensic Experts

• Involvement across various cases: theft, fraud, murder, etc.

• Duties:

  • Examine digital evidence

  • Assist in house searches

  • Provide consultancy for technical queries

  • Serve as witnesses in court

  • Participate in interrogations

Page 25: Extended Group Discussion Topics

• Investigating computer forensic experts' involvement in criminal and corporate environments.

• Important devices of interest to forensic experts.

• Stakeholders interested in forensic findings.

Page 26: Corporate Investigation Examples

• Instances when forensic experts investigate regulation breaches, data intrusions, or recovery processes.

Page 27: Further Group Discussion Points

• Continuing considerations on the role of forensic experts.

Page 28: Ethics and Integrity

• Emphasis on the importance of ethics in forensic examinations.

Page 29: Privacy Considerations

• Risks of privacy invasion during forensic examinations linked to solving crimes.

• Ethical considerations in maintaining respect for privacy even when necessary.

Page 30: Ethical Conduct Rule of Thumb

• Forensic examinations should prioritize integrity and ethical guidelines.

Page 31: Integrity of Suspects

• Importance of protecting the integrity of all subjects during investigations.

• Legal presumption of innocence.

• Extend investigations beyond just suspects to cover potentially implicated third parties.

Page 32:

Page 33: Ethical Guidelines Overview

• Follow local laws

• Be objective, honest, and thorough.

• Avoid conflicts of interest and preserve confidentiality.

• No harm to humans or undercover research.

Page 34: Cybercrime Inquiry

• Question posed: Do computer forensic experts work on cybercrimes?

Page 35: Misconceptions about Cybercrime

• Computer forensics involve more than just cyber crimes; it encompasses digital evidence in all crime types.

Page 36: Understanding Cyber-Related Crimes

• Digital evidence relevance across various crime categories.

Page 37: Types of Cyber-Related Crimes

• Breakdown of crimes linked to digital evidence.

Page 38: Crime Analysis

• Identification of crime victims, perpetrators, motives, and means used to commit crimes.

Page 39: Cybercrime Characteristics

• Definition and nature of cybercrime as sophisticated attacks.

Page 40: Cyber Crime Mechanics

• Definition of computer-driven crimes such as intrusions and denial of service attacks.

Page 41: Cyber-Crime Categories

• Distinction between cybercrime and cyber-aided crime.

Page 42: Cybercrime Evidence Categories

• Types of crimes associated with digital evidence and traces.

Page 43: Conclusion

• Acknowledgment and appreciation provided.