ARBA MINCH UNIVERSITY

FACULTY OF COMPUTING AND SOFTWARE ENGINEERING

Digital Forensic and Cyber Crime

Chapter- 1:
Introduction to computer forensic and cyber security

.
 Outlines
o Introduction to computer forensic /digital forensic
o Introduction to cyber crime
o Kinds of cyber crime
o Malware and it types
 What is Computer(Digital) Forensics?
 Digital forensics or computer forensics is a branch of forensic science that
involves collecting, analyzing, and preserving digital evidence to investigate and
prevent cybercrime
 Forensic Computing:- process of identifying, preserving, analyzing, and presenting
digital evidence in a manner that is acceptable in a legal proceeding
 It uses specialized tools and techniques to recover data, like deleted files, internet
history, and email communications from digital devices such as computers,
smartphones, and storage media
 This information can be used to investigate a wide range of crimes including:
 fraud, theft, and cyber attacks.
 Cont’d…
 Computer forensic, electronic discovery, electronic evidence discovery, digital
discovery, data recovery, data discovery, computer analysis, and computer
examination
 Difference Between Cybersecurity and Computer Forensics?
 Cybersecurity:- protecting computer systems and networks from unauthorized
access, theft, and damage or prevent cyber attacks
 E.g. firewalls, antivirus software, and intrusion detection systems
 Computer forensics: investigating and analyzing digital evidence to uncover the
causality of a cyber attack or other computer-related attack
 collecting and maintaining data, analyzing it to identify the origin of attack,
and presenting results in court cases and other litigation
 Why Computer Forensic?
 Investigating Cybercrimes
 Preserving
 Analyzing
 Presenting
 Ensuring Data Integrity
 Supporting Incident Response and Mitigation
 Goal Of Computer Forensics:
 The main goal computer forensic experts is not only to find criminal but also
find out (recover, analyze) the evidence and presentation of the evidence in a
manner that leads to legal action of the criminal.
 Types of Computer Forensic
 Computer forensics always involves gathering and analyzing evidence from digital sources.
 Some common types include:
 Types of Computer Forensic
 Disk Forensics: examination physical or logical storage media such as hard drives, solid-
state drives, and removable storage devices.
 Investigators analyze the storage media to recover deleted files, discover hidden data,
and gather evidence related to digital crimes.
 Network Forensics: monitoring and analyzing network traffic and log data to investigate
security incidents.
 Identifying source of cyberattacks, tracking communication between devices, and
understanding the extent of network breaches
 Memory Forensics: deals with analysis of a computer volatile memory (RAM) to uncover
information about running processes, network connections, and malicious
activities

 Types of Computer Forensic
 Mobile Device Forensics: examination of smartphones, tablets, and other mobile devices
to retrieve data, messages, call logs, and application usage history.
 Investigators use specialized tools to access locked or encrypted mobile devices
 Database Forensics: investigating database systems to identify unauthorized access, data
breaches or data manipulation.
 analyze database logs and data structures to uncover evidence of wrongdoing
 Cloud Forensics: investigation of cloud-based services and data stored in the cloud
 It examining cloud logs, access controls, and metadata to trace activities and assess
security incidents
 Types of Computer Forensic
 Malware Forensics: the analysis of malicious software (malware) to understand its
behavior, origins, and impact on systems
 Investigators study malware code and behavior to determine the scope of an attack
 Email Forensics: the investigation of email communications to gather evidence for legal
proceedings.
 It includes tracking email senders, receivers, timestamps, and content.
 Live Forensics: analyzing a running computer system to identify ongoing malicious
activities.
 Investigators use techniques to preserve system state and extract volatile data
without interrupting system operation
 Computer Forensic priority
 It concerns primarily with forensic procedures, rules of evidence and legal
processes.
 It is only secondarily concerned with computers
 Therefore, in contrast to all other areas of computing, where speed is the main
concern, in computer forensics the absolute priority is accuracy
 It Needs completing work as efficiently as possible, that is, as fast as possible
without sacrificing accuracy
 the emphasis must be on evidential integrity and security
 Computer forensics specialist is the person responsible for doing computer
forensics with careful steps to identify and attempt to retrieve possible evidence
that may exist on a subject computer system
 Computer Forensics Specialist
 Some of the computer forensic specialist tasks:
 Protect the subject computer system from alteration, damage, data corruption during the
forensic examination
 Discover all files on the subject system (normal, deleted, hidden, password protected and
encrypted files)
 Recover all deleted file as much as possible
 Reveal the contents of hidden files as well as temporary(swap) files used by both
application programs and operating system
 Accesses the protected or encrypted contents of files if possible or legally appropriate
 Analyze all possibly relevant data found in areas of a disk
 Print out an overall analysis of relevant and discovered file in computer
system
 USE OF COMPUTER FORENSICS IN LAW ENFORCEMENT
 Computer forensics assists in Law Enforcement includes:
 providing investigators with the tools and strategies necessary to collect, analyze,
and preserve digital evidence
 allows Investigators to recover deleted files, trace Internet activity, and identify
the origin of cyber attacks
 helps identify suspects, prove guilt (or innocence), and present evidence in court
 helps prevent future crimes by identifying vulnerabilities in computer network
systems.
 Searching unallocated space on the hard drive, places where an abundance of data
often resides
 Forensic Tools
 When deciding what equipment to use for forensic investigation, take into
consideration:
 type of investigation
 type of evidence
 operating system
 extensive training in the equipment
 financial resources of the cyber crime department
 APPLICATIONS OF COMPUTER FORENSICS
 some common applications of computer forensics:
 Financial fraud detection
 Criminal prosecution
 Civil litigation
 Skills Required For Computer Forensics Application
 Programming or computer-related experience
 Broad understanding of operating systems and applications
 Strong analytical skills
 Strong computer science fundamentals
 Strong system administrative skills
 Knowledge of the latest intruder tools
 Knowledge of cryptography and steganography
 Strong understanding of the rules of evidence and evidence handling
 Ability to be an expert witness in a court of law
 Computer Forensics as a Part of a Security Incident Response Program
 Security incident means the attempted or successful unauthorized access, use,
disclosure, modification, or destruction of information or interference with system
operations in an information system
 E.g. A healthcare organization discovers that the personal health information
(PHI) of patients has been compromised.
 Computer forensics would be essential to investigate the breach, determine how
the attackers gained access to the PHI, identify affected systems, and assess the
extent of the data exposure. This may involve analyzing electronic health records
(EHR) systems, database logs, and network traffic to understand how the breach
occurred and what data was accessed
 What is Computer Crime?
 Alternatively referred to as cyber crime, electronic crime, or hi-tech crime.
 Computer crime describes a very broad category of offenses.
 Some of them are the same as non-computer offenses.
 Computer crime is an act performed by a knowledgeable computer user,
sometimes referred to as a hacker that illegally browses or steals a company's or
individual's private information.
 In some cases, this person or group of individuals may be malicious and destroy or
otherwise corrupt the computer or data files.
 Types of Cyber Crime
 Computer integrity crimes: crimes that involve illegal access to data on a computer
or network
 E.g. Hacker unauthorized access of the system, credit card, personal Identification
 Computer-assisted crimes: ordinary crimes conducted with the help of a computer.
 E.g. Criminals manipulates online banking system, drug trafficking
 Computer content crimes: posting illegal content on the Internet
 Dissemination of illegal content violates both national and international
laws
 E.g. uploads and shares child pornography on various online forums
and social media platforms
 Kinds of Computer Crimes
• Below is a listing of the different types of computer crimes today.
• Child pornography - Making or distributing child pornography.
• Cyber terrorism - Hacking, threats, and blackmailing towards a business or person.
• Cyberbully or Cyberstalking - Harassing others online.
• Malware - Writing, creating, or distributing malware(e.g. viruses and spyware.)
• Denial of Service attack - Overloading a system with so many requests it cannot
serve normal requests.
• Espionage - Spying on a person or business.
• Fraud - Manipulating data, e.g. changing banking records to transfer money to an
account.
• Harvesting - Collect account or other account related information on other people.
• Identity theft - Pretending to be someone you are not.
 Kinds of Computer Crimes…
• Intellectual property theft - Stealing practical or conceptual information developed by
another person or company.

• Phishing - Deceiving individuals to gain private or personal information about that

person.

• Salami slicing - Stealing tiny amounts of money from each transaction.

• Scam - Tricking people into believing something that is not true.

• Spamming - Distributed unsolicited e-mail to dozens or hundreds of different addresses.

• Spoofing - Deceiving a system into thinking you are someone you really are not.

• Unauthorized access - Gaining access to systems you have no permission to access.

• Wiretapping - Connecting a device to a phone line to listen to conversations

 What is Malware
• It is a program or code created to harm a computer, network, or server

• Cybercriminals develop malware to infiltrate a computer system discreetly to breach or

destroy sensitive data and computer systems

• Some of the most common goals of a malware attack include:

→ Make a profit off targets

→ Damage

→ Steal confidential data

→ Bragging(proudly) rights
 Types of Malware
• The most common types of malware today are:

 Ransomware :- an adversary encrypts a victim’s data and offers to provide a decryption

key in exchange for a payment

 Fileless Malware:- is a type of malicious activity that uses native, legitimate tools built into a
system to execute a cyber attack.

 It does not require an attacker to install any code on a target’s system, making it hard to
detect

 Spyware:- collects information about a user’s web activity without the knowledge of the
user

 Adware:- type of spyware that watches a user’s online activity to determine which ads to
show them.
 Types of Malware …
 Trojan:- appears to be legitimate software disguised as native operating system
programs or harmless files like free downloads

 are installed through social engineering techniques such as phishing

 Worms:- is a self-contained program that replicates and spread automatically without

user intervention.

 replicates itself and spreads across networks or internet without requiring a host
program

 Can modify and delete files, inject more malicious software or replicate until the
targeted system runs out of resources

 Rootkits:- designed to gain unauthorized access to a computer system or network while hiding
its presence from users and security tools
 Types of Malware …
 Keylogger: tools that record what a person types on a device

 keylogger software records every keystroke on the victim’s device and sends to
the attacker

 Botnet: a network of computers infected with malware that are controlled by a

botmaster

 The botmaster is the person who operates the botnet infrastructure and uses the
compromised computers to launch attacks designed to crash a target’s network,
inject malware, harvest credentials or execute CPU-intensive task

 E.g. DDOS , Credential theft

 Prevention of Malware Attack
 Some the malware protection mechanisms are:

 Do not download software from unknown sources.

 Do not click on pop-ups.

 Follow strong password best practices

 Implement identity and access management capabilities such as multi-factor

authentication (MFA)

 Use VPN to go online safely and securely

 Do not lend your devices to anyone else, even if it is someone you know

 Do not open emails and/or attachments from unknown senders

End of chapter -1
thank you
questions ?????