Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
147 views38 pages

Module 3 - Session 17

The document discusses digital investigation process models. It describes several common models used in digital investigations: the physical model, which treats the digital crime scene similarly to a physical one; the staircase model, which outlines the investigation process as distinct phases; the evidence flow model, which illustrates how evidence moves between different roles; the subphase model, which breaks phases into sub-processes; and the roles and responsibilities model, which delineates tasks by job function. Establishing a process with clear models is important for conducting a complete, rigorous, and proper digital investigation.

Uploaded by

ABHIJITH DAS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
147 views38 pages

Module 3 - Session 17

The document discusses digital investigation process models. It describes several common models used in digital investigations: the physical model, which treats the digital crime scene similarly to a physical one; the staircase model, which outlines the investigation process as distinct phases; the evidence flow model, which illustrates how evidence moves between different roles; the subphase model, which breaks phases into sub-processes; and the roles and responsibilities model, which delineates tasks by job function. Establishing a process with clear models is important for conducting a complete, rigorous, and proper digital investigation.

Uploaded by

ABHIJITH DAS
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 38

MCA 302: CYBER FORENSICS

JIBIN.N

26-02-2022 MCA 302 CYBER FORENSICS 1


Module: 03 |Session: 17

Conducting Digital Investigation-Digital investigation process models

26-02-2022 MCA 302 CYBER FORENSICS 2


Conducting Digital Investigation

26-02-2022 MCA 302 CYBER FORENSICS 3


Computer Security Incident
❑ Unauthorized /Unlawful Intrusions into computing systems

❑ Scanning a system - Systematic probing of ports to see which ones are open ( test IPs)

❑ Denial–of–Service (DoS) attack - any attack designed to disrupt the ability of authorized
users to access data

❑ Malicious Code – any program or procedure that makes unauthorized modifications or


triggers unauthorized actions

❑ virus, worm, Trojan horse

26-02-2022 MCA 302 CYBER FORENSICS 4


Conducting Digital Investigation

1. Digital investigation process models,

2. Scaffolding for digital investigations,

3. Applying scientific method in Digital Investigations-

26-02-2022 MCA 302 CYBER FORENSICS 5


The goal of any investigation is to uncover and present the truth

26-02-2022 MCA 302 CYBER FORENSICS 6


Digital investigations
Digital investigations inevitably vary depending on technical factors such as the type of
computing or communications device, whether the investigation is in a criminal, civil,
commercial, military, or other context, and case-based factors such as the specific claims to
be investigated

26-02-2022 MCA 302 CYBER FORENSICS 7


Digital investigation process
Despite this variation, there exists a sufficient amount of similarity between the ways
digital investigations are undertaken that commonalities may be observed. These
commonalities tend to be observed from a number of perspectives, with the primary ways
being process, principles, and methodology

26-02-2022 MCA 302 CYBER FORENSICS 8


Methodology
■ Treat every case as if it will end up in the court .

■ Forensics Methodology
■ Acquire the evidence without altering or damaging the origin.

■ Authenticate that your recovered evidence is the same as the originally


seized data.
■ Analyze the data without modifying it

26-02-2022 MCA 302 CYBER FORENSICS 9


Compute Forensic
The process of identifying, preserving, analyzing and presenting digital evidence in a
manner that is legally acceptable. -(McKemmish, 1999)

26-02-2022 MCA 302 CYBER FORENSICS 10


Digital Investigation Process Models

26-02-2022 MCA 302 CYBER FORENSICS 11


The most common steps for conducting a complete and competent digital

investigation are:

26-02-2022 MCA 302 CYBER FORENSICS 12


Preparation:

Generating a plan of action to conduct an effective digital investigation and obtaining

supporting resources and materials.

26-02-2022 MCA 302 CYBER FORENSICS 13


Survey/Identification:
Finding potential sources of digital evidence (e.g., at a crime scene, within an
organization, or on the Internet). Because the term identification has a more precise
meaning in forensic science relating to the analysis of an item of evidence, this process
can be more clearly described as survey of evidence. Survey is used throughout this
chapter when referring to this step

26-02-2022 MCA 302 CYBER FORENSICS 14


Preservation:

Preventing changes of in situ digital evidence, including isolating the system on the

network, securing relevant log files, and collecting volatile data that would be lost when

the system is turned off. This step includes subsequent collection or acquisition

26-02-2022 MCA 302 CYBER FORENSICS 15


Examination and Analysis:

Searching for and interpreting trace evidence. Some process models use the terms

examination and analysis interchangeably

26-02-2022 MCA 302 CYBER FORENSICS 16


Examination and Analysis of Evidence

26-02-2022 MCA 302 CYBER FORENSICS 17


Examination and Analysis of Evidence

❑ Forensic examination is the process of extracting and viewing information from the

evidence and making it available for analysis.

❑ In contrast, forensic analysis is the application of the scientific method and critical

thinking to address the fundamental questions in an investigation: who, what, where,

when, how, and why

26-02-2022 MCA 302 CYBER FORENSICS 18


Presentation:

Reporting of findings in a manner which satisfies the context of the investigation,

whether it be legal, corporate, military, or any other

26-02-2022 MCA 302 CYBER FORENSICS 19


Process models
When attempting to conceive of a general approach to describe the investigation process
within digital forensics, one should make such a process generalizable. This led to the
proposal of a number of models for describing investigations, which have come to be
known as “process models

26-02-2022 MCA 302 CYBER FORENSICS 20


Why Process models
Using a formalized methodology encourages a complete, rigorous investigation, ensures
proper evidence handling, and reduces the chance of mistakes created by preconceived
theories, time pressures, and other potential pitfalls.

26-02-2022 MCA 302 CYBER FORENSICS 21


Digital Investigation Process Models
❖Physical Model

❖Staircase Model

❖Evidence Flow Model

❖Subphase Model

❖Roles and Responsibilities Model

26-02-2022 MCA 302 CYBER FORENSICS 22


Physical Model

26-02-2022 MCA 302 CYBER FORENSICS 23


Physical Model
❑ A computer being investigated can be considered a digital crime scene and

investigations as a subset of the physical crime scene where it is located.

❑ Physical evidence may exist around a server that was attached by an employee and

usage evidence may exist around a home computer that contains contraband.

❑ Furthermore, the end goal of most digital investigation is to identify a person who is

responsible and therefore the digital investigation needs to be tied to a physical

investigation.

26-02-2022 MCA 302 CYBER FORENSICS 24


26-02-2022 MCA 302 CYBER FORENSICS 25
Staircase Model

26-02-2022 MCA 302 CYBER FORENSICS 26


Staircase Model

26-02-2022 MCA 302 CYBER FORENSICS 27


26-02-2022 MCA 302 CYBER FORENSICS 28
Evidence Flow Model

26-02-2022 MCA 302 CYBER FORENSICS 29


Evidence Flow Model

26-02-2022 MCA 302 CYBER FORENSICS 30


26-02-2022 MCA 302 CYBER FORENSICS 31
Evidence Flow Model

26-02-2022 MCA 302 CYBER FORENSICS 32


Subphase Model

26-02-2022 MCA 302 CYBER FORENSICS 33


Subphase Model

26-02-2022 MCA 302 CYBER FORENSICS 34


Subphase Model

26-02-2022 MCA 302 CYBER FORENSICS 35


Roles and Responsibilities Model

26-02-2022 MCA 302 CYBER FORENSICS 36


Roles and Responsibilities Model

26-02-2022 MCA 302 CYBER FORENSICS 37


26-02-2022 MCA 302 CYBER FORENSICS 38

You might also like