1 / 19

CF NZ

CF NZ. COMPUTER FORENSICS NZ LTD. OUR PRIME OBJECTIVE: To successfully recover lost, damaged, hidden or deleted files from a computer system after an accidental, deliberate or malicious action. THIS PRESENTATION. What is computer forensics? Disk operating system considerations.

sadah
Download Presentation

CF NZ

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CFNZ COMPUTER FORENSICS NZ LTD OUR PRIME OBJECTIVE: To successfully recover lost, damaged, hidden or deleted files from a computer systemafter an accidental, deliberate or malicious action. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  2. THIS PRESENTATION • What is computer forensics? • Disk operating system considerations. • How data is recovered. • What to do when data can’t be recovered, and how to prevent recovery. • Commercial and paralegal aspects. • The process. • Q & A. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  3. WHAT ISCOMPUTER FORENSICS Computer Forensics is the acquisition, preservation, preparation, analysis and presentation of computer-related evidence utilising secure, controlled methodologies and auditable procedures. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  4. THE FATHER OF FORENSICS “For any two points of contact there is always a cross-transference of material from one to the other.” Edmond Locard 1877-1966 Every contact leaves a trace. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  5. MODERN PERSPECTIVE For ever interaction with a PC there will always be material left behind on that PC OR Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  6. MODERN PERSPECTIVE #2 EVERY INTERACTION WITH A PC LEAVES TRACE DATA BEHIND Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  7. GENERIC DISK OS • Master Boot Record. • Partition table. • File Allocation Table. • Data storage area. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  8. WHEN DELETE IS NOT DELETE • Reference only is deleted • Space is flagged as available forre use. • FDISK and FORMAT Urban myths Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  9. WHAT INFO CAN BE RECOVERED • Full files. • ASCII text. • Graphics. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  10. WHEN IS THERE PROBABLY NO CHANCE When the hard disc platter has been: • Badly distorted by fire. • Significant physical damage. • Subjected to abnormally high magnetic fields. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  11. PROTECT AGAINSTDATA RECOVERY?? • Overwrite all sectors. • Once, many times. • Protect from whom. • Ultimate protection. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  12. DON’T GIVE THE COMPANY’S SECRETS AWAY • Case 1 – Avco. • Case 2 – Government departments. • Happens every day every where. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  13. COMMERCIALDATA RECOVERY Main Causes: • Accidental delete. • Advised to reformat by IT advisor. • Partition table corrupt. • Disk hardware failure. • Malicious damage. • Viral contamination. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  14. PARALEGALDATA RECOVERY • Unintended left evidence. • High usage of PCs at home. • Private use of company PC. • Files on archival backups. • Electronic media discovery. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  15. PARALEGALDATA RECOVERY #2 Cases: • Professional practice 2 years ago. • Ex-employee using company data. • Senior manager and PA setting upcompetitive company. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  16. THE RECOVERYPROCESS Similar for data recovery and paralegal: • Acquire. • Preserve. • Prepare. • Analyse. • Present. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  17. RECAP Three key points to leave with you. • Data is rarely completely deleted from a hard disk. • Implications for commercial security. • Implications for prosecution and defence in court. Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  18. SUGGESTED SURFING Paralegal • www.forensic-computing. com/subjects.html • http://www.dcfl.gov/ General Data Recovery • http://www.cs.auckland.ac.nz/~pgut001/ • http://www.cerberussystems.com/INFOSEC/privacy.htm Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

  19. YOUR TURN Q & A TIME Presentation by Computer Forensics NZ Ltd for Auckland University 415.725SC

More Related