SlideShare a Scribd company logo

Handling digital crime scene

Download as PPTX, PDF
S
SKMohamedKasim

The document outlines best practices for handling digital crime scenes, focusing on the preservation and examination of electronic evidence. It emphasizes the importance of maintaining an unaltered data state, obtaining necessary authorizations, and ensuring that only competent personnel access the evidence. Key steps include securing the scene, preserving data on live systems, and following a structured process to document and analyze digital evidence.

Education
1 of 9
Download to read offline
1
2
Most read
3
4
5
Most read
6
7
Most read
8
9
Handling a Digital Crime Scene SK MOHAMED KASIM
Introduction • GOAL: Sequestered environment where – All contents are mapped and recorded – Accompanying photographs and basic diagrams showing areas and items – Evidence is frozen in place • This chapter deals with handling individual computers as a source of evidence. • US department of Justice and Secret Service • Electronic Crime Scene Investigation. • Best Practices for Seizing Electronic Evidence • Guide for first responders • Also The good practice guide for computer based evidence by association of chief of police officers (ACPO)
Major principles • No action taken should change data held on a computer or storage media • Anyone accessing the computer must be competent in cyber forensics. • An audit trail or other record of all processes applied to electronic evidence must be kept. • Person in charge of the overall case has the responsibility of ensuring that the law and these principles are adhered to.
Authorization • Obtain written authorizations and instructions from attorneys. • Private and personal computer access would require warrant unless an employee agrees to the search. • Work place computer may not require a warrant. • Digital investigators are generally authorized to collect and examine only what is directly pertinent to the investigation.
Preparing to handle digital crime scenes • Make diagrams and have a plan as to what to examine. • What type of tools should be brought to the scene. • Bring questionnaire to interview individuals at the crime scene.
Surveying the Digital Crime Scene • Look at laptops, handheld devices, • Digital video records (DVRs) • Gaming systems • External hard drives • Digital cameras • DVDs • Look for installation disks that give clues • Network configurations, look for remote machine in the facility or outside.
Preserving the Digital Crime Scene • Controlling Entry points – secure the crime scene. • Save biometric access system data and video recordings. • Save network level logs (copy). • Preserve all backup media, do not overwrite backup media. • Preserve emails on the servers. • Keyboards may have fingerprints.
Preserving data on live systems • The contents of volatile memory must be obtained such as a note being written. • Which account is running under certain processes. • Capture information related to active processes and network connections.
Shutting down • Remove power from the back of the machine. • Open the case and remove power to the hard drives. • Check for missing parts • Check for explosives.

More Related Content

What's hot (20)

PPT
Digital Forensic
Cleverence Kombe
 
PDF
Cyber Forensics Module 1
Manu Mathew Cherian
 
PPTX
mobile forensic.pptx
Ambuj Kumar
 
PPTX
Mobile Forensics
abdullah roomi
 
PPTX
Digital forensics
vishnuv43
 
PPTX
Encase Forensic
Megha Sahu
 
PDF
Cyber Forensics Module 2
Manu Mathew Cherian
 
PPTX
Anti forensic
Milap Oza
 
PPTX
Module 02 ftk imager
ParminderKaurBScHons
 
ODT
Operating System Forensics
ArunJS5
 
PPTX
Computer forensics powerpoint presentation
Somya Johri
 
PDF
Computer Forensics Working with Windows and DOS Systems
Jyothishmathi Institute of Technology and Science Karimnagar
 
PDF
Initial Response and Forensic Duplication
Jyothishmathi Institute of Technology and Science Karimnagar
 
PPTX
Difference between Cyber and digital Forensic.pptx
Applied Forensic Research Sciences
 
PPTX
Introduction to Cyber Forensics Module 1
Anpumathews
 
PDF
Incident response methodology
Piyush Jain
 
PDF
Forensics of a Windows System
Conferencias FIST
 
PDF
Computer Forensic
Novizul Evendi
 
PDF
04 Evidence Collection and Data Seizure - Notes
Kranthi
 
PPT
Intrusion .ppt
MuhammadRehan856177
 
Digital Forensic
Cleverence Kombe
 
Cyber Forensics Module 1
Manu Mathew Cherian
 
mobile forensic.pptx
Ambuj Kumar
 
Mobile Forensics
abdullah roomi
 
Digital forensics
vishnuv43
 
Encase Forensic
Megha Sahu
 
Cyber Forensics Module 2
Manu Mathew Cherian
 
Anti forensic
Milap Oza
 
Module 02 ftk imager
ParminderKaurBScHons
 
Operating System Forensics
ArunJS5
 
Computer forensics powerpoint presentation
Somya Johri
 
Computer Forensics Working with Windows and DOS Systems
Jyothishmathi Institute of Technology and Science Karimnagar
 
Initial Response and Forensic Duplication
Jyothishmathi Institute of Technology and Science Karimnagar
 
Difference between Cyber and digital Forensic.pptx
Applied Forensic Research Sciences
 
Introduction to Cyber Forensics Module 1
Anpumathews
 
Incident response methodology
Piyush Jain
 
Forensics of a Windows System
Conferencias FIST
 
Computer Forensic
Novizul Evendi
 
04 Evidence Collection and Data Seizure - Notes
Kranthi
 
Intrusion .ppt
MuhammadRehan856177
 

Similar to Handling digital crime scene (20)

PPT
Cyber Crime Evidence Collection Ifsa 2009
University of Southern Mississippi
 
PDF
CS6004 Cyber Forensics - UNIT IV
ArthyR3
 
PDF
Collection of Digital Evidence - Best Practices in Incident Response and Crim...
SampatDash4
 
PDF
Computer forensics vital_for_combating_cyber_crimes
Vicky Shah
 
PPT
Ch 3C Processing Crime and Incident Scenes.ppt
whbwi21Basri
 
DOCX
Berkeley College Cyber CrimeLecture Notes Chapter 11Searching .docx
AASTHA76
 
PPT
Evidence Seizure Level One
CTIN
 
PPTX
Cuber crime and its investigation
Bundelkhand University
 
PPTX
digitalforensicpptlatest28-230522192202-1d9b832e (1).pptx
MoshoodKareemOlawale
 
PPTX
Presentation cyber forensics & ethical hacking
Ambuj Kumar
 
PPTX
Cyber forensic-Evedidence collection tools
N.Jagadish Kumar
 
PPTX
Cyber forensics 02 mit-2014
Muzzammil Wani
 
PDF
Best Practices For Seizing Electronic Evidence -- DoJ
David Sweigert
 
PPTX
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
FORnSECSolutions
 
PPTX
Computer forensics
deaneal
 
PDF
computerforensics-140529094816-phpapp01 (1).pdf
Gnanavi2
 
PDF
Best Practices For Seizing Electronic Evidence v.3: A Pocket Guide for Firs...
David Sweigert
 
PPTX
unit 5 understanding computer forensics.pptx
Dimple Relekar
 
PPTX
Cyber evidence at crime scene
Applied Forensic Research Sciences
 
PPT
Preserving and recovering digital evidence
Online
 
Cyber Crime Evidence Collection Ifsa 2009
University of Southern Mississippi
 
CS6004 Cyber Forensics - UNIT IV
ArthyR3
 
Collection of Digital Evidence - Best Practices in Incident Response and Crim...
SampatDash4
 
Computer forensics vital_for_combating_cyber_crimes
Vicky Shah
 
Ch 3C Processing Crime and Incident Scenes.ppt
whbwi21Basri
 
Berkeley College Cyber CrimeLecture Notes Chapter 11Searching .docx
AASTHA76
 
Evidence Seizure Level One
CTIN
 
Cuber crime and its investigation
Bundelkhand University
 
digitalforensicpptlatest28-230522192202-1d9b832e (1).pptx
MoshoodKareemOlawale
 
Presentation cyber forensics & ethical hacking
Ambuj Kumar
 
Cyber forensic-Evedidence collection tools
N.Jagadish Kumar
 
Cyber forensics 02 mit-2014
Muzzammil Wani
 
Best Practices For Seizing Electronic Evidence -- DoJ
David Sweigert
 
Best Cyber Crime Investigation Service Provider | Fornsec Solutions
FORnSECSolutions
 
Computer forensics
deaneal
 
computerforensics-140529094816-phpapp01 (1).pdf
Gnanavi2
 
Best Practices For Seizing Electronic Evidence v.3: A Pocket Guide for Firs...
David Sweigert
 
unit 5 understanding computer forensics.pptx
Dimple Relekar
 
Cyber evidence at crime scene
Applied Forensic Research Sciences
 
Preserving and recovering digital evidence
Online
 
Ad

More from SKMohamedKasim (11)

PPTX
Threat hunting for Beginners
SKMohamedKasim
 
PPTX
Blockchain types architecture
SKMohamedKasim
 
PPTX
UNIT testing
SKMohamedKasim
 
PPTX
Three way handshake
SKMohamedKasim
 
PPTX
Bitcoin
SKMohamedKasim
 
PPTX
Mac memory overview
SKMohamedKasim
 
DOCX
Java database connecticity steps
SKMohamedKasim
 
PPTX
Mobile computing
SKMohamedKasim
 
PPTX
Operating system
SKMohamedKasim
 
PDF
Mind map of computer science
SKMohamedKasim
 
PPTX
Risk management of basel norms
SKMohamedKasim
 
Threat hunting for Beginners
SKMohamedKasim
 
Blockchain types architecture
SKMohamedKasim
 
UNIT testing
SKMohamedKasim
 
Three way handshake
SKMohamedKasim
 
Bitcoin
SKMohamedKasim
 
Mac memory overview
SKMohamedKasim
 
Java database connecticity steps
SKMohamedKasim
 
Mobile computing
SKMohamedKasim
 
Operating system
SKMohamedKasim
 
Mind map of computer science
SKMohamedKasim
 
Risk management of basel norms
SKMohamedKasim
 
Ad

Recently uploaded (20)

PPTX
Cybersecurity: How to Protect your Digital World from Hackers
vaidikpanda4
 
PPTX
How to Close Subscription in Odoo 18 - Odoo Slides
Celine George
 
PPTX
I INCLUDED THIS TOPIC IS INTELLIGENCE DEFINITION, MEANING, INDIVIDUAL DIFFERE...
parmarjuli1412
 
PPTX
How to Track Skills & Contracts Using Odoo 18 Employee
Celine George
 
PPTX
Electrophysiology_of_Heart. Electrophysiology studies in Cardiovascular syste...
Rajshri Ghogare
 
PPTX
20250924 Navigating the Future: How to tell the difference between an emergen...
McGuinness Institute
 
PDF
My Thoughts On Q&A- A Novel By Vikas Swarup
Niharika
 
PDF
BÀI TẬP TEST BỔ TRỢ THEO TỪNG CHỦ ĐỀ CỦA TỪNG UNIT KÈM BÀI TẬP NGHE - TIẾNG A...
Nguyen Thanh Tu Collection
 
PPTX
Python-Application-in-Drug-Design by R D Jawarkar.pptx
Rahul Jawarkar
 
PPTX
Introduction to pediatric nursing in 5th Sem..pptx
AneetaSharma15
 
PDF
Antianginal agents, Definition, Classification, MOA.pdf
Prerana Jadhav
 
DOCX
Unit 5: Speech-language and swallowing disorders
JELLA VISHNU DURGA PRASAD
 
PPTX
Basics and rules of probability with real-life uses
ravatkaran694
 
PDF
John Keats introduction and list of his important works
vatsalacpr
 
PPTX
TOP 10 AI TOOLS YOU MUST LEARN TO SURVIVE IN 2025 AND ABOVE
digilearnings.com
 
PPTX
Gupta Art & Architecture Temple and Sculptures.pptx
Virag Sontakke
 
PPTX
Applications of matrices In Real Life_20250724_091307_0000.pptx
gehlotkrish03
 
PPTX
INTESTINALPARASITES OR WORM INFESTATIONS.pptx
PRADEEP ABOTHU
 
PPTX
Top 10 AI Tools, Like ChatGPT. You Must Learn In 2025
Digilearnings
 
PPTX
CONCEPT OF CHILD CARE. pptx
AneetaSharma15
 
Cybersecurity: How to Protect your Digital World from Hackers
vaidikpanda4
 
How to Close Subscription in Odoo 18 - Odoo Slides
Celine George
 
I INCLUDED THIS TOPIC IS INTELLIGENCE DEFINITION, MEANING, INDIVIDUAL DIFFERE...
parmarjuli1412
 
How to Track Skills & Contracts Using Odoo 18 Employee
Celine George
 
Electrophysiology_of_Heart. Electrophysiology studies in Cardiovascular syste...
Rajshri Ghogare
 
20250924 Navigating the Future: How to tell the difference between an emergen...
McGuinness Institute
 
My Thoughts On Q&A- A Novel By Vikas Swarup
Niharika
 
BÀI TẬP TEST BỔ TRỢ THEO TỪNG CHỦ ĐỀ CỦA TỪNG UNIT KÈM BÀI TẬP NGHE - TIẾNG A...
Nguyen Thanh Tu Collection
 
Python-Application-in-Drug-Design by R D Jawarkar.pptx
Rahul Jawarkar
 
Introduction to pediatric nursing in 5th Sem..pptx
AneetaSharma15
 
Antianginal agents, Definition, Classification, MOA.pdf
Prerana Jadhav
 
Unit 5: Speech-language and swallowing disorders
JELLA VISHNU DURGA PRASAD
 
Basics and rules of probability with real-life uses
ravatkaran694
 
John Keats introduction and list of his important works
vatsalacpr
 
TOP 10 AI TOOLS YOU MUST LEARN TO SURVIVE IN 2025 AND ABOVE
digilearnings.com
 
Gupta Art & Architecture Temple and Sculptures.pptx
Virag Sontakke
 
Applications of matrices In Real Life_20250724_091307_0000.pptx
gehlotkrish03
 
INTESTINALPARASITES OR WORM INFESTATIONS.pptx
PRADEEP ABOTHU
 
Top 10 AI Tools, Like ChatGPT. You Must Learn In 2025
Digilearnings
 
CONCEPT OF CHILD CARE. pptx
AneetaSharma15
 

Handling digital crime scene

  • 1. Handling a Digital Crime Scene SK MOHAMED KASIM
  • 2. Introduction • GOAL: Sequestered environment where – All contents are mapped and recorded – Accompanying photographs and basic diagrams showing areas and items – Evidence is frozen in place • This chapter deals with handling individual computers as a source of evidence. • US department of Justice and Secret Service • Electronic Crime Scene Investigation. • Best Practices for Seizing Electronic Evidence • Guide for first responders • Also The good practice guide for computer based evidence by association of chief of police officers (ACPO)
  • 3. Major principles • No action taken should change data held on a computer or storage media • Anyone accessing the computer must be competent in cyber forensics. • An audit trail or other record of all processes applied to electronic evidence must be kept. • Person in charge of the overall case has the responsibility of ensuring that the law and these principles are adhered to.
  • 4. Authorization • Obtain written authorizations and instructions from attorneys. • Private and personal computer access would require warrant unless an employee agrees to the search. • Work place computer may not require a warrant. • Digital investigators are generally authorized to collect and examine only what is directly pertinent to the investigation.
  • 5. Preparing to handle digital crime scenes • Make diagrams and have a plan as to what to examine. • What type of tools should be brought to the scene. • Bring questionnaire to interview individuals at the crime scene.
  • 6. Surveying the Digital Crime Scene • Look at laptops, handheld devices, • Digital video records (DVRs) • Gaming systems • External hard drives • Digital cameras • DVDs • Look for installation disks that give clues • Network configurations, look for remote machine in the facility or outside.
  • 7. Preserving the Digital Crime Scene • Controlling Entry points – secure the crime scene. • Save biometric access system data and video recordings. • Save network level logs (copy). • Preserve all backup media, do not overwrite backup media. • Preserve emails on the servers. • Keyboards may have fingerprints.
  • 8. Preserving data on live systems • The contents of volatile memory must be obtained such as a note being written. • Which account is running under certain processes. • Capture information related to active processes and network connections.
  • 9. Shutting down • Remove power from the back of the machine. • Open the case and remove power to the hard drives. • Check for missing parts • Check for explosives.