TECHNICAL SURVEILLANCE & MANAGING THE TECHNICAL …

digitalforensic@fsktm digitalforensic@fsktm

TECHNICAL SURVEILLANCE & MANAGING THE

TECHNICAL EQUIPMENT


Moderator dan Fasilitator Prof. Madya Dr. Rosli Salleh CCNA,CCNA Golden Instructor

Dr. Zaidi Razak Prince2

Dr. Ainuddin Wahid Abdul Wahab CEH,CHFI, Prince2. Certified Protectserver Engineer

Dr. Mohd Yamani Idna Idris Prince2

Dr. Mohd Hairul Nizam Md Nasir Prince2

Roziana Ramli

Mehdi Hussain

Mustapha Aminu Bagiwa

https://umexpert.um.edu.my/rosli_salleh.html

https://umexpert.um.edu.my/rosli_salleh.html

https://umexpert.um.edu.my/zaidi

https://umexpert.um.edu.my/zaidi

https://umexpert.um.edu.my/ainuddin

https://umexpert.um.edu.my/ainuddin

https://umexpert.um.edu.my/yamani

https://umexpert.um.edu.my/yamani

https://umexpert.um.edu.my/hairulnizam




Prof. Madya Dr. Rosli Salleh Berasal dari ………

Kelayakan akademik ………

Dari ……

Sekarang bekerja sebagai ………

Bidang atau kepakaran semasa adalah………


Dr. Zaidi Razak Berasal dari ………


Dari ……




Dr. Ainuddin Wahid Abdul Wahab Berasal dari ………


Dari ……




Dr. Mohd Yamani Idna Idris Berasal dari ………


Dari ……




Dr. Mohd Hairul Nizam Md Nasir Berasal dari ………


Dari ……




Roziana Ramli Berasal dari ………


Dari ……




Siapa saya kamu Nama saya ……

Berasal dari ………


Dari ……




Jadual Kursus


Contoh Imej


Contoh Audio


Contoh Video


Contoh Video Sitting Man Original

Sitting Man Forged

Street View Original

Street View Forged

Compilation

Sitting Man (Original).mp4

Sitting Man (Forged).mp4

Street view (Original).mp4

Street view (Forged).mp4

Video forgeries examples.mp4


Contoh Media Social


Contoh Rangkaian


Contoh Rangkaian + Media Sosial


Contoh Email


Contoh Peranti Mudah Alih


Forensic Science

digitalforensic@fsktm

What is meant by “Forensic Science”?

Forensic science is the scientific method of gathering and

examining information about the past.

Our case -> law enforcement where forensics is done in

relation to criminal or civil law

Also carried out in other fields

• astronomy, archaeology, biology and geology to investigate

ancient times.


Forensic Science


“Forensic Science”?

• Forensic -> Latin forēnsis, meaning "of or before the

forum."

• Roman times -> criminal charge meant presenting the

case before a group of public individuals in the forum.

• Person accused & accuser

• Best argument and delivery -> the outcome of the

case.


Why is it significant?

• Previously-> lacked standardized forensic practices

• Relied on forced confessions and witness testimony

• Share…master of forensic science @ UM


Who is the Father of Forensic Science?

• Carl Wilhelm Scheele

Father of Forensic Toxicology

• Calvin Goddard

Father of Ballistics

• Alphonse Bertillon

Father of Anthropometry

• Henry Faulds

Father of Fingerprinting


Fields of Studies

Toxicology

A method for detecting arsenous oxide, simple arsenic,

in corpses was devised in 1773 by the Swedish

chemist Carl Wilhelm Scheele. His work was expanded,

in 1806, by German chemist Valentin Ross, who learned

to detect the poison in the walls of a victim's stomach.


Fields of studies

Ballistics

Henry Goddard at Scotland

Yard pioneered the use of bullet

comparison in 1835. He noticed a

flaw in the bullet that killed the victim,

and was able to trace this back to the

mold that was used in the

manufacturing process.


Fields of Studies

Anthropometry

The French police officer, Alphonse Bertillon was the

first to apply the anthropological technique

of anthropometry to law enforcement, thereby creating

an identification system based on physical

measurements. Before that time, criminals could only be

identified by name or photograph.


Fields of Studies Fingerprints

Sir William Herschel was one of the first to advocate the use of

fingerprinting in the identification of criminal suspects.

While working for the Indian Civil Service, he began to use thumbprints on

documents as a security measure to prevent the then-rampant repudiation

of signatures in 1858.


Francis Galton calculated that the chance of a "false positive" (two

different individuals having the same fingerprints) was about

1 in 64 billion.


What is Computer Forensics? “Computer Forensics is the process of

identifying, preserving, analyzing and presenting the

digital evidence in such a manner that

the evidences are legally acceptable”

”(Rodney Mckemmish 1999)

https://www.ppbadvisory.com/our-people/rod-mckemmish





Objective of Computer Forensics The main objective is to find the criminal which is directly or indirectly

related to cyber world.

To find out the digital evidences.

Presenting evidences in a manner that leads to legal action of the criminal.


Computer Forensics Application Financial fraud detection.

Corporate security policy.

Criminal prosecution - Rely on evidence obtained from a computer to

prosecute suspects and use as evidence

Civil litigation - Personal and business data discovered on a computer can

be used in fraud, divorce, harassment


Cyber Crime & Misuses Cyber crime occurs when information technology is used to commit or

conceal an offence.


Branches ➔ Disk Forensic ◆ Flash, HDD, USB Device

➔ Network Forensic ◆ monitoring and analyzing network traffic

➔ Memory Forensic ◆ analysis of system dump

➔ Mobile Forensic ◆ acquire deleted or undeleted data

➔ Cloud Forensic ◆ forensic network analysis on Cloud computing

architecture


Digital Evidences “Any data that is

recorded or preserved

on any medium in or by a computer system or other similar device,

that can be read or understand by a person or a computer system or other

similar device”.


Type of Digital Evidences PERSISTANT DATA- Data that remains unaffected when the computer is

turned off.

• hard drives, disk drives and removable storage devices (such as USB drives or flash drives). • This information should be investigated and reviewed from a backup copy


Type of Digital Evidences VOLATILE DATA- Data that would be lost if the computer is turned off.

• Network Information • Communication between system and the network

• Active Processes • Programs and daemons currently active on the system

• Logged-on Users • Users/employees currently using system

• Open Files • Libraries in use; hidden files; Trojans loaded in system


Rules for Digital Evidences Admissible-Must be able to be used in court or elsewhere.

Authentic-Evidence must be relevant to the case.

Complete-Must not lack any information.

Reliable-No question about authenticity.

Believable-Clear, easy to understand, and believable by a jury.


Steps of Collection of Evidence Find the evidence; where is it stored.

Find relevant data – recovery.

Create order of volatility.

Collect evidence – use tools.

Good documentation of all the actions.


Top Locations for Evidence Internet History Files

Temporary Internet Files

Slack/Unallocated Space

Buddy lists, personal chat room records, P2P, others saved areas

News groups/club lists/posting

Settings, folder structure, file names

File Storage Dates

Software/Hardware added

File Sharing ability

E-mails


Steps of Investigation Acquisition: Physically or remotely obtaining possession of the computer and

external physical storage devices.

Identification: Identifying what data could be recovered and electronically retrieving

it by running various Computer Forensic tools and software suites.

Evaluation: Evaluating the data recovered to determine if and how it could be used

again the suspect for prosecution in court.

Presentation: Presentation of evidence discovered in a manner which is understood

by lawyers, non-technically staff/management, and suitable as evidence as

determined by laws.


What not to be done during investigation? Avoid changing date/time stamps (of files for example)or

changing data itself.

Overwriting of unallocated space (which can happen on

re-boot for example).


Computer Forensics Tools Disk imaging software.

Hashing tools.

File recovery programs.

Encryption decoding software.

Password cracking software.


Skills Required

Proper knowledge of computer.

Strong computer science fundamentals.

Strong system administrative skills.

Knowledge of the latest forensic tools.

Programming or computer-related experience

Broad understanding of operating systems and applications

Strong analytical skills

Knowledge of the latest intruder tools

Knowledge of cryptography and steganography

Strong understanding of the rules of evidence and evidence handling

Ability to be an expert witness in a court of law


Anti Forensics A set of techniques used as countermeasures to forensic analysis ƒ

• Full-Disk Encryption ƒ

• Truecrypt on Linux, Windows and OSX ƒ

• Filevault 2 on OSX ƒ

• BitLocker Windows ƒ

• File Eraser ƒ

• AbsoluteShield File Shredder ƒ


Big Challenge…


Other Challenges Digital evidence accepted into court must prove that

there is no tampering.

Costs- producing electronic records & preserving

them is extremely costly.

Legal practitioners must have extensive computer

knowledge

Rapid changes in technology!

TECHNICAL SURVEILLANCE & MANAGING THE TECHNICAL …

Documents

Transcript of TECHNICAL SURVEILLANCE & MANAGING THE TECHNICAL …