Lesson 20 – Digital Forensics
Application of scientific techniques for
investigating, finding, preserving and
exploiting information stored or
transported on computers
Automate as much as possible, but
you still need the human in the loop
Isn’t it amazing, that CSI can identify
and solve the case in less than an
hour and still have time for
Digital Forensics = Tedious Work
Why Digital Forensics?
– Identify, Solve and Most Importantly
– Log / Application / Traffic Analysis
– What were they doing on that computer?
– Computer used to conduct the crime
Child Pornography, Threatening Letters,
Fraud, Embezzlement, Theft of Intellectual
– Computer as the target of the crime
What is Digital Evidence?
Fragments of Files
– Words, Sentences
Where do we find it
– Chain of Custody
– Prove the evidence is indeed what the
criminal left behind
– What’s the goal?
Things to Look For
Logs / Traffic Analysis
– Use Patterns
– Encrypted Files
– Documents, Pictures
– No, not stenography!
Nothing Tedious Here
Digital Forensics Made to Look Cool