Computer Forensics Today Part 1

00:01

Hey, welcome back to the course. So in the last video, we talked about the information. We're gonna actually cover the course, right? So we went over the course modules and different aspects in those we're gonna cover.

00:11

We also talked about my background Is your instructor My name is Canada. Real again? In case you forgot on, then also, we talked about the core structure, right? So we talked about some of the sections are gonna have pre and post assessment questions to kind of test your knowledge.

00:24

We're also gonna have different labs throughout the course as well as a lot of free resource is for you to download, right? So I'm sharing my notes. I used to study for the EEC counsel computer hacking forensic investigator examination

00:39

as well as sharing step by step guides for the labs and also sharing the power point presentations.

00:45

So in this video, we're gonna cover macho one steps. We're gonna cover kind of a brief history of digital forensics, some pertinent information in that At least we'll talk about center from challenges for the investigators as well as the investigative process itself.

01:00

So, as I mentioned, different pre assessment post assessment questions throughout the course. So here's the one of one right off the bat for you. So what does s w g d e stand for?

01:12

All right. So if you guessed answer A you are correct. It stands for scientific working group on digital evidence. Don't worry about what that is right now. We're gonna cover that a little later on in this module.

01:25

So computer forensics and you also here called a digital forensics. So the main difference they're being computer forensics is gonna cover just computer components. Right? So

01:34

my hard drive, you know, my, uh you know, CD Rahm. You know, my CD itself, that sort of stuff, My ram, whereas like, digital evidence might include things like, you know, your smartphone, right? Or ah, you know, your camera.

01:53

You know, if you have a digital camera, that sort of stuff, so

01:56

just keep that in mind, Not for the examination itself. You're not gonna need to know those different like that. Easy. Council, actually, um, uses a terminology interchangeably, but in the real world, just know kind of the difference there between them again. Most people use them interchangeably.

02:13

So what is computer forensics so Or digital forensics, right? Basically, it's It's, ah, Senate procedures and techniques that are gonna help us as an investigator. You know, identify what evidence we actually want to collect or that we can legally collect. Right? Eh? So, for example, what is our warrant? Cover

02:29

then? From there, we're gonna actually gather that evidence, right? We're gonna collect it on, and then we're gonna preserve it. We're gonna make a duplicate of it, you know, with a bit by bit when we do the bit by bit. Copy. Excuse me To prevent alteration of it. You know, all that stuff is intertwined. And then from there, we're gonna analyze it, right? We're gonna interpret the information we have,

02:49

see what it means to us,

02:50

and they will spit that out of some kind of report or other documentation.

02:54

From there, we would take you, like, you know, the prosecutor. It's like a criminal case. Civil case. We might give it to our attorney or something,

03:02

or, you know, like, administrative case. You know what is handed to like h r. Something like that.

03:08

Excuse me.

03:10

So kind of the brief history here, the couple of items that you really need to know Off this list are gonna be the low cards exchange principle. Eso basically what that means is that, uh ah, imbecile. What that is is, you know, if I go into a crime scene, I leave a part of me somehow, Like I leave something there.

03:29

And then also, I take something with me, right? So that's kind of the low cards

03:31

exchange principle. In a nutshell.

03:34

Um, if I'm at a scene, I leave something, and I take something.

03:38

The other notable thing here in 1986 the Computer Fraud and Abuse Act was passed. So we'll talk about that a little later on in this module.

03:51

Different types of computer crimes that you that you might see out there the kind of the most common ones fishing. Mao and Ransomware kind of go alongside that.

04:00

Identity theft, financial fraud, cyber terrorism. So you're not familiar with that? Basically, you know, let's pretend I'm a terrorist. I'm gonna use a computer or, you know, computer systems to for further my propaganda and try to intimidate you alone. It's not necessarily you, but, like, kind of a group of people right now. So it could be a liquid religious based,

04:19

um, or or one

04:23

cyber extortion. That's kind of where you, um, we hear about, you know, like somebody some criminal hacker like Hack Somebody's Webcam, right? And then took a bunch of *** photos of them and said, instead of an e mails that having a release, this, you know, to your kid's school, unless you do what I say. So that's basically the extortion aspect of it.

04:42

Cyberwarfare. You know, that's kind of self explanatory. So basically nation states trying to hack each other on do nefarious things. Cyber bullying, You know, that's kind of more popular topic these days. There's been several kids that have committed suicide on it. So if you know someone getting bullied, definitely reach out and help them out.

05:00

Get them the help they need.

05:02

But essentially, it's kind of like, you know, back in the school yard, where the bully would come up to you, you push it down or whatever.

05:10

You know, some of us would punch the bowling in the face. Other people would just take the push down and get a give the bullies at lunch money. So so a similar thing here. It's just, you know, someone using a computer and using like Social Media was kind of the main main avenue there for the cyber bullying

05:24

And then, of course, narcotic trafficking. You know, who could forget about that? Let's kind of a popular thing, especially on the underground. People are buying and selling narcotics all the time.

05:33

So many challenges for investigators coming kind of the most prevalent one would be encryption along with, like, steganography. So again, it's just hiding something inside of something else. A swell a cz, um, you know, anti forensic. So that includes things like encryption and data wiping and steganography inside of that

05:55

different legal challenges, right? So if you know, we're for example, we're here in the U. S. On do you know, we track somebody down and they're actually in a country with no extradition treaty or a country that doesn't really have, like, a law enforcement infrastructure in place or they're corrupt or something. You know, we have to consider that, like, isn't even worth us.

06:15

Try to, you know, get an indictment or something.

06:18

I'm different types of media formats we might encounter. So, for example, let's say you let Simon investigator, and I'm not good with Mac. But the stuff is on a Mac, you know? So that's a challenge, right? I have to find somebody that's good with Mac.

06:31

The volume of data. So, for example, if we're recovering like from a raid or something,

06:35

the volume of data might be too much for us to acquire in, you know, moving into the next thing. They're the time frame, right? That you know, if if we've got the prosecutor saying I need this stuff by next week,

06:48

we might not have enough time to recover the information as well as analyze it and get findings on it. Right? So we might have to choose some of the most common areas that people hide stuff

06:59

when they do stuff, and so that we see if there's information in there.

07:03

So the investigative process. So basically, we're assessing, you know, what evidence do we need then? We're going to acquire that evidence, preserve it, you know, make sure we make a copy of it and then analyze a copy of it.

07:15

And based on offer, findings will actually go ahead and generate some kind of report.