2024: Domino Containers - The Next Step. News from the Domino Container commu...
D marques digital forensics 101
1. DataRecoveryCenterCompany|AllRightsReserved.CorporatePresentation2012
David Marques 2012 | Todos os direitos reservados.
D a v i d M a r q u e s
E - m a i l : D M a r q u e s @ D R C . p t
Morada: Rua Alexandre Herculano, Edifício Central Park, 1 - Piso 7, 2795-242 Linda-a-Velha | Coordenadas GPS: 38o 43' 02.17'' N, 09o 14' 16.50'' O
Telefone: 707 200 017 | Telefone: (+351) 214 146 810 | Serviço de urgência: (+351) 964 944 112 | Fax: (+351) 214 146 819 |
Digital Forensics 101
3. DataRecoveryCenterCompany|AllRightsReserved.CorporatePresentation2012
David Marques 2012 | Todos os direitos reservados.
“Digital Forensics” (Computer Forensics)
Definition(Wikipédia): Digital forensics (sometimes
known as digital forensic science) is a branch of
forensic science encompassing the recovery and
investigation of material found in digital devices, often
in relation to computer crime. The term digital forensics
was originally used as a synonym for computer
forensics but has expanded to cover investigation of all
devices capable of storing digital data.
Definition
26-Apr-13 3
DataRecoveryCenterCompany|AllRightsReserved.CorporatePresentation2012
David Marques 2012 | Todos os direitos reservados.
.: 3 :.
4. DataRecoveryCenterCompany|AllRightsReserved.CorporatePresentation2012
David Marques 2012 | Todos os direitos reservados.
“Digital Forensics” (Computer
Forensics)
Applications:
• Support or refute a hypothesis before
criminal or civil court.
• Internal corporate investigations or intrusion
investigation
Definition
26-Apr-13 4
DataRecoveryCenterCompany|AllRightsReserved.CorporatePresentation2012
David Marques 2012 | Todos os direitos reservados.
.: 4 :.
6. DataRecoveryCenterCompany|AllRightsReserved.CorporatePresentation2012
David Marques 2012 | Todos os direitos reservados.
History
• 1248 – A Chinese treatise describes features
allowing to destinguish between drowning
and strangulation drawing on medical
knowledge
• 1609 – F. Demelle (France) publishes a treatise
on systematic document examination
• 1686 – M. Malpighi (Italy) noted fingerprint
characteristics
26-Apr-13 6
7. DataRecoveryCenterCompany|AllRightsReserved.CorporatePresentation2012
David Marques 2012 | Todos os direitos reservados.
History
• 1810 – First documented case of document analysis
based on ink dyes.
• 1813 – M. Orfile (Spain) publishes a toxicology guide
• 1823 – J. Purkinje (Poland) publishes first systematic
classification of fingerprints
• 1835 – H. Goddard (UK) uses bullet comparison to
identify a murder weapon based on irregularities in a
bullet mould
26-Apr-13 7
8. DataRecoveryCenterCompany|AllRightsReserved.CorporatePresentation2012
David Marques 2012 | Todos os direitos reservados.
History
26-Apr-13 8
• 1870 – Albert Bertillon
– First technician at La Surete Nacionale (Paris)
– Recorded criminals by photographs and body
measurements
– Took photographs of victims, measured
footprints, stains and tool marks
– Said that “no two human bodies were exactly
alike”
10. DataRecoveryCenterCompany|AllRightsReserved.CorporatePresentation2012
David Marques 2012 | Todos os direitos reservados.
History
• 1970s – First cases of crimes envolving computer
systems.
• On the first documented cases using magnetic
media and computers as evidence, they
attempted to transfer the “document” analogy to
the digital representations.
• The US FBI Laboratory started a formal
programme to examine computer based evidence
(CART – Computer Analysis and Response Team)
1026-Apr-13 1026-Apr-13 10
11. DataRecoveryCenterCompany|AllRightsReserved.CorporatePresentation2012
David Marques 2012 | Todos os direitos reservados.
History
• 1989 – “Aids Diskette Case”
– 20.000 diskettes (supposed to contain medical
research) contained a trojan used for
blackmail, where shipped to medical clinics in 30
countries
– Evidence was collected, and shipped to New
Scotland Yard (using Interpol HQ (Lyon))
– Jim Bates, a programmer was asked to write a
imaging tool (DIBS – Data Image Backup System)
26-Apr-13 11
17. DataRecoveryCenterCompany|AllRightsReserved.CorporatePresentation2012
David Marques 2012 | Todos os direitos reservados.
Legal
Judge
• It will not decide if IP is good or not to prove an
identity
• It will not decide if a port scan can leak
information
• He will decide if any law has been violated
• He will decide if someone is responsible for the
action he’s accused
1726-Apr-13 1726-Apr-13 17