SlideShare una empresa de Scribd logo

Computer forensics libin

Descargar como PPTX, PDF
L
libinp

Very Important information about Computer Forensics

Tecnología
1 de 25
LIBIN P BABU
WHAT ALL NEWSES WE SEE TODAY..?
WHAT IS COMPUTER FORENSICS A process of applying scientific and analytical techniques to computer Operating Systems and File Structures to determining the potential Legal Evidence.
 IT IS THE PRACTICE OF LAWFULLY ESTABLISHING EVIDENCE AND FACTS.  This is science involving legal evidence THAT IS FOUND IN DIGITAL STORAGE MEDIUMS AND IN COMPUTERS.  Subdivisions: -  DISK FORENSICS  Network forensics  MOBILE FORENSICS
TYPES OF CYBER CRIMES FORGERY BREECH OF COMPUTER SECURITY FRAUD/THEFT COPYRIGHT VIOLATIONS IDENTITY THEFT THREATS BURGLARY HOMICIDE ADMINISTRATIVE INVESTIGATIONS CYBER TERRORISM SALES AND INVESTMENT FRAUD ELECTRONIC FUND TRANSFER FRAUD
CYBER CRIME : TOP 20 COUNTRIES
SOURCE OF EVIDENCE  SLACK, FREE, SWAP, RECYCLE BIN  EVENT LOGS  REGISTRY  APPLICATION FILES, TEMP FILES  E-MAIL  BROWSER HISTORY AND CACHE
DIGITAL EVIDENCE •“ANY DATA THAT IS RECORDED OR PRESERVED ON ANY MEDIUM IN OR BY A COMPUTER SYSTEM OR OTHER SIMILAR DEVICE, THAT CAN BE READ OR UNDERSTAND BY A PERSON OR A COMPUTER SYSTEM OR OTHER SIMILAR DEVICE. IT INCLUDES A DISPLAY, PRINT OUT OR OTHER OUTPUT OF THAT DATA.”
TYPES OF DIGITAL EVIDENCE 1) PERSISTANT DATA Meaning data that remains intact when the computer is turned off. E.G. Hard drives, disk drives and removable storage devices (such as USB drives or flash drives). 2) VOLATILE DATA, Meaning data that would be lost if the computer is turned off. E.G. Deleted files, computer history, the computer's registry, temporary files and web browsing history.
FORENSIC TOOLS •BLACKLIGHT - Windows, mac and ios forensics analysis software •INTERNET EVIDENCE FINDER - Forensic tool that recovers internet related communications (chat, social networking, webmail, cloud, web history, and more), including deleted data •SANS INVESTIGATIVE FORENSICS TOOLKIT (SIFT) - Multi- purpose forensic operating system •REGISTRY RECON - Forensics tool that rebuilds windows registries from anywhere on a hard drive and parses them for deep analysis.
MOBILE DEVICE FORENSICS •CELLEBRITE MOBILE FORENSICS - Universal forensics extraction device - hardware and software •MICROSYSTEMATION XRY/XACT - Hardware/software package, specialises in deleted data •ELCOMSOFT IOS FORENSIC TOOLKIT (EIFT) - Acquires bit- precise images of apple ios devices in real time •ELCOMSOFT PHONE PASSWORD BREAKER - Enables forensic access to password-protected backups for smartphones and portable devices based on RIM blackberry and apple ios platforms,
FORENSICS PROCEDURES 1) Make a digital copy of the original evidence. Investigators make a copy of the evidence and work with the copy to reduce the possibility of inadvertently changing the original evidence. 2) Authenticate that the copy of the evidence. Investigators must verify the copy of the evidence is exactly the same as the original. 3) Analyze the digital copy. The specific procedures performed in an investigation are determined by the specific circumstances under which the investigation is occurring.
CREATING A FORENSIC IMAGE •Use a write blocker to ensure that no data is written back to the subject’s hard drive •Connect the disk to forensic server. •Create the image of disk using commands or specific applications •Verify the image using md5 sum
ANALYSIS OF A FORENSIC IMAGE •Logical and Physical analysis •Logical – Conventional way of accessing files using file explorer, image viewers e.t.c. Analyses allocated space •Physical – Using hex editors. Analyses unallocated and slack space • Mount image • Search for files using keywords, type e.t.c
TO REDUCE SEARCH SIZE •HASH ANALYSIS •SIGNATURE ANALYSIS
SEARCHING FOR EVIDENCE •Emails •Windows swap file - A swap file is virtual memory that is used as an extension of the computer systems RAM •Cookies - cookies are pieces of information generated by a web server and stored in the user's computer, ready for future access •INDEX.DAT
index.dat FILE •Every time a user uses windows explorer or internet explorer access a file or web site, digital traces of these activities are placed on the hard drive. •index.dat files are binary files •Pasco is a small open source application that parses the contents of index.dat files, and outputs the results into a tab delimited file •Containing informations Files accessed and opened via windows explorer (rows 4 through 9) Keywords used in searches over the internet (rows 10 and 11) Urls visited via internet explorer (rows 12 through 15)
WHAT HAPPENS WHEN A FILE IS DELETED..? Consider fat file system •Constructed with 1. The boot record is the 1st sector of the disk 2. 1st file allocation table 3. 2nd file allocation table (a backup to the first) 4. Root directory 5. Data area
When file is deleted •The first character of the file’s name in the root directory is changed to e5h. •The fat entries are set to 0.
COMPUTER FORENSICS METHODOLOGY 1) SHUT DOWN THE COMPUTER 2) DOCUMENT THE HARDWARE CONFIGURATION OF THE SYSTEM 3) TRANSPORT THE COMPUTER SYSTEM TO A SECURE LOCATION 4) MAKE BIT STREAM BACKUPS OF HARD DISKS AND FLOPPY DISKS 5) MATHEMATICALLY VERIFY DATA ON ALL STORAGE DEVICES 6) DOCUMENT THE SYSTEM DATE AND TIME 7) MAKE A LIST OF KEY SEARCH WORDS
8) EVALUATE THE WINDOWS SWAP FILE 9) EVALUATE FILE SLACK 10) EVALUATE UNALLOCATED SPACE (ERASED FILES) 11) SEARCH FILES, FILE SLACK AND UNALLOCATED SPACE FOR KEY WORDS 12) DOCUMENT FILE NAMES, DATES AND TIMES 13) IDENTIFY FILE, PROGRAM AND STORAGE ANOMALIES 14) EVALUATE PROGRAM FUNCTIONALITY 15) DOCUMENT YOUR FINDINGS
APPLICATIONS •FINANCIAL FRAUD DETECTION •CRIMINAL PROSECUTION •CIVIL LITIGATION •“CORPORATE SECURITY POLICY AND VIOLATIONS”
WHO USES COMPUTER FORENSICS CRIMINAL PROSECUTORS RELY ON EVIDENCE OBTAINED FROM A COMPUTER TO PROSECUTE SUSPECTS AND USE AS EVIDENCE. CIVIL LITIGATIONS PERSONAL AND BUSINESS DATA DISCOVERED ON A COMPUTER CAN BE USED IN FRAUD, HARASSMENT, OR DISCRIMINATION CASES. PRIVATE CORPORATIONS OBTAINED EVIDENCE FROM EMPLOYEE COMPUTERS CAN BE USED AS EVIDENCE IN HARASSMENT, FRAUD, AND EMBEZZLEMENT CASES.
LAW ENFORCEMENT OFFICIALS RELY ON COMPUTER FORENSICS TO BACKUP SEARCH WARRANTS AND POST-SEIZURE HANDLING. INDIVIDUAL/PRIVATE CITIZENS OBTAIN THE SERVICES OF PROFESSIONAL COMPUTER FORENSIC SPECIALISTS TO SUPPORT CLAIMS OF HARASSMENT, ABUSE, OR WRONGFUL TERMINATION FROM EMPLOYMENT.
THANK YOU

Recomendados

Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensicsChaitanya Dhareshwar
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Cyber Crimes & Cyber Forensics
Cyber Crimes & Cyber ForensicsCyber Crimes & Cyber Forensics
Cyber Crimes & Cyber Forensicsjahanzebmunawar
 
cyber Forensics
cyber Forensicscyber Forensics
cyber ForensicsMuzzammil Wani
 
Digital forensics
Digital forensics Digital forensics
Digital forensics Adriana Backman
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 

Recomendados

Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsOldsun
 
Intro to cyber forensics
Intro to cyber forensicsIntro to cyber forensics
Intro to cyber forensicsChaitanya Dhareshwar
 
computer forensics
computer forensicscomputer forensics
computer forensicsAkhil Kumar
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsVikas Jain
 
Cyber Crimes & Cyber Forensics
Cyber Crimes & Cyber ForensicsCyber Crimes & Cyber Forensics
Cyber Crimes & Cyber Forensicsjahanzebmunawar
 
cyber Forensics
cyber Forensicscyber Forensics
cyber ForensicsMuzzammil Wani
 
Digital forensics
Digital forensics Digital forensics
Digital forensics Adriana Backman
 
Computer Forensic
Computer ForensicComputer Forensic
Computer ForensicTawhidur Rahman
 
Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2Manu Mathew Cherian
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools Jyothishmathi Institute of Technology and Science Karimnagar
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsyash sawarkar
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensicsalrawes
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1Manu Mathew Cherian
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
 
Digital Forensics Projects Assistance
Digital Forensics Projects Assistance Digital Forensics Projects Assistance
Digital Forensics Projects Assistance Network Simulation Tools
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital ForensicsNicholas Davis
 
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...John Bambenek
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
IT forensic
IT forensicIT forensic
IT forensicRupesh Verma
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 
CSO Burglary Statistics 2013
CSO Burglary Statistics 2013CSO Burglary Statistics 2013
CSO Burglary Statistics 2013DeWAR.ie
 
Waste disposal ic-ipp-presentation-october8-2013
Waste disposal ic-ipp-presentation-october8-2013Waste disposal ic-ipp-presentation-october8-2013
Waste disposal ic-ipp-presentation-october8-2013Gamal ElDin Soliman
 

Más contenido relacionado

La actualidad más candente

Anti forensic
Anti forensicAnti forensic
Anti forensicMilap Oza
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Sagar Rahurkar
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensicsalrawes
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its roleSudeshna Basak
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...GarethKnight
 
Digital forensics
Digital forensics Digital forensics
Digital forensics vishnuv43
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)AltheimPrivacy
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsZyxware Technologies
 
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...John Bambenek
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic pptPriya Manik
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating proceduresSoumen Debgupta
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkitMilap Oza
 

La actualidad más candente (20)

Anti forensic
Anti forensicAnti forensic
Anti forensic
 
Cyber Forensics Module 2
Cyber Forensics Module 2Cyber Forensics Module 2
Cyber Forensics Module 2
 
Current Forensic Tools
Current Forensic Tools Current Forensic Tools
Current Forensic Tools
 
Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...Digital Forensics best practices with the use of open source tools and admiss...
Digital Forensics best practices with the use of open source tools and admiss...
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 
Computer forensics and its role
Computer forensics and its roleComputer forensics and its role
Computer forensics and its role
 
Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...Watching the Detectives: Using digital forensics techniques to investigate th...
Watching the Detectives: Using digital forensics techniques to investigate th...
 
Cyber Forensics Module 1
Cyber Forensics Module 1Cyber Forensics Module 1
Cyber Forensics Module 1
 
Digital forensics
Digital forensics Digital forensics
Digital forensics
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)Digital Forensics by William C. Barker (NIST)
Digital Forensics by William C. Barker (NIST)
 
An introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensicsAn introduction to cyber forensics and open source tools in cyber forensics
An introduction to cyber forensics and open source tools in cyber forensics
 
Digital Forensics Projects Assistance
Digital Forensics Projects Assistance Digital Forensics Projects Assistance
Digital Forensics Projects Assistance
 
Digital Forensics
Digital ForensicsDigital Forensics
Digital Forensics
 
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
Cybercrime and Computer Forensics Seminar - Chicago Bar Association CLE May 2...
 
Computer forensic ppt
Computer forensic pptComputer forensic ppt
Computer forensic ppt
 
IT forensic
IT forensicIT forensic
IT forensic
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
Computer forensics toolkit
Computer forensics toolkitComputer forensics toolkit
Computer forensics toolkit
 

Destacado

CSO Burglary Statistics 2013
CSO Burglary Statistics 2013CSO Burglary Statistics 2013
CSO Burglary Statistics 2013DeWAR.ie
 
Waste disposal ic-ipp-presentation-october8-2013
Waste disposal ic-ipp-presentation-october8-2013Waste disposal ic-ipp-presentation-october8-2013
Waste disposal ic-ipp-presentation-october8-2013Gamal ElDin Soliman
 
Redes de computadoras. (dina )
Redes de computadoras. (dina )Redes de computadoras. (dina )
Redes de computadoras. (dina )dinamaria1995
 
True- and False-Self Manifestations in the Application Process for Internship...
True- and False-Self Manifestations in the Application Process for Internship...True- and False-Self Manifestations in the Application Process for Internship...
True- and False-Self Manifestations in the Application Process for Internship...James Tobin
 
Health, Care, Quality, improvement, Introduction Gamal Soliman 24-2010
Health, Care, Quality, improvement, Introduction Gamal Soliman 24-2010Health, Care, Quality, improvement, Introduction Gamal Soliman 24-2010
Health, Care, Quality, improvement, Introduction Gamal Soliman 24-2010Gamal ElDin Soliman
 
Potentially Hazardous Household Materials
Potentially Hazardous Household MaterialsPotentially Hazardous Household Materials
Potentially Hazardous Household MaterialsDeWAR.ie
 
SBA GRANT TSL 2015
SBA GRANT TSL 2015SBA GRANT TSL 2015
SBA GRANT TSL 2015Joel Bennett
 
The Silent Epidemic of "Self-Estrangement" Among Today's Adolescents and Youn...
The Silent Epidemic of "Self-Estrangement" Among Today's Adolescents and Youn...The Silent Epidemic of "Self-Estrangement" Among Today's Adolescents and Youn...
The Silent Epidemic of "Self-Estrangement" Among Today's Adolescents and Youn...James Tobin
 
Photodegradation of Hexythiaz ox in Different Solvent Systems under the Influ...
Photodegradation of Hexythiaz ox in Different Solvent Systems under the Influ...Photodegradation of Hexythiaz ox in Different Solvent Systems under the Influ...
Photodegradation of Hexythiaz ox in Different Solvent Systems under the Influ...Dr. Sudeb Mandal
 
Mastering your essentials cdo
Mastering your essentials cdoMastering your essentials cdo
Mastering your essentials cdocyrancy730
 
Preventing the spread of infection
Preventing the spread of infectionPreventing the spread of infection
Preventing the spread of infectionGamal ElDin Soliman
 
Regulations and certifications required for export of agro produce by Dr Su...
Regulations and certifications required for export of agro produce by Dr Su...Regulations and certifications required for export of agro produce by Dr Su...
Regulations and certifications required for export of agro produce by Dr Su...Dr. Sudeb Mandal
 
Diaspositivas
DiaspositivasDiaspositivas
Diaspositivasaskdaga
 

Destacado (20)

CSO Burglary Statistics 2013
CSO Burglary Statistics 2013CSO Burglary Statistics 2013
CSO Burglary Statistics 2013
 
Waste disposal ic-ipp-presentation-october8-2013
Waste disposal ic-ipp-presentation-october8-2013Waste disposal ic-ipp-presentation-october8-2013
Waste disposal ic-ipp-presentation-october8-2013
 
Er spinal cord injury
Er spinal cord injuryEr spinal cord injury
Er spinal cord injury
 
Redes de computadoras. (dina )
Redes de computadoras. (dina )Redes de computadoras. (dina )
Redes de computadoras. (dina )
 
True- and False-Self Manifestations in the Application Process for Internship...
True- and False-Self Manifestations in the Application Process for Internship...True- and False-Self Manifestations in the Application Process for Internship...
True- and False-Self Manifestations in the Application Process for Internship...
 
Itc reams caspari
Itc reams caspariItc reams caspari
Itc reams caspari
 
Health, Care, Quality, improvement, Introduction Gamal Soliman 24-2010
Health, Care, Quality, improvement, Introduction Gamal Soliman 24-2010Health, Care, Quality, improvement, Introduction Gamal Soliman 24-2010
Health, Care, Quality, improvement, Introduction Gamal Soliman 24-2010
 
Prezi 1
Prezi 1Prezi 1
Prezi 1
 
Potentially Hazardous Household Materials
Potentially Hazardous Household MaterialsPotentially Hazardous Household Materials
Potentially Hazardous Household Materials
 
Presentación1
Presentación1Presentación1
Presentación1
 
SBA GRANT TSL 2015
SBA GRANT TSL 2015SBA GRANT TSL 2015
SBA GRANT TSL 2015
 
The Silent Epidemic of "Self-Estrangement" Among Today's Adolescents and Youn...
The Silent Epidemic of "Self-Estrangement" Among Today's Adolescents and Youn...The Silent Epidemic of "Self-Estrangement" Among Today's Adolescents and Youn...
The Silent Epidemic of "Self-Estrangement" Among Today's Adolescents and Youn...
 
Photodegradation of Hexythiaz ox in Different Solvent Systems under the Influ...
Photodegradation of Hexythiaz ox in Different Solvent Systems under the Influ...Photodegradation of Hexythiaz ox in Different Solvent Systems under the Influ...
Photodegradation of Hexythiaz ox in Different Solvent Systems under the Influ...
 
Reto
RetoReto
Reto
 
Mastering your essentials cdo
Mastering your essentials cdoMastering your essentials cdo
Mastering your essentials cdo
 
Preventing the spread of infection
Preventing the spread of infectionPreventing the spread of infection
Preventing the spread of infection
 
Regulations and certifications required for export of agro produce by Dr Su...
Regulations and certifications required for export of agro produce by Dr Su...Regulations and certifications required for export of agro produce by Dr Su...
Regulations and certifications required for export of agro produce by Dr Su...
 
Cook Greuter itc'13
Cook Greuter itc'13Cook Greuter itc'13
Cook Greuter itc'13
 
Diaspositivas
DiaspositivasDiaspositivas
Diaspositivas
 
Er policy
Er policyEr policy
Er policy
 

Similar a Computer forensics libin

Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collectiongagan deep
 
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxsmile790243
 
Vest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenVest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenMarc Hullegie
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic InvestigatorAgape Inc
 
Methods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics EnvironmentsMethods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics Environmentspiccimario
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowWinston & Strawn LLP
 
Computer forensics
Computer forensicsComputer forensics
Computer forensicsdeaneal
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfGnanavi2
 
computer forensics
computer forensicscomputer forensics
computer forensicsAmit Singh
 
computer forensics by amritanshu kaushik
computer forensics by amritanshu kaushikcomputer forensics by amritanshu kaushik
computer forensics by amritanshu kaushikamritanshu4u
 
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptxKomalNagre4
 
All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!Xavier Mertens
 
AntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdfAntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdfekobelasting
 
Telco analytics at scale
Telco analytics at scaleTelco analytics at scale
Telco analytics at scaledatamantra
 
Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingAmbuj Kumar
 

Similar a Computer forensics libin (20)

Examining computer and evidence collection
Examining computer and evidence collectionExamining computer and evidence collection
Examining computer and evidence collection
 
3871778
38717783871778
3871778
 
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docxLecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
Lecture 09 - Memory Forensics.pdfL E C T U R E 9 B Y .docx
 
Vest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuvenVest Forensics presentation owasp benelux days 2012 leuven
Vest Forensics presentation owasp benelux days 2012 leuven
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
 
Methods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics EnvironmentsMethods and Instruments for the new Digital Forensics Environments
Methods and Instruments for the new Digital Forensics Environments
 
Computer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to KnowComputer Forensics – What Every Lawyer Needs to Know
Computer Forensics – What Every Lawyer Needs to Know
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
computerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdfcomputerforensics-140529094816-phpapp01 (1).pdf
computerforensics-140529094816-phpapp01 (1).pdf
 
Autopsy Digital forensics tool
Autopsy Digital forensics toolAutopsy Digital forensics tool
Autopsy Digital forensics tool
 
computer forensics
computer forensicscomputer forensics
computer forensics
 
computer forensics by amritanshu kaushik
computer forensics by amritanshu kaushikcomputer forensics by amritanshu kaushik
computer forensics by amritanshu kaushik
 
Computer Forensic Tools.pptx
Computer Forensic Tools.pptxComputer Forensic Tools.pptx
Computer Forensic Tools.pptx
 
All your logs are belong to you!
All your logs are belong to you!All your logs are belong to you!
All your logs are belong to you!
 
All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!All Your Security Events Are Belong to ... You!
All Your Security Events Are Belong to ... You!
 
AntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdfAntiForensics - Leveraging OS and File System Artifacts.pdf
AntiForensics - Leveraging OS and File System Artifacts.pdf
 
Telco analytics at scale
Telco analytics at scaleTelco analytics at scale
Telco analytics at scale
 
Presentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hackingPresentation cyber forensics & ethical hacking
Presentation cyber forensics & ethical hacking
 
Computer forensics
Computer forensicsComputer forensics
Computer forensics
 
Computer Forensics
Computer ForensicsComputer Forensics
Computer Forensics
 

Último

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 

Último (20)

Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 

Computer forensics libin

  • 2. WHAT ALL NEWSES WE SEE TODAY..?
  • 3. WHAT IS COMPUTER FORENSICS A process of applying scientific and analytical techniques to computer Operating Systems and File Structures to determining the potential Legal Evidence.
  • 4.  IT IS THE PRACTICE OF LAWFULLY ESTABLISHING EVIDENCE AND FACTS.  This is science involving legal evidence THAT IS FOUND IN DIGITAL STORAGE MEDIUMS AND IN COMPUTERS.  Subdivisions: -  DISK FORENSICS  Network forensics  MOBILE FORENSICS
  • 5. TYPES OF CYBER CRIMES FORGERY BREECH OF COMPUTER SECURITY FRAUD/THEFT COPYRIGHT VIOLATIONS IDENTITY THEFT THREATS BURGLARY HOMICIDE ADMINISTRATIVE INVESTIGATIONS CYBER TERRORISM SALES AND INVESTMENT FRAUD ELECTRONIC FUND TRANSFER FRAUD
  • 6. CYBER CRIME : TOP 20 COUNTRIES
  • 7. SOURCE OF EVIDENCE  SLACK, FREE, SWAP, RECYCLE BIN  EVENT LOGS  REGISTRY  APPLICATION FILES, TEMP FILES  E-MAIL  BROWSER HISTORY AND CACHE
  • 8. DIGITAL EVIDENCE •“ANY DATA THAT IS RECORDED OR PRESERVED ON ANY MEDIUM IN OR BY A COMPUTER SYSTEM OR OTHER SIMILAR DEVICE, THAT CAN BE READ OR UNDERSTAND BY A PERSON OR A COMPUTER SYSTEM OR OTHER SIMILAR DEVICE. IT INCLUDES A DISPLAY, PRINT OUT OR OTHER OUTPUT OF THAT DATA.”
  • 9. TYPES OF DIGITAL EVIDENCE 1) PERSISTANT DATA Meaning data that remains intact when the computer is turned off. E.G. Hard drives, disk drives and removable storage devices (such as USB drives or flash drives). 2) VOLATILE DATA, Meaning data that would be lost if the computer is turned off. E.G. Deleted files, computer history, the computer's registry, temporary files and web browsing history.
  • 10. FORENSIC TOOLS •BLACKLIGHT - Windows, mac and ios forensics analysis software •INTERNET EVIDENCE FINDER - Forensic tool that recovers internet related communications (chat, social networking, webmail, cloud, web history, and more), including deleted data •SANS INVESTIGATIVE FORENSICS TOOLKIT (SIFT) - Multi- purpose forensic operating system •REGISTRY RECON - Forensics tool that rebuilds windows registries from anywhere on a hard drive and parses them for deep analysis.
  • 11. MOBILE DEVICE FORENSICS •CELLEBRITE MOBILE FORENSICS - Universal forensics extraction device - hardware and software •MICROSYSTEMATION XRY/XACT - Hardware/software package, specialises in deleted data •ELCOMSOFT IOS FORENSIC TOOLKIT (EIFT) - Acquires bit- precise images of apple ios devices in real time •ELCOMSOFT PHONE PASSWORD BREAKER - Enables forensic access to password-protected backups for smartphones and portable devices based on RIM blackberry and apple ios platforms,
  • 12. FORENSICS PROCEDURES 1) Make a digital copy of the original evidence. Investigators make a copy of the evidence and work with the copy to reduce the possibility of inadvertently changing the original evidence. 2) Authenticate that the copy of the evidence. Investigators must verify the copy of the evidence is exactly the same as the original. 3) Analyze the digital copy. The specific procedures performed in an investigation are determined by the specific circumstances under which the investigation is occurring.
  • 13. CREATING A FORENSIC IMAGE •Use a write blocker to ensure that no data is written back to the subject’s hard drive •Connect the disk to forensic server. •Create the image of disk using commands or specific applications •Verify the image using md5 sum
  • 14. ANALYSIS OF A FORENSIC IMAGE •Logical and Physical analysis •Logical – Conventional way of accessing files using file explorer, image viewers e.t.c. Analyses allocated space •Physical – Using hex editors. Analyses unallocated and slack space • Mount image • Search for files using keywords, type e.t.c
  • 15. TO REDUCE SEARCH SIZE •HASH ANALYSIS •SIGNATURE ANALYSIS
  • 16. SEARCHING FOR EVIDENCE •Emails •Windows swap file - A swap file is virtual memory that is used as an extension of the computer systems RAM •Cookies - cookies are pieces of information generated by a web server and stored in the user's computer, ready for future access •INDEX.DAT
  • 17. index.dat FILE •Every time a user uses windows explorer or internet explorer access a file or web site, digital traces of these activities are placed on the hard drive. •index.dat files are binary files •Pasco is a small open source application that parses the contents of index.dat files, and outputs the results into a tab delimited file •Containing informations Files accessed and opened via windows explorer (rows 4 through 9) Keywords used in searches over the internet (rows 10 and 11) Urls visited via internet explorer (rows 12 through 15)
  • 18. WHAT HAPPENS WHEN A FILE IS DELETED..? Consider fat file system •Constructed with 1. The boot record is the 1st sector of the disk 2. 1st file allocation table 3. 2nd file allocation table (a backup to the first) 4. Root directory 5. Data area
  • 19. When file is deleted •The first character of the file’s name in the root directory is changed to e5h. •The fat entries are set to 0.
  • 20. COMPUTER FORENSICS METHODOLOGY 1) SHUT DOWN THE COMPUTER 2) DOCUMENT THE HARDWARE CONFIGURATION OF THE SYSTEM 3) TRANSPORT THE COMPUTER SYSTEM TO A SECURE LOCATION 4) MAKE BIT STREAM BACKUPS OF HARD DISKS AND FLOPPY DISKS 5) MATHEMATICALLY VERIFY DATA ON ALL STORAGE DEVICES 6) DOCUMENT THE SYSTEM DATE AND TIME 7) MAKE A LIST OF KEY SEARCH WORDS
  • 21. 8) EVALUATE THE WINDOWS SWAP FILE 9) EVALUATE FILE SLACK 10) EVALUATE UNALLOCATED SPACE (ERASED FILES) 11) SEARCH FILES, FILE SLACK AND UNALLOCATED SPACE FOR KEY WORDS 12) DOCUMENT FILE NAMES, DATES AND TIMES 13) IDENTIFY FILE, PROGRAM AND STORAGE ANOMALIES 14) EVALUATE PROGRAM FUNCTIONALITY 15) DOCUMENT YOUR FINDINGS
  • 22. APPLICATIONS •FINANCIAL FRAUD DETECTION •CRIMINAL PROSECUTION •CIVIL LITIGATION •“CORPORATE SECURITY POLICY AND VIOLATIONS”
  • 23. WHO USES COMPUTER FORENSICS CRIMINAL PROSECUTORS RELY ON EVIDENCE OBTAINED FROM A COMPUTER TO PROSECUTE SUSPECTS AND USE AS EVIDENCE. CIVIL LITIGATIONS PERSONAL AND BUSINESS DATA DISCOVERED ON A COMPUTER CAN BE USED IN FRAUD, HARASSMENT, OR DISCRIMINATION CASES. PRIVATE CORPORATIONS OBTAINED EVIDENCE FROM EMPLOYEE COMPUTERS CAN BE USED AS EVIDENCE IN HARASSMENT, FRAUD, AND EMBEZZLEMENT CASES.
  • 24. LAW ENFORCEMENT OFFICIALS RELY ON COMPUTER FORENSICS TO BACKUP SEARCH WARRANTS AND POST-SEIZURE HANDLING. INDIVIDUAL/PRIVATE CITIZENS OBTAIN THE SERVICES OF PROFESSIONAL COMPUTER FORENSIC SPECIALISTS TO SUPPORT CLAIMS OF HARASSMENT, ABUSE, OR WRONGFUL TERMINATION FROM EMPLOYMENT.