1. Introduction
1.1. Multi disciplinary & wide coverage
1.2. Tools might be abused
2. Forensics Process
2.1. Identification
2.1.1. Application of sciences to answer the questions of interest to the legal system
2.2. Extraction
2.2.1. Simple information retrieval to reconstructing a series of event leading to the incident
2.3. Deliverables for court
2.3.1. Documentation Purpose: Report for public presentation. answer the "what" question
2.3.2. Intelligent Data
2.3.2.1. Support guilt / innocence
2.3.2.2. Show timeline of events leading to the incident
2.3.2.3. Shows hidden relationships
2.3.3. Evidence
2.3.3.1. Definition: Includes any testimony, documents / tangible matter that will be introduced to the judge to establish a point put forth by the party
2.3.3.2. Legally Admissible Evidence Must be able to prove it preservation via
2.3.3.2.1. Digital Hash Show that the data was not tampered by anyone
2.3.3.2.2. Chain of Custody Refer to the process of maintaining & documenting who is handling the evidence
2.3.3.3. Dual Tool Verification
2.3.3.3.1. Result needs to be confirm with at least 2 tools. Different software version may produce different results
2.3.3.3.2. Methods
3. Types of Evidences
3.1. Circumstantial Evidence
3.1.1. Relies on as an inference for a suspected connections
3.1.2. Possible relation to the case
3.2. Direct Evidence
3.2.1. Support the truth of an assertion directly without the need for any additional evidence / inference
3.2.1.1. E.g. Murder Weapon with fingerprint of the suspected murderer
3.3. They can be
3.3.1. Exculpatory
3.3.1.1. Evidence that is favorable to the defendant [accquit]
3.3.2. Incluplatory
3.3.2.1. Evidence that show / tend to prove guilt
4. Practical / Application Examples
4.1. Application of computer forensics in recovering an art pieces
4.2. Netspionage
4.2.1. The use of networks & computers & other associated capabilities to steal corporations' secrets
4.2.1.1. Commercial
4.2.1.2. Government
4.2.2. People who commit this crime are called
4.2.2.1. Techno-spies
4.2.2.2. Netspionage Agents
4.3. Law
4.3.1. Bribery with the help of emails exchange in and out of the device
4.4. Spying on the Government through encryption machines
5. Digital Forensics
5.1. Computer Forensics
5.1.1. includes
5.1.1.1. Laptops
5.1.1.2. Operating Systems
5.1.1.3. File Systems
5.1.1.4. Virtual Machines
5.1.1.5. Desktop
5.1.1.6. Tablet
5.1.1.7. Mobile Device
5.1.2. Have shift to mobile devices more as people spent more time on their mobile phone
5.1.3. Digital Evidence
5.1.3.1. Data of value to an investigator
5.1.3.2. Stored, received or transmitted by an electronic device
5.1.4. Tools
5.1.4.1. Open Source
5.1.4.1.1. E.g. Autopsy
5.1.4.2. Closed Source
5.1.4.2.1. E.g. Encase
5.1.4.3. Personal Approach: To use open source to own the capability & to understand the concept
5.2. Network Forensics
5.2.1. Definition
5.2.1.1. Refers to data in transits, transmitted via
5.2.1.1.1. Private Network
5.2.1.1.2. Public network
5.2.2. Includes
5.2.2.1. Domain Name Analysis
5.2.2.2. Web Vulnerability
5.2.2.3. Network Sniffer
5.2.2.3.1. Eavesdrop bit stream
5.2.2.3.2. Detect network intrusion & network attacks
5.2.2.3.3. Re-assemble traffic
5.3. involves
5.3.1. Preservation
5.3.2. Acquisition
5.3.3. Documentation
5.3.4. Analysis
5.3.5. Interpretation
6. Daubert Evidence Standard
6.1. Aims: Assess the reliability of scientific / digital evidence
6.2. Criterias
6.2.1. The techniques has been tested?
6.2.2. It has undergone peer review?
6.2.3. If there is a known error rate?
6.2.4. If there is an existence & maintenance of standards controlling its operation?
6.2.5. If the techniques is generally accepted by the scientific community ?
6.3. Daubert Motion is a challenge to the "expert" to explain the evidence in simple terms
6.4. Note: Open Source tools are may comprehensively meet the standard
7. Locard's Exchange Principle
7.1. Technical Term: Transfer
7.2. What this mean?
7.2.1. Every contact leaves a trace
7.2.2. Motivation to search harder
7.2.3. Applies to everyone
7.2.3.1. Might unintentionally change the content