Computer forensics today: Part 1

Hey, welcome back to the course. So in the last video, we talked about the information we're going to actually cover in the course. Right. So we went over the course modules and different aspects in those we're going to cover. We also talked about my background as your instructor. My name is Ken Underhill, again, in case you forgot. And then also we talked about the course structure. Right. So we talked about some of the sections, we are going to have pre and post-assessment questions to kind of test your knowledge. We're also going to have different labs throughout the course as well as a lot of free resources for you to download. Right. So I'm sharing the notes I used to study for the EC Council, Computer Hacking and Forensic Investigator Examination as well as sharing step-by-step guides for the labs and also sharing the PowerPoint presentations. So in this video, we're going to cover Module 1 stuff. So we're going to cover kind of a brief history of digital forensics, some pertinent information in that at least. We'll talk about some different challenges for the investigators as well as the investigative process itself. So as I mentioned, it's different pre-assessment post assessment questions throughout the course. So here's one right off the bat for you. So what does SWGDE stand for? All right. So if you guessed answer A, you are correct. It stands for Scientific Working Group on Digital Evidence. Don't worry about what that is right now. We're going to cover that a little later on in this module. So computer forensics, and you also hear it called digital forensics. So the main difference here being computer forensics is going to cover just computer components. Right. So my hard drive, you know, my CD ROM, you know, my CD itself, that sort of stuff, my RAM. Whereas like digital evidence might include things like your smartphone. Right. Or your camera if you have a digital camera, that sort of stuff. So just keep that in mind. Now for the examination itself, you're not going to need to know those different like that EC Counsel actually uses a terminology interchangeably, but in the real world, just know kind of the difference there between them. Again, most people use them interchangeably. So what is computer forensics or digital forensics? Right. Basically, it's a set of procedures and techniques that are going to help us as an investigator, you know, identify what evidence we actually want to collect or that we can legally collect. Right. So, for example, what does our warrant cover? Then from there, we're going to actually gather that evidence. Right. If we're going to collect it and then we're going to preserve it, we're going to make a duplicate of it with a bit-by-bit. When we do the bit-by-bit, copy, excuse me, to prevent alteration of it, you know, all that stuff is intertwined. And then from there, we're going to analyze it. Right. We're going to interpret the information we have, see what it means to us, and then we'll spit that out in some kind of report or other documentation. From there, we would take it like the prosecutor, if it's like a criminal case, if it's a civil case, we might give it to our attorney or something or, you know, like an administrative case, you know, was handed to like HR or something like that. Excuse me. So kind of the brief history here, the couple of items that you really need to know off this list are going to be the low cards exchange principle. So basically, what that means is that -- basically, what that is, is if I go into a crime scene, I leave a part of me somehow, like I leave something there. And then also I take something with me. right. So that's kind of the low cards exchange principle in a nutshell. If I'm at a scene, I leave something and I take something. The other notable thing here in 1986, the Computer Fraud and Abuse Act was passed. So we'll talk about that a little later on in this module. Different types of computer crimes that you might see out there, they're are kind of the most common ones. Phishing, Malware and Ransomware kind of go alongside that. Identity Theft, Financial fraud, Cyberterrorism. If you're not familiar with that, basically, let's pretend I'm a terrorist, I'm going to use a computer or computer systems to further my propaganda and try to intimidate you. Well, not necessarily you, but like, kind of a group of people. Right. So it could be like religious-based or whatnot. Cyberextortion. That's kind of where you hear about like somebody, some criminal hacker, like hacked somebody's webcam. Right. And then took a bunch of nude photos of them and said -- then send them an email and said, hey, I'm going to release this, you know, to your kid's school unless you do what I say. So that's basically the extortion aspect of it. Cyber warfare. That's kind of self-explanatory. So basically, nation states trying to hack each other and do nefarious things. Cyberbullying. You know, that's kind of a more popular topic these days. There's been several kids that have committed suicide on it. So if you know someone getting bullied, definitely reach out and help them out and get them the help they need. But essentially, it's kind of like back in the schoolyard where the bully would come up to you, push you down or whatever. You know, some of us would punch the bully in the face. Other people would just take the push down and give the bully their lunch money. So similar thing here, it's just, you know, someone using a computer and using like social media. It's kind of the main avenue there for the cyberbullying. And then, of course, narcotic trafficking. You know, who could forget about that? That's kind of a popular thing, especially on the underground, people are buying and selling narcotics all the time. So many challenges for investigators, kind of the most prevalent one would be encryption along with like steganography. So again, this is hiding something inside of something else as well as, you know, anti-forensics. So that includes things like encryption and data wiping and steganography inside of that. Different legal challenges. Right. So if for example, we're here in the US and we track somebody down and they're actually in a country with no extradition treaty or a country that doesn't really have like a law enforcement infrastructure in place or they're corrupt or something, you know, we have to consider that like, is it even worth us trying to get an indictment or something? And different types of media formats we might encounter. So, for example, let's say I'm an investigator and I'm not good with Mac, but the stuff is on a Mac, so that's a challenge. Right. I have to find somebody that's good with Mac. The volume of data. So, for example, if we're recovering from a raid or something, excuse me, the volume of data might be too much for us to acquire in moving it to the next thing there the time frame. Right. If we've got the prosecutor saying I need this stuff by next week, we might not have enough time to recover the information as well as analyze it and get findings on it. Right. So we might have to just choose some of the most common areas that people hide stuff when they do stuff. And so that way, we can see if there's information in there. So the investigative process. So basically, we're assessing what evidence do we need? Then we're going to acquire that evidence, preserve it, make sure we make a copy of it and then analyze the copy of it. And based off our findings, we'll actually go ahead and generate some kind of report. So in this video, we covered kind of the history of forensics in a nutshell there, as well as different types of computer crimes. In the next video, we're going to talk about the difference between criminal, civil, and administrative investigations.