1 / 13

COEN 152 Computer Forensics

COEN 152 Computer Forensics. Introduction to Computer Forensics. Computer Forensics. Digital Investigation Focuses on a digital device Computer Router Switch Cell-phone SIM-card …. Computer Forensics. Digital Investigation

elie
Download Presentation

COEN 152 Computer Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COEN 152 Computer Forensics Introduction to Computer Forensics

  2. Computer Forensics • Digital Investigation • Focuses on a digital device • Computer • Router • Switch • Cell-phone • SIM-card • …

  3. Computer Forensics • Digital Investigation • Focuses on a digital device involved in an incident or crime • Computer intrusion • Generic criminal activity • Perpetrator uses internet to gather information used in the perpetration of a crime. • Digital device is an instrument of a crime • Perpetrator uses cell-phone to set-off a bomb. • Details are sensitive to natural security. If you get clearance, I can tell you who to ask. • Email scams • Internet auction fraud • Computer is used for intrusion of another system.

  4. Computer Forensics • Digital Investigation • Has different goals • Prevention of further intrusions. • Goal is to reconstruct modus operandi of intruder to prevent further intrusions. • Assessment of damage. • Goal is to certify system for safe use. • Reconstruction of an incident. • For criminal proceedings. • For organization-internal proceedings.

  5. Computer Forensics • Digital Investigation • Process where we develop and test hypotheses that answer questions about digital events. • We can use an adaptation of the scientific method where we establish hypotheses based on findings and then (if possible) test our hypotheses against findings resulting from additional investigations.

  6. Computer Forensics • Evidence • Procedural notion • That on what our findings are based. • Legal notion • Defined by the “rules of evidence” • Differ by legislation • “Hear-say” is procedurally evidence, but excluded (under many circumstances) as legal evidence.

  7. Computer Forensics • Forensics • Used in the “forum”, especially for judicial proceedings. • Definition: legal

  8. Computer Forensics • Digital Crime Scene Investigation Process • System Preservation Phase • Evidence Searching Phase • Event Reconstruction Phase • Note: • These phases are different activities that intermingle.

  9. Computer Forensics • Who should know about Computer Forensics • Those involved in legal proceedings that might use digital evidence • Judges, Prosecutors, Attorneys, Law Enforcement, Expert Witnesses • Those involved in Systems Administration • Systems Administrators, Network Administrators, Security Officers • Those writing procedures • Managers

  10. Computer Forensics • Computer Forensics presupposes skills in • Ethics • Law, especially rules of evidence • System and network administration • Digital data presentation • Number and character representation • Systems • OS, especially file systems. • Hardware, especially disk drives, memory systems, computer architecture, … • Networking • Network protocols, Intrusion detection, … • Information Systems Management

  11. COEN 152 • Prerequisites: • Junior standing • Willingness to learn about Computer Organization, OS (Processes, File Systems,) Network Protocols.

  12. COEN 152 • Grading • Written final. • Practical final. • For your convenience, I will try to release it as the quarter progresses. • You’ll need access to a computer with administrator privileges. • Laboratory projects • Ethics and legal cases. • Email tracing and forging. • Hard drive analysis. • Network traces. • … • Syllabus contains binding weights.

  13. COEN 152 • Labs: • I will move half of each lab (random selection if necessary) to Friday lab. • Unless there is a documented conflict. • Maximum enrollment is 15 per lab (= number of computers). • You will have administrative privileges for the computers. • You are not allowed to connect to the internet other than through the wireless. • You change the IP setting on your own and / or connect to the internet other than through the firewall  Automatic F in lab  Automatic F in class. • You delete an application we need, you get to reinstall it or you receive an F in lab (and hence in class). • Clean up after using laptop. (Remove temporary files). • Feel free to save files on floppy / USB memory stick.

More Related