1 / 25

Computer Forensics Lab Simulation

Computer Forensics Lab Simulation. METCS693 Xianghua Tu Samantha Liang July 26, 2005. Computer Forensics Lab Simulation. The case Simulation Scenario Initial design and assessment for the case Investigation Tools Data Acquisition Data Analysis Report References. The Case.

heidi
Download Presentation

Computer Forensics Lab Simulation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Forensics Lab Simulation METCS693 Xianghua Tu Samantha Liang July 26, 2005

  2. Computer Forensics Lab Simulation • The case • Simulation Scenario • Initial design and assessment for the case • Investigation Tools • Data Acquisition • Data Analysis • Report • References

  3. The Case A young girl is missing after having an argument with her parents. They call the police on July 26. A police officer shows up the next day to interview them. The officer finds out that the daughter has spent a lot of time on the internet. The parents agree to let him take her laptop… (from Case Project 2-2, p77)

  4. Simulation Scenario • A girl named Nancy has been communicating with a stranger by email and yahoo messenger, complaining about her parents. She exchanged pictures with the stranger by email. • The stranger offered her an air ticket to fly to his place and sent her the electronic ticket by email • The girl checked the map online for directions • Before she left home, she deleted the picture files from the stranger

  5. Initial design and assessment for the case • The nature of the case: missing person which may involve woman/child abduction • Computer OS: Windows XP Pro • Potential place for evidence: hard drive, email, internet, instant messenger

  6. Investigation Tools • Web Browser Analysis • pasco • Email Analysis • FTK • IM Analysis • Universal IM History Decoder • Hard Drive Analysis • FTK

  7. Data Acquisition: FTK Imager

  8. Data Acquisition: FTK Imager

  9. Data Acquisition: FTK Imager

  10. Data Reconstruction: FTK

  11. Data Analysis • Web browsing analysis • Email analysis • Instant Messenger analysis • Hard drive analysis

  12. Web Browsing Analysis: pasco

  13. Web Browsing Analysis: pasco

  14. Web Browsing Analysis: pasco

  15. Web Browsing Analysis: pasco

  16. Email Analysis: FTK

  17. Email Analysis: FTK

  18. Instant Messenger Analysis: Universal IM History Decoder

  19. Hard Drive Analysis: FTK

  20. Hard Drive Analysis: FTK

  21. Hard Drive Analysis: FTK

  22. Report

  23. Report

  24. Report • Nancy’s activities: • Communications with the suspect • Electronic ticket • Mapquest • Information about the suspect: • IP address • Email address • Picture

  25. References • Nelson B. et al. (2005) Guide to Computer Forensics and Investigations, Second Edition. Boston: Thomson. • Pasco Forensic Tool: http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/pasco.htm • Universal IM History Decoder 1.3 http://www.zamovsoft.com/ • Web Browser Forensics http://www.securityfocus.com/infocus/1827

More Related