1 / 20

FINAL YEAR PROJECT Trevor Brosnan BSc( Hons ) Computer Forensics 20039663@mail.wit.ie

FINAL YEAR PROJECT Trevor Brosnan BSc( Hons ) Computer Forensics 20039663@mail.wit.ie. COFEE COMPARISON DEMOSTRATION COMPATIBLE / TESTING FUTURE /CONCLUSION QUESTIONS/ISSUES. ORIGINS OF PROJECT HOW IT WORKS TECHNOLOGIES PROJECT TIMELINE FUNCTIONALITY. overview.

minya
Download Presentation

FINAL YEAR PROJECT Trevor Brosnan BSc( Hons ) Computer Forensics 20039663@mail.wit.ie

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. FINAL YEAR PROJECTTrevor BrosnanBSc(Hons) Computer Forensics20039663@mail.wit.ie

  2. COFEE COMPARISON • DEMOSTRATION • COMPATIBLE / TESTING • FUTURE /CONCLUSION • QUESTIONS/ISSUES • ORIGINS OF PROJECT • HOW IT WORKS • TECHNOLOGIES • PROJECT TIMELINE • FUNCTIONALITY overview

  3. Computer Fraud has many branches and none is more emerging then that caused by employees. This type of fraud is common place within the workforce, as it does not require an employee to have extensive I.T. knowledge, just the opportunity. Cost is the Biggest concern in considering an investigation -Ernest&Young Report 2011 Fraud can be defined as the intentional deception made for personal gain and to damage another. Make it as simple as possible….. origins of project

  4. Microsoft COFEE is a forensics tool, approximately 15MB in size that fits on a USB drive for law enforcement officials to use in PC An officer with even minimal computer experience can be tutored—in less than 10 minutes—to use a pre-configured COFEE device. • Strengths: Created by Microsoft for Microsoft systems. • Weakness: Available only to Law Enforcements, Outdatedtools.DECAF was • invented by hackers to thwart all investigations done by this tool. • EnCaseForensic, the industry-standard computer investigation solution, is for forensic practitioners who need to conduct efficient, forensically sounds data collection and investigations using a repeatable and defensible process.[ENCASE] Strengths:The leader on the market for any professional forensic investigation. Weaknesses: Extremely expensive ($4000-$4500). • BackTrack5was designed to be an all in one live cd used on security audits and was specifically crafted to not leave any remnants of itself on the laptop. It has since expanded to being the most widely adopted penetration testing framework in existence and is used by the security community all over the world.”[BackTrack] • Strengths: Extremely powerful, Has a massive repository of tools • Weakness: Extremely complex to use, Separate Operating System current applications

  5. how it works

  6. PyQt4 PyQtis a set of Python bindings for Nokia's Qt application framework and runs on all platforms supported by Qt including Windows, MacOS/X and Linux. There are two sets of bindings: PyQt v4 supports Qt v4; and the older PyQt v3 supports Qt v3 and earlier. The bindings are implemented as a set of Python modules and contain over 300 classes and over 6,000 functions and methods. [QT2012] For the development of fraudIT one main tool encompassed the entire project, this tool is the programming language known as Python Python Python is a programming language that lets you work more quickly and integrate your systems more effectively. You can learn to use Python and see almost immediate gains in productivity and lower maintenance costs. Python runs on Windows, Linux/Unix, Mac OS X, and has been ported to the Java and .NET virtual machines. [Python 2011] python

  7. Start 3/2/12 End 1/5/12 Start 1/11/12 End 12/12/11 project timeline

  8. System Audit Information– Logins, System Uptime, System Information, Update History, Recycle Bin History, Windows File System, Power On History, Scheduled Events, Running Services. Unusual Activity- Blue Screen Tracker, Open Files, Event Log’s, Application Crashes, Windows Crash Reports, Whats in Startup Devices – Battery Information, Bluetooth, USB History. • Network Audit Connections – IP Information, Port Information, Check Firewall, Firewall Rules, Nearby Wifi, Networked PCs, Show Groups, Wireless Info. Browser- Chrome/IE/Firefox History, Chrome/IE/Firefox Cache, Chrome/IE/Firefox Cookies Email – Gathering and analysis Additional – Skype History Logs, Live Contacts, Internet Passwords, Opera History, Safari History, Get Bookmarks, Search History tools used #1

  9. Registry Audit Initial–Gather Hives User Hive- Shellbags, Printers, Recent Files, Recent Application, Typed URLs, Proxy Settings, IE Registry Entries, Recent Documents, Windows Searches, File Associations. Software Hive– Application Paths, Network Cards, Wireless Associations, SQL last connected, Profile List, Internet Applications, Uninstalled Apps, Yahoo Message, Apps Associations, Port Devices System Hive – Network Information, Mounted Devices, Removed Devices, Shutdown History, Event Logs, Safe Boot History, USB Information, Running Services. Security/SAM – Parsing of Hive • File Audit General – Alternate Data Streams, Clipboard History, MSOffice Addons, Video Cache History Text, Image Video and Audio Audits- Pop up drag and drop audits using Alternate Data Streams, Metadata, File Duplication and Integrity checks tools used #2

  10. Live Audit runs the most important tools with a single click • All in One Audits runs all in 1 audits using the most important tools of the system, network and registry tools • Report Generation Reports are generated for each of the Live Audits and All in 1 tools ran, so that a user can review the information at a later stage • Evidence Uploads All data gathered is with a click of a button uploaded to an Amazon S3 Bucket • Tutorials These along with a few other features will help guide the user in their use of the application additional functionality

  11. Logging System • Evidence Duplication • Integrity Checking • Timestamps • Portability • Sub-processing • Application Centre • Icon Association • Re-encoding Outputs • Global Variables • Folder creation • Text Browser • Use of Windows Functions • Progress Bars • Error Messages • Status Bar • OS commands background functions

  12. Design • Features/Tools • Ease of Use • Display VS Cofee is Microsoft’s incident response GUI which was made available to the Law Enforcement officers to help aid them in their investigations. Cofee uses around 30 unique tools while fraudIT uses over 80 • Integrity • Evidence • Connectivity • All in 1 cofee comparison

  13. The Demonstration of the Project will include: • Accessing application using a USB • Loading the application • Running various tools • Using the File Audit • Uploading Evidence • Reviewing Reports • Due to the length of time it takes to run a Live Audit this will be demonstrated using a video clip as to speed up the time it would normally take. demo

  14. Using ACTIVESTATE Komodo we will take a look at the python code which is use to build the application code overview

  15. Compatibility is of major concern when creating fraudIT Windows Systems tested for compatibility : XP , 7 and 8 (different architectures) Testing carried out: Use case Testing: Whether the application can be used by a novice. Code Review /Debugging: Asking coders to see what I can do to increase the performance Tool comparison: Different tools used for the same function compatible & testing

  16. Time Management additional projects • Display Issues icons, centring, sizing • Compatibly Issues XP->7 -> 8 • Tool Acquisition command line only • Programming Issues perl and python knowledge increase • Project Concept idea has changed over time • Presentation Issues time management and weigh of markings issues

  17. Alert Data Allow for unusual results to be flashed to the user • Apple Compatible Acquire tools for Mac PCs • Timelines Incorporate timelines for the all in one audits • Central Application Run the application from a central server • Python Power Instead of using open source tools include python code to preform the functions future

  18. The skills which I have gained from this project have been immense, they have helped me gain confidence in my ability to learn new programming languages, improve my time management and was one of the main reasons I have been offered a job with Version 1 as a Graduate IT Consultant. The time spent on the creation of the application has also proven quiet useful for other modules as with my understanding in python has been incorporated into projects (Development of an Android APK Analysis Application for a research project in Network Security). It has highlighted weaknesses and strengths which I never knew I had. conclusion

  19. questions

  20. [BackTrack2011]BackTrack Linux - Penetration Testing Distribution. Available at: http://www.backtrack-linux.org/ [Accessed October 26, 2011]. • [Coffe2011]Computer Online Forensic Evidence Extractor (COFEE). Available at: http://www.microsoft.com/industry/government/solutions/cofee/default.aspx [Accessed October 22, 2011]. • [Encase]Leading E-Discovery, Forensic Software. Available at: http://www.guidancesoftware.com [Accessed November 1, 2011] • [Qt2011]Riverbank | Software | PyQt | What is PyQt? Available at: http://www.riverbankcomputing.co.uk/software/pyqt/intro • [Accessed October 17, 2011]. • [Python2011]Python Programming Language – Official Website. Available at: http://www.python.org/[Accessed October 22, 2011]. references

More Related