1 / 30

Computer/Digital Forensics

Computer/Digital Forensics. Lynn Ackler Office – CSC 222 Office Hours MR 9 – 10 Any time you find me Course CCJ 346 – CRN 2037 TR 10:00 – 12:00. Course. 2-3 hours of lecture per week 1-2 hours of lab per week Attendance Your responsibility Labs Must be done on Wednesdays, 3 - 4.

trynt
Download Presentation

Computer/Digital Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer/Digital Forensics • Lynn Ackler • Office – CSC 222 • Office Hours • MR 9 – 10 • Any time you find me • Course • CCJ 346 – CRN 2037 • TR 10:00 – 12:00

  2. Course • 2-3 hours of lecture per week • 1-2 hours of lab per week • Attendance • Your responsibility • Labs • Must be done on Wednesdays, 3 - 4

  3. Course Requirements • Lab Reports – A bunch • Web History • MD5 Hash and Disk Clone • Evidence Recovery • Seizure • Phishing • 1 mid-term exam • 1 Final – comprehensive

  4. Course Description • Surveys the technologies, techniques, and responsibilities of a criminal or civil investigation involving computers, digital devices, networks, network service providers and electronic evidence. • Examines rules of evidence and proof and emphasizes maintaining an evidentiary trail through computer data and network activity. • Reviews the responsibilities of the computer forensics investigator. • Discusses the fragility of computer evidence and the techniques used to protect evidence. • SOU Course Catalog

  5. Course Objectives • Find evidence of individual behavior on a computer. • Seize digital devices. • Search, preserve and document digital evidence. • Discuss the many ways that a digital device may be involved criminal or illegal activities. • Discuss the legal and ethical aspects of computer forensics. • Describe the many vulnerabilities to your personal and professional life that computers and computer networks pose.

  6. Acceptable Use If you violate ethical or legal standards regarding computer/network usage you are subject to dismissal and/or legal prosecution. See 30/03/08ww.sou.edu/usage.html

  7. Computer Forensics • As in all endeavors: • “Blame always falls some where.” • Rule: • “Let it not be in your lap.”

  8. Computer Forensics • Discovery and recovery of digital evidence • Usually post facto • Sometimes real time • Types of forensic investigations • Liturgical • Going to court • Crimes, etc. • Non-Liturgical • Administrative adjudication • Industry

  9. Purpose • Prove or disprove criminal activity • Prove or disprove policy violation • Prove or disprove malicious behavior to or by the computer/user • If the evidence is there, the case is yours to lose with very little effort.

  10. Legal and Ethical Issues • Computer Forensic Exams are Illegal. • Without the cover of Law • 4th Amendment • You will learn dual use technology. • All tools can be used to commit crime • All procedures can be used to hide crime • It is unethical to breach some ones expectation of privacy.

  11. Responsibilities • Evidence • All of it • Emphasis on exculpatory • Respect for suspects privacy and rights • Beware of collateral damage • Be very very careful if you demonstrate what you can do.

  12. Business Issues • No interruption of business • Know the policies of the business • Sensitive to the business costs during an investigation

  13. Privacy Issues • Rights of the suspect • Liabilities of the investigator • Public versus private storage of information • Expectation of privacy

  14. Forensics Intro Web Behavior Digital Devices and Networks Computer Laws “Computer” Seizure “Computer” Search Case Development Internet Course Outline

  15. CT/CSI Counter Terrorism / Crime Scene Investigation 2006 The Forensics Experience

  16. Evidence • Forensics is all about evidence. • Something that tends to prove or disprove the existence of an alleged fact. • 03/30/08 Federal Rules of Evidence govern proceedings in the courts of the United States.

  17. Evidence • Admissible • must be legally obtained and relevant • Reliable • has not been tainted (changed) since acquisition • Authentic • the real thing, not a replica • Complete • includes any exculpatory evidence • Believable • lawyers, judge & jury can understand it

  18. Evidence • Admissible • Search Warrant, Wire Tap, NSL • Reliable • Chain of custody, protected, properly handled • Not tainted, not changed, MD5 • Authentic • Computer data is different • Complete • Must search entire hard disk • Believable • Impossible for geeks

  19. Definition of Forensics • Discipline of digital evidence discovery, protection and presentation. • Technologies, techniques, and responsibilities of a criminal or civil investigation involving computers, networks, network service providers and electronic evidence.

  20. Types of Forensic Exams • Legal or Liturgical • Will go to trial • Civil • Similar to liturgical probably for negotiation or extortion • Business • Termination or reprimand an employee • Disaster Recovery • What happened, how to prevent • Illegal/Surveillance

  21. Read Your Employee’s Handbook • What can your employer do to you? • What can they see? • What can you do? • What can’t you do?

  22. Areas of Forensics • Physical • Digital • Chemical • Accounting • Etc.

  23. Physical • Ballistics • Fingerprints • Artifacts • etc.

  24. Digital ForensicsComputer Forensics • Evidence contained in computers • Evidence contained in digital devices • Phones • Cameras • Memory sticks • Smart cards • Evidence contained in networks

  25. Chemical • Blood • DNA • Explosives • Drugs • Fiber analysis • Etc.

  26. Accounting • Fraud • Multiple sets of books • Stock manipulation • Insider trading

  27. Digital DevicesBe careful, be very careful • Computers, Laptops • Palm pilots • Cell phones • iPods • Cameras • Camcorders • etc.

  28. Digital Evidence • Records and Logs • Results of activities • Statement of intent • Contraband • Indication of time line

  29. Skills and Knowledge • Be aware of the many types of digital devices and their components and potential contents • Develop a Web behavior profile • Learn how to seize a computer and other devices • Proper handling of digital evidence • How to search a computer for evidence • Analyze a phishing scam • Become more knowledgeable about the digital/information world

  30. Must Prove: Actus Reaus - The criminal act Mens Rea - The criminal intent Conviction

More Related