1 / 13

Computer Crime, Digital Investigation, and Data Recovery or An Introduction to Digital Forensics

edena
Download Presentation

Computer Crime, Digital Investigation, and Data Recovery or An Introduction to Digital Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


    1. Computer Crime, Digital Investigation, and Data Recovery or An Introduction to Digital Forensics Golden G. Richard III Associate Professor, Dept. of Computer Science GIAC-certified Digital Forensics Investigator Technical Advisor to the Gulf Coast Computer Forensics Laboratory (GCCFL) Co-Founder, Digital Forensics Solutions, LLC golden@cs.uno.edu http://www.cs.uno.edu/~golden

    2. Technical Definition: Digital Forensics “Tools and techniques to recover, preserve, and examine digital evidence on or transmitted by digital devices.”

    3. Definition for the Masses: Digital Forensics: “Deleted” files are almost never really gone

    4. “Deletion” Fallacies “I deleted, the file, it’s gone.” Deleted files are recoverable using digital forensics tools “I changed the name of the file, now no one will find it” Digital forensics tools immediately identify files based on content—names don’t matter at all “I formatted the drive—whew!” This destroys almost nothing “I use only web-based email” Some email fragments are still present locally “I encrypted my files” It’s more difficult to hide all your data than one might think “I put the hard drive next to a HUGE magnet” The magnet would have to be not only huge, but terrifying. “I cut the floppy into little pieces” At this point, it’s a question of how important it is to recover the data, because it is harder to recover the data

    5. Digital Forensics Investigation In addition to data recovery… Can determine which storage devices were plugged into a computer Which applications were installed, even if they were uninstalled by the user Which files were recently used When files were deleted… If downloaded files were organized… ...

    6. Examples of Digital Evidence Computers increasingly involved in criminal and corporate investigations Digital evidence may play a supporting role or be the “smoking gun” Email Harassment or threats Blackmail Illegal transmission of internal corporate documents Meeting points/times for drug deals Suicide letters Technical data for bomb making Image or digital video files (esp., child pornography) Evidence of inappropriate use of computer resources or attacks Use of a machine as a spam email generator Use of a machine to distribute illegally copied software

    7. Careers in Digital Forensics Law Huge number of interesting legal issues Digital forensics-savvy lawyers can make huge $$$ Law Enforcement local, state, federal Corporate Digital forensics experts needed to provide security for company assets, perform private investigations Education/Training Research

    8. Skill Levels (Technical Side)

    9. Black Belt in Digital Forensics: Required Skills Excellent oral and written communication skills Must communicate findings (incredibly technical details) to non-techies (in English) Math…lots of it. New tools which analyze content of pictures, audio, video are highly mathematical Computer Science Must squeeze every ounce of performance out of computer equipment Case backlogs are getting longer, need fast tools ! NO CRAPPY PROGRAMMERS ! Innocent people may die, the guilty may be set free!

    10. UNO Offerings Computer Science Concentrations in Information Assurance (includes digital forensics) All degree levels B.S. M.S. Ph.D.

    11. Resources Books Digital Evidence and Computer Crime (E. Casey, Academic Press) Computer Forensics and Privacy (M. Caloyannides, Artech House) Websites http://www.cs.uno.edu/~golden http://www.cs.uno.edu http://www.dfrws.org Lots of references related to digital forensics, including a link to an interesting e-journal… http://www.ijde.org/ (International Journal of Digital Evidence) http://vip.poly.edu/kulesh/forensics/list.htm tons of stuff, including a bunch of online papers http://www.tucofs.com/tucofs/tucofs.asp?mode=mainmenu Huge collection of forensics-related software Commercial and open-source digital forensics software Sleuthkit scalpel foremost Encase FTK (Forensics Tool Kit) ILook (law enforcement only) WinHex

    12. Aside: If You Really Want the Data to Die…

    13. ?

More Related