intro to cyber crime and computer forensics cse 4273 6273 january 7 2013 n.
Skip this Video
Loading SlideShow in 5 Seconds..
Intro to Cyber Crime and Computer Forensics CSE 4273/6273 January 7, 2013 PowerPoint Presentation
Download Presentation
Intro to Cyber Crime and Computer Forensics CSE 4273/6273 January 7, 2013

Loading in 2 Seconds...

play fullscreen
1 / 19

Intro to Cyber Crime and Computer Forensics CSE 4273/6273 January 7, 2013 - PowerPoint PPT Presentation

  • Uploaded on

Intro to Cyber Crime and Computer Forensics CSE 4273/6273 January 7, 2013. MISSISSIPPI STATE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE. Textbooks. Required Texts: Carrier, Brian, File System Forensic Analysis , Addison-Wesley, 2005.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Intro to Cyber Crime and Computer Forensics CSE 4273/6273 January 7, 2013' - luann

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
intro to cyber crime and computer forensics cse 4273 6273 january 7 2013
Intro to Cyber Crime and Computer Forensics CSE 4273/6273 January 7, 2013



  • Required Texts:
    • Carrier, Brian, File System Forensic Analysis, Addison-Wesley, 2005.
    • Brodsky, Stanley, Testifying in Court: Guidelines and Maxims for the Expert Witness, American Psychological Association, 1991.
  • Optional Text:
    • Jones, Keith J., Bejtlich, Richard, and Rose, Curtis W., Real Digital Forensics: Computer Security and Incident Response, Addison-Wesley, 2006.
more syllabus stuff
More Syllabus Stuff
  • Mock Trial days, April 22 and 24: 8:00 to 5:00
    • Dress professionally for witness testimony.
  • Drop date: January 11
  • Add date: January 14
semester long exercise
Semester-Long Exercise
  • Crime Scene Takedown Exercise
    • February 11-16
  • Phase II: Evidence Discovery Phase
    • February 18 – March 29
  • Phase III: Evidence Presentation Phase
    • April 1 – April 24
what is forensics
What is Forensics?
  • Forensics is the application of scientific techniques of investigation to the problem of finding, preserving and exploiting evidence to establish an evidentiary basis for arguing about facts in court cases
what is science
What is Science?

“There are no forbidden questions in science, no matters too sensitive or delicate to be probed, no sacred truths. That openness to new ideas, combined with the most rigorous, skeptical scrutiny of all ideas, sifts the wheat from the chaff. It makes no difference how smart, august, or beloved you are. You must prove your case in the face of determined expert criticism.”

-Carl Sagan

C 2004 Mark M. Pollitt


what is science1
What is Science?

Organized study of natural phenomena

Application of the scientific method



Conclusions based on demonstrable proof

Skepticism – search for alternative explanations

C 2004 Mark M. Pollitt



“The tenets of skepticism do not require an advanced degree to master as most successful used car buyers demonstrate.” The whole idea of a democratic application of skepticism is that everyone should have the essential tools to effectively and constructively evaluate claims of knowledge. All science asks is to employ the same levels of skepticism we use in buying a used car.” – Carl Sagan

C 2004 Mark M. Pollitt


what is forensic science
What is Forensic Science?

Forensis – Latin meaning public, forum, discussion

Forensic – belonging to, suitable for use in courts or public fora

Forensic Science – any science used for the purpose of law

C 2004 Mark M. Pollitt


the three elements
The Three Elements

C 2004 Mark M. Pollitt


what is computer forensics
What is Computer Forensics?
  • Computer forensics is forensics applied to information stored or transported on computers
  • It “Involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis”
  • There should be a process and that process should be followed, but flexibility is essential, because the unusual will be encountered.
what is computer crime
What is Computer Crime?
  • Three situations where you might find evidence on a digital device:
    • Device used to conduct the crime
      • Child Pornography/Exploitation
      • Threatening letters
      • Fraud
      • Embezzlement
      • Theft of intellectual property
    • Device is the target of the crime
      • Incident Response
      • Security Breach
    • Device is used to support the crime
what is evidence
What is evidence?
  • Can be anything!
    • As small as a few bytes
    • Could be, and hopefully will be complete files
      • Could be Deleted
      • Could be Encrypted
    • Likely will be fragments of files
      • A few Words
      • A couple of sentences
      • Hopefully some paragraphs
    • Registry entries, or log entries!
where do we find it
Where do we find it?
  • Storage Media
  • RAM
  • Log Files
  • Registry
what do we do with it
What do we do with it?

Three A’s of Computer Forensics

  • Acquire the evidence without altering or damaging the original.
  • Authenticate that your recovered evidence is the same as the originally seized data.
  • Analyze the data without modifying it.
acquire the evidence
Acquire the evidence
  • How do we seize the computer?
  • How do we handle computer evidence?
    • What is chain of custody?
    • Evidence collection
    • Evidence Identification
    • Transportation
    • Storage
  • Documenting the Investigation
authenticate the evidence
Authenticate the Evidence
  • Prove that the evidence is indeed what the criminal left behind.
    • Contrary to what the defense attorney might want the jury to believe, readable text or pictures don’t magically appear at random.
    • Physical Authentication
      • Properly identify and label evidence
      • Establish Chain of Custody
    • Electronic Authentication
      • Calculate a hash value for the data
  • Always work from an image of the evidence and never from the original.
    • Prevent damage to the evidence
    • Make two backups of the evidence in most cases.
  • Analyze everything, you may need clues from something seemingly unrelated.