1 / 15

Problem Solving in Computer Forensics

Problem Solving in Computer Forensics. Dr John Haggerty Distributed Multimedia and Security Group, Liverpool John Moores University J.Haggerty@livjm.ac.uk http://www.cms.livjm.ac.uk/cmpjhagg/index.htm. Outline of talk. Introduction to Liverpool JMU Module background My philosophy

nike
Download Presentation

Problem Solving in Computer Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Problem Solving in Computer Forensics Dr John Haggerty Distributed Multimedia and Security Group, Liverpool John Moores University J.Haggerty@livjm.ac.uk http://www.cms.livjm.ac.uk/cmpjhagg/index.htm

  2. Outline of talk • Introduction to Liverpool JMU • Module background • My philosophy • Problems I have encountered • My teaching approach • Some examples • Findings and conclusion

  3. Background to JMU • Lecturer in Computer Security and Forensic Computing • Computer security background • Academic research • Practical experience • Liverpool JMU reputation in computer security research (Distributed Multimedia and Security Group) • Requirement for wider knowledge of security and forensic issues

  4. Module background • Run first time 2004/2005 • Initial expectation to complement mainstream Forensics programme at JMU • Different levels of expectation and ability • Forensic Computing • BSc (level 3) • Approx. 50 students (up from approx. 40 2004/2005) • IS, MMS, CS and SE options (2005/2006 extended to MMS)

  5. Module aims and objectives • Forensic Computing • Aims • To develop an understandingof the theory and practice of computer forensics. • Objectives • Understand the fundamental technical concepts, implementation, and restrictions of computer forensics in the organisation. • Analyse and evaluate physical and data evidence in computer forensics. • Develop practical skills in computer forensics.

  6. My Forensic Computing philosophy • Relationship between computer security and computer forensics – related but distinct • Same tools but different outcomes • Computer forensics beyond the legal arena • Application of tools and techniques within other areas • e.g. businesses, public sector organisations, national security, etc.

  7. Problems I have found • Computer forensics as “art” not science • Trying to teach analysis • Students from across the computing spectrum • University policies and no dedicated lab space • No control over machines within university • Not able to put own software on machines • Not able to use computer forensics programs • Creativity required to adhere to restrictions whilst at the same time providing practical learning experience for students • Countering student “fantasies” • Forensic Computing – “its just like CSI”

  8. Three strands of teaching • Three strands of teaching used on the course • Principles of forensic computing • Focus on academic issues • Traditional lecture format (summative) • Guest lectures • Marry what students have learnt with practitioner experience • Practical applications of forensic computing • Marrying academic issues to practical issues (formative) • Tutorial-based format using PBL • Coursework providing practical experience through PBL

  9. Teaching practical applications • A challenging problem as university network administrators are “nervous” about teaching forensics applications • Security incidents • More interesting for the lecturer! • Practical teaching required • As laid out in proforma set by PPA • To reinforce theoretical learning • Approached in two ways • Tutorial-based PBL • Coursework PBL

  10. Tutorial-based PBL – example 1 • “What would you take” tutorial – computer forensics in law enforcement • At the “light” end of PBL • Present students with a real-world problem based on the subject matter discussed during the lecture

  11. Tutorial-based PBL – example 2 • “Network diagrams” tutorial – computer forensics beyond law enforcement • Used by organisations, national security, etc. • Technique used in network security to track network connections and hosts • Useful as analytical exercise

  12. Teaching practical forensics • Students not allowed to forensically analyse university computers • Encourage use of forensic Knoppix distros on home machines • Partnership with Guidance Software and their EnCase suite • Limited version disk used to allow students to gain hands on experience with industrial standard software • Runs from CD only • Tutorial cases • Additional relevant white papers

  13. PBL-based Coursework • Combine theoretical/practical student experience • Build on practical labs • Use of tools for file analysis • Understanding of wider tools • Restricted use/built (Knoppix) distros • Gives students opportunity to write own job description for forensic computing within an organisation • (Hopefully) brings course together!

  14. Findings and recommendations • Student comments having undertaken the forensic computing module have provided extremely positive responses • Felt they have learned a real skill (PBL) • The level of engagement in lectures was high • Deeper level of understanding – analytical toolkit • Invest the time in exploring tools that can be used • Guest lectures enhance learning experience • Bridge gap between academic subject and its practical application • Use techniques that demonstrate the idea or concept

  15. Summary • Computer forensics is increasingly used beyond the legal arena • A number of problems have been encountered which have affected my approach • A mix of practical and theoretical learning via problem setting does work • The practical does not necessarily require ‘unpleasant’/ ‘unwanted’ access • For me, it has been a positive experience!

More Related