technology in computer forensics n.
Skip this Video
Loading SlideShow in 5 Seconds..
Technology in Computer Forensics PowerPoint Presentation
Download Presentation
Technology in Computer Forensics

Loading in 2 Seconds...

play fullscreen
1 / 22

Technology in Computer Forensics - PowerPoint PPT Presentation

  • Uploaded on

Technology in Computer Forensics. Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado, Colorado Springs. Technology in Computer Forensics. Author: Alicia Castro Committee Members: Dr. C. Edward Chow Dr. Jugal K. Kalita

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Technology in Computer Forensics' - vinnie

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
technology in computer forensics
Technology in Computer Forensics
  • Alicia Castro
  • Thesis Defense
  • Master of Software Engineering
  • Department of Computer Science
  • University of Colorado, Colorado Springs
technology in computer forensics1
Technology in Computer Forensics
  • Author: Alicia Castro
  • Committee Members:
  • Dr. C. Edward Chow
  • Dr. Jugal K. Kalita
  • Dr. XiaoboZhou
computer forensics facts
Computer Forensics Facts
  • Computer forensics is about investigating digital evidence related to criminal or suspicious behavior where computers or computer and related equipment may or may not be the target.
  • Internet crime has increased 22.3% in 2009 over 2008.
computer forensic background
Computer Forensic Background
  • Digital evidence includes computer generated records such as the output of computer programs and computer-stored records such as email messages
  • It is difficult to attribute certain computer activities to an individual especially in a multi-access environment.
computer forensics legal issues
Computer Forensics Legal Issues
  • Understand fundamentals of:
    • Search and Seizure laws
    • Electronic Communication Privacy Act
    • Wiretap Statute
    • Pen/Trap Statute
    • Patriotic Act
    • State Laws about Search and Seizure
forensic investigation
Forensic Investigation

Accessories to a Crime

forensic investigation1
…Forensic Investigation

Accomplices of a Crime


utilities used with nica forensic tool
Utilities used with Nica Forensic Tool
  • IECacheView
  • MozillaCacheView
  • ChromeCacheView
  • IEHV
  • Outlook Redemption
  • Microsoft Log Parser

Nica Forensic Tool uses external tools to help parse the cache files from IE, Mozilla Firefox and Google Chrome browsers and also to gain access and parse the Outlook .pst files

nica forensic tool functionality
Nica Forensic tool functionality
  • Use the cache files parser information and determine what information is valuable.
  • Get cookiesand history files of each web browser, Skype logs, Instant Messenger and Outlook logs.
  • Store information in a database
  • Display any necessary output.
  • Design of all GUI displays
nica forensic tool
Nica Forensic Tool
  • Unlike most the forensic tools, it finds all the users on the computer not just the logged on users.
  • Unlike similar forensic tools, it does not need the investigator to enter the path where the information would be found. Nica Forensic Tool does it for the investigator.
nica forensic tool design
Nica Forensic Tool Design

Enter Case Number

Case Description

Forensic Investigator



Run the parser to find entries by activities.

Note the time stamp for date that the investigation was done and also the times it takes to find all the activities

evidence s classification
Evidence’s Classification
  • Inclusion Criteria
    • More than one activity
    • Time between activities is less than 15 minutes
    • Previous history of web sited visited
  • Exclusion Criteria
    • One isolated activity and no previously history
    • Two or more activities with time intervals of more than 15 minutes between each activity
nica forensic tool implementation
Nica Forensic Tool Implementation
  • Number of End Users = 6 (it can be unlimited)
  • Effects on change of task and responsibilities of End Users:
      • Tool is so portable, investigators can carry it with them.
      • It works so fast, that it can be run when a suspect just moves away from his/her computer for a few minutes.
      • It is still a forensic tool, all the legal steps should be followed before trying to run the tool.
nica forensic tool limitations
Nica Forensic Tool Limitations
  • Forensic can be done only to computers that are using the windows platform.
  • Currently set to use the most popular browsers, instant messengers, and Outlook email client but more can be added easily to the scalable architecture.
  • Only portable Forensic Tool that automatically looks for login paths and all user profiles
  • Capture relevant Evidence
  • Easy to use
  • Assist Investigators obtaining reliable evidence
  • Please refer to Thesis Document