1 / 15

Computer Forensics: Data Collection, Analysis and Preservation

Computer Forensics: Data Collection, Analysis and Preservation. Kikunda Eric Kajangu, Cher Vue, and John Mottola ITIS-3200-001. Computer Forensics defined:.

sandersd
Download Presentation

Computer Forensics: Data Collection, Analysis and Preservation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Forensics:Data Collection, Analysis and Preservation Kikunda Eric Kajangu, Cher Vue, and John Mottola ITIS-3200-001

  2. Computer Forensics defined: The use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded.

  3. Industry companies interested in computer forensics • Guidance Software (http://www.guidancesoftware.com) • They are the creators of the popular GUI-based forensic tool “EnCase”. • Digital Intelligence, Inc. (http://www.digitalintel.com/) • Digital Intelligence designs and builds computer forensic software and hardware. They also offer free forensic utility software for law enforcement. • IVIZE Data Center: (http://www.ivize.net). • They provide several litigation support services including Electronic Data Discovery

  4. Three main concepts • Data collection • Data analysis • Data preservation

  5. Data Collection • Research challenges • Gathering data • Ensuring the data is relevant and complete • Obtaining volitile data • Obtaining deleted and changed files • Lack of trained professionals • Computer Forensics is a relatively new field • Threat of System administrators corrupting data • No standards

  6. Data Collection • Evolution of data collection • Mid 1980’s • X-Tree Gold and Norton Disk Edit • Limited to recovering lost or deleted files • 1990’s • Specialized tools began to appear • Tools to perform Network investigations • 1999 • Boot to floppy and write to alternative media • Very slow transfer rate. (1GB/hr) • Current • Many tools to choose from • GUI and Command Line Tools are available • Fast and efficient

  7. Data Analysis • The main problem when dealing with electronic data analysis is not only the size that can easily reach a very large volume to manage, but also the different number of the application associated with those files. • Electronic Data Discovery : - e-mail, Microsoft Office files, accounting databases,…- other electronically-stored information which could be relevant evidence in a law suit. • Tools to analyze electronic data in computer forensics : • - Needle Finder: use a special .NET framework application in conjunction with a SQL database to process hundreds of file types and emails simultaneously and pinpoint pertinent, requested information for analysis. • - E-Discovery

  8. Data Preservation • Data should never be analyzed using the same machine it is collected from • Forensically sound copies of all data storage devices, primarily hard drives, must bet made. • There are two goals when making an image • Completeness • Accuracy • This is done by using standalone hard-drive duplicator or software imaging tools such as DCFLdd or Iximager

  9. Training Operational Standards International Standardization Research Challenges: What are the essential problems in this field

  10. Training • Law enforcement personnel should be trained to handle it • Network operators should also be trained, to improve their abilities in intrusion detection, • Lawyers should receive some training to give a basic understanding of computer evidence.

  11. Operational Standards • Basic guidelines for the evidence collection process to be established • Planning • Recording • Performance • Monitoring • Recording • Reporting

  12. International Standardization • Different countries each have their own methods, standards, and laws • What is acceptable evidence in one country may not be in another • Serious problem when dealing with international crimes, as computer crime often is

  13. Conclusions and future work • Even though it is a fascinating field, due to the nature of computers, far more information is available than there is time to analyze. • The main emphasis of future work is on recovery of data. • To improve ways to: • Identify the evidence • Determine how to preserve the evidence • Extract, process, and interpret the evidence • Ensure that the evidence is acceptable in a court of law

  14. Works Cited • "5 Common Mistakes in Computer Forensics." Online Security. 25 June 2003. 14 Nov.-Dec. 2007 <http://www.onlinesecurity.com/forum/article279.php>. • "Computer Forensics." Digitalintelligence. 2007. 20 Oct. 2007 <http://www.digitalintel.com/>. • "Computer Forensics." Disklabs. 2004. 15 Oct. 2007 <http://www.disklabs.com/computer-forensics.asp>. • "Computer Forensics." Techtarget. 16 Dec. 2003. 25 Oct. 2007 <http://labmice.techtarget.com/security/forensics.htm>. • "Computer Forensics." Wikipedia. 26 Nov. 2007. 28 Nov. 2007 <http://en.wikipedia.org/wiki/Computer_forensics>. • Dearsley, Tony. "United States: Computer Forensics." Mondaq. 14 June 2007. 22 Oct. 2007 <http://www.mondaq.com/article.asp?articleid=48322>. • Garner, George M. "Forensic Acquisition Utilities." Gmgsystemsinc. 2007. 11 Nov. 2007 <http://www.gmgsystemsinc.com/fau/>. • "International High Technology." Htcia. 2007. 28 Oct. 2007 <http://htcia.org/>. • “Computer Forensics-A Critical Need In Computer Science Programs” • <http://www.scribd.com/doc/131838/COMPUTER-FORENSICS-A-CRITICAL-NEED-IN-COMPUTER> • “Computer Forensics Laboratory and Tools” <http://www.scribd.com/doc/136793/COMPUTER-FORENSICS-LABORATORY-AND-TOOLs>

  15. Works Cited • Ispirian. "Following Procedure." Hgexperts. 2007. 01 Nov. 2007 <http://www.hgexperts.com/hg/article.asp?id=4804>. • Monica. "A Community of Computer Forensics Professionals." Computerforensicsworld. 26 Aug. 2007. 09 Nov. 2007 <http://www.computerforensicsworld.com/>. • Morris, Jamie. "Computer Forensics Tools." Ezinearticles. 27 Oct. 2006. 28 Oct. 2007 <http://ezinearticles.com/?Computer-Forensics-Tools&id=340154>. • Reuscher, Dori. "How to Become a Cyber-Investigator." About. 2007. 16 Nov. 2007 <http://certification.about.com/cs/securitycerts/a/compforensics.htm>. • Robinson, Judd. "An Explanation of Computer Forensics." Computerforensics. 2007. 26 Oct. 2007 <http://computerforensics.net/forensics.htm>. • Swartz, Jon. "Cybercrime Spurs College Courses in Digital Forensics." Usatoday. 06 June 2006. 14 Nov. 2007 <http://www.usatoday.com/tech/news/techinnovations/2006-06-05-digital-forensics_x.htm>. • LaBancz, Melissa. “Expert vs. Expertise: Computer Forensics and the Alternative OS” <http://www.linuxsecurity.com/content/view/117371/171> • “Computer Forensics – Past, Present And Future” <http://www.scm.uws.edu.au/compsci/computerforensics/Publications/Computer_Forensics_Past_Present_Future.pdf>

More Related