150 likes | 171 Views
Computer Forensics: Data Collection, Analysis and Preservation. Kikunda Eric Kajangu, Cher Vue, and John Mottola ITIS-3200-001. Computer Forensics defined:.
E N D
Computer Forensics:Data Collection, Analysis and Preservation Kikunda Eric Kajangu, Cher Vue, and John Mottola ITIS-3200-001
Computer Forensics defined: The use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded.
Industry companies interested in computer forensics • Guidance Software (http://www.guidancesoftware.com) • They are the creators of the popular GUI-based forensic tool “EnCase”. • Digital Intelligence, Inc. (http://www.digitalintel.com/) • Digital Intelligence designs and builds computer forensic software and hardware. They also offer free forensic utility software for law enforcement. • IVIZE Data Center: (http://www.ivize.net). • They provide several litigation support services including Electronic Data Discovery
Three main concepts • Data collection • Data analysis • Data preservation
Data Collection • Research challenges • Gathering data • Ensuring the data is relevant and complete • Obtaining volitile data • Obtaining deleted and changed files • Lack of trained professionals • Computer Forensics is a relatively new field • Threat of System administrators corrupting data • No standards
Data Collection • Evolution of data collection • Mid 1980’s • X-Tree Gold and Norton Disk Edit • Limited to recovering lost or deleted files • 1990’s • Specialized tools began to appear • Tools to perform Network investigations • 1999 • Boot to floppy and write to alternative media • Very slow transfer rate. (1GB/hr) • Current • Many tools to choose from • GUI and Command Line Tools are available • Fast and efficient
Data Analysis • The main problem when dealing with electronic data analysis is not only the size that can easily reach a very large volume to manage, but also the different number of the application associated with those files. • Electronic Data Discovery : - e-mail, Microsoft Office files, accounting databases,…- other electronically-stored information which could be relevant evidence in a law suit. • Tools to analyze electronic data in computer forensics : • - Needle Finder: use a special .NET framework application in conjunction with a SQL database to process hundreds of file types and emails simultaneously and pinpoint pertinent, requested information for analysis. • - E-Discovery
Data Preservation • Data should never be analyzed using the same machine it is collected from • Forensically sound copies of all data storage devices, primarily hard drives, must bet made. • There are two goals when making an image • Completeness • Accuracy • This is done by using standalone hard-drive duplicator or software imaging tools such as DCFLdd or Iximager
Training Operational Standards International Standardization Research Challenges: What are the essential problems in this field
Training • Law enforcement personnel should be trained to handle it • Network operators should also be trained, to improve their abilities in intrusion detection, • Lawyers should receive some training to give a basic understanding of computer evidence.
Operational Standards • Basic guidelines for the evidence collection process to be established • Planning • Recording • Performance • Monitoring • Recording • Reporting
International Standardization • Different countries each have their own methods, standards, and laws • What is acceptable evidence in one country may not be in another • Serious problem when dealing with international crimes, as computer crime often is
Conclusions and future work • Even though it is a fascinating field, due to the nature of computers, far more information is available than there is time to analyze. • The main emphasis of future work is on recovery of data. • To improve ways to: • Identify the evidence • Determine how to preserve the evidence • Extract, process, and interpret the evidence • Ensure that the evidence is acceptable in a court of law
Works Cited • "5 Common Mistakes in Computer Forensics." Online Security. 25 June 2003. 14 Nov.-Dec. 2007 <http://www.onlinesecurity.com/forum/article279.php>. • "Computer Forensics." Digitalintelligence. 2007. 20 Oct. 2007 <http://www.digitalintel.com/>. • "Computer Forensics." Disklabs. 2004. 15 Oct. 2007 <http://www.disklabs.com/computer-forensics.asp>. • "Computer Forensics." Techtarget. 16 Dec. 2003. 25 Oct. 2007 <http://labmice.techtarget.com/security/forensics.htm>. • "Computer Forensics." Wikipedia. 26 Nov. 2007. 28 Nov. 2007 <http://en.wikipedia.org/wiki/Computer_forensics>. • Dearsley, Tony. "United States: Computer Forensics." Mondaq. 14 June 2007. 22 Oct. 2007 <http://www.mondaq.com/article.asp?articleid=48322>. • Garner, George M. "Forensic Acquisition Utilities." Gmgsystemsinc. 2007. 11 Nov. 2007 <http://www.gmgsystemsinc.com/fau/>. • "International High Technology." Htcia. 2007. 28 Oct. 2007 <http://htcia.org/>. • “Computer Forensics-A Critical Need In Computer Science Programs” • <http://www.scribd.com/doc/131838/COMPUTER-FORENSICS-A-CRITICAL-NEED-IN-COMPUTER> • “Computer Forensics Laboratory and Tools” <http://www.scribd.com/doc/136793/COMPUTER-FORENSICS-LABORATORY-AND-TOOLs>
Works Cited • Ispirian. "Following Procedure." Hgexperts. 2007. 01 Nov. 2007 <http://www.hgexperts.com/hg/article.asp?id=4804>. • Monica. "A Community of Computer Forensics Professionals." Computerforensicsworld. 26 Aug. 2007. 09 Nov. 2007 <http://www.computerforensicsworld.com/>. • Morris, Jamie. "Computer Forensics Tools." Ezinearticles. 27 Oct. 2006. 28 Oct. 2007 <http://ezinearticles.com/?Computer-Forensics-Tools&id=340154>. • Reuscher, Dori. "How to Become a Cyber-Investigator." About. 2007. 16 Nov. 2007 <http://certification.about.com/cs/securitycerts/a/compforensics.htm>. • Robinson, Judd. "An Explanation of Computer Forensics." Computerforensics. 2007. 26 Oct. 2007 <http://computerforensics.net/forensics.htm>. • Swartz, Jon. "Cybercrime Spurs College Courses in Digital Forensics." Usatoday. 06 June 2006. 14 Nov. 2007 <http://www.usatoday.com/tech/news/techinnovations/2006-06-05-digital-forensics_x.htm>. • LaBancz, Melissa. “Expert vs. Expertise: Computer Forensics and the Alternative OS” <http://www.linuxsecurity.com/content/view/117371/171> • “Computer Forensics – Past, Present And Future” <http://www.scm.uws.edu.au/compsci/computerforensics/Publications/Computer_Forensics_Past_Present_Future.pdf>