1 / 14

Introduction to Computer Forensics

This course provides an introduction to computer forensics, focusing on computer crimes, security incidents, and the process of investigating digital evidence. Topics include computer misuse, unauthorized intrusions, malicious code, and the methodology used in computer forensics.

searle
Download Presentation

Introduction to Computer Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Introduction to Computer Forensics

  2. Computer Crime • Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl). • Computer misuse tends to fall into two categories [1]: • Computer is used to commit a crime • Computer itself is a target of a crime. Computer is the victim. Computer Security Incident. • Computer Incident Response.

  3. Computer is Used to Commit a Crime • Computer is used in illegal activities: child pornography, threatening letters, e-mail spam or harassment, extortion, fraud and theft of intellectual property, embezzlement – all these crimes leave digital tracks [1, 2]. • Investigation into these types of crimes include searching computers that are suspected of being involved in illegal activities • Analysis of gigabytes of data looking for specific keywords, examining log files to see what happened at certain times

  4. Computer Security Incident [2] • Unauthorized or unlawful intrusions into computing systems • Scanning a system - the systematic probing of ports to see which ones are open [3] • Denial–of–Service (DoS) attack - any attack designed to disrupt the ability of authorized users to access data [2, 3]. • Malicious Code – any program or procedure that makes unauthorized modifications or triggers unauthorized actions (virus, worm, Trojan horse) [3]

  5. Computer Forensics • Computer Forensic Analysis • Electronic Discovery • Electronic Evidence Discovery • Digital Discovery • Data Recovery • Data Discovery • Computer Analysis • Computer Examination

  6. Definitions • Computer Forensics involves the preservation, identification, extraction, documentation and interpretation of computer data [1] • Computer Forensics is the application of science and engineering to the legal problem of digital evidence. It is a synthesis of science and law. [Mark Pollitt, 5, 6] • Computer forensics, still a rather new discipline in computer security, focuses on finding digital evidence after a computer security incident has occurred (http://www.forensics.nl)

  7. Definitions • Computer Forensics is the process of methodologically examining computer media (hard discs, diskettes, tapes, etc.) for evidence. [4] • Computer Evidence is often transparently created by the operating system (OS) without the knowledge of the computer user. The information may be hidden from view. To find it, special forensic software tools and techniques are required. [4] • Computer forensics is about evidence from computers that is sufficiently reliable to stand up in court and be convincing [4]

  8. Methodology • Treat every case as if it will end up in the court [1] • Forensics Methodology [1]: • Acquire the evidence without altering or damaging the origin • Authenticate that your recovered evidence is the same as the originally seized data • Analyze the data without modifying it • There are essentially three phases for recovering evidence from a computer system or storage medium. Those phases are: (1) acquire, (2) analyze, and (3) report (http://www.forensics.nl).

  9. The Goal The goal of computer forensics is to do a structured investigation and find out exactly what happened on a digital system, and who was responsible for it. (http://www.forensics.nl)

  10. The Goals of Incident Response [2] • Accumulation of accurate information • Establishment of control for proper retrieval and handling of evidence • Protection of privacy rights established by law and policy • Minimization of disruption to business and network operations • Preparation of accurate reports and useful recommendations • Minimization of exposure and compromise of proprietary data • Protection of organization reputation and assets • Education of senior management • Promotion of rapid detection/or prevention of such incidents in the future (via lessons learned, policy changes, etc)

  11. Course Curriculum • Introduction to Criminal Justice • Introduction to Computers • Computer Organization • Binary System • Introduction to History of Computing • Introduction to Computer Ethics • Professional Code of Ethics • Privacy Issues and Intellectual Property • Introduction to Computer and Internet Crime • Malicious Code and Security Incidents

  12. Course Curriculum • Encryption and Computer Forensics • Introduction to History of Cryptology • Private and Public Key Cryptology • PGP tool • Steganography: Data Hiding • Invisible Secrets • Computer Examination Process • Searching and Seizing Computers for Obtaining Computer-Based Evidence • Presentation of the Evidence in the Court

  13. Course Curriculum • MD5 Algorithm • Fingerprints and Hashes • Applications to Computer Forensics • Introduction to Linux OS • FTimes System Baselining and Evidence Collection Tool. • Cyber Terrorism

  14. References [1] Computer Forensics, Incident Response Essentials, Warren G. Kruse II, Jay G. Heiser, Addison-Wesley [2] Incident Responce and Computer Forensics, Kevin Mandia, Chris Prosise, Matt Pepe, McGraw-Hill [3] Information Security Illuminated, Michael G. Solomon, Mike Chapple, Jones and Bartlett Publishers, Inc [4] Computer Forensics, Computer Crime Scene Investigation, John R. Vacca, Charles River Media Inc [5] Forensic Computing, A Practitioner's Guide, Tony Sammes and Brian Jenkinson, Springer. [6] Mark Pollitt, Computer Forensics: An Approach to Evidence in Cyberspace, http://www.digitalevidencepro.com/Resources/Approach.pdf

More Related