View
22
Download
0
Category
Tags:
Preview:
DESCRIPTION
Computer/Digital Forensics. Lynn Ackler Office – CSC 222 Office Hours MR 9 – 10 Any time you find me Course CCJ 346 – CRN 2037 TR 10:00 – 12:00. Course. 2-3 hours of lecture per week 1-2 hours of lab per week Attendance Your responsibility Labs Must be done on Wednesdays, 3 - 4. - PowerPoint PPT Presentation
Citation preview
Computer/Digital Forensics
● Lynn Ackler– Office – CSC 222– Office Hours
– MR 9 – 10– Any time you find me
– Course– CCJ 346 – CRN 2037– TR 10:00 – 12:00
20/04/23 2
Course
●2-3 hours of lecture per week●1-2 hours of lab per week●Attendance
– Your responsibility●Labs
– Must be done on Wednesdays, 3 - 4
20/04/23 3
Course Requirements
● Lab Reports – A bunch● Web History● MD5 Hash and Disk Clone● Evidence Recovery● Seizure● Phishing
● 1 mid-term exam● 1 Final – comprehensive
20/04/23 4
Course Description● Surveys the technologies, techniques, and responsibilities of a criminal or
civil investigation involving computers, digital devices, networks, network service providers and electronic evidence.
● Examines rules of evidence and proof and emphasizes maintaining an evidentiary trail through computer data and network activity.
● Reviews the responsibilities of the computer forensics investigator.
● Discusses the fragility of computer evidence and the techniques used to protect evidence.
SOU Course Catalog
20/04/23 5
Course Objectives
● Find evidence of individual behavior on a computer.
● Seize digital devices.
● Search, preserve and document digital evidence.
● Discuss the many ways that a digital device may be involved criminal or illegal activities.
● Discuss the legal and ethical aspects of computer forensics.
● Describe the many vulnerabilities to your personal and professional life that computers and computer networks pose.
20/04/23 6
Acceptable Use
If you violate ethical or legal standards regarding computer/network usage you
are subject to dismissal and/or legal prosecution.
See 30/03/08ww.sou.edu/usage.html
Computer Forensics
● As in all endeavors:
“Blame always falls some where.”
● Rule:
“Let it not be in your lap.”
Computer Forensics
● Discovery and recovery of digital evidence
– Usually post facto– Sometimes real time
● Types of forensic investigations– Liturgical
● Going to court● Crimes, etc.
– Non-Liturgical● Administrative adjudication● Industry
Purpose
● Prove or disprove criminal activity● Prove or disprove policy violation● Prove or disprove malicious behavior to or
by the computer/user
If the evidence is there, the case is yours to lose with very little effort.
20/04/23 10
Legal and Ethical Issues
● Computer Forensic Exams are Illegal.● Without the cover of Law● 4th Amendment
● You will learn dual use technology.– All tools can be used to commit crime– All procedures can be used to hide crime
● It is unethical to breach some ones expectation of privacy.
Responsibilities
● Evidence– All of it– Emphasis on exculpatory
● Respect for suspects privacy and rights● Beware of collateral damage● Be very very careful if you demonstrate
what you can do.
Business Issues
● No interruption of business● Know the policies of the business● Sensitive to the business costs during an
investigation
Privacy Issues
● Rights of the suspect● Liabilities of the investigator● Public versus private storage of
information● Expectation of privacy
20/04/23 14
Course Outline
Forensics IntroWeb Behavior
Digital Devices and NetworksComputer Laws
“Computer” Seizure“Computer” SearchCase Development
Internet
20/04/23 15
The Forensics Experience
CT/CSI
Counter Terrorism / Crime Scene Investigation
2006
20/04/23 16
Evidence
● Forensics is all about evidence.● Something that tends to prove or
disprove the existence of an alleged fact.● 03/30/08 Federal Rules of Evidence
govern proceedings in the courts of the United States.
20/04/23 17
Evidence
● Admissible– must be legally obtained and relevant
● Reliable– has not been tainted (changed) since acquisition
● Authentic– the real thing, not a replica
● Complete– includes any exculpatory evidence
● Believable– lawyers, judge & jury can understand it
Evidence
● Admissible● Search Warrant, Wire Tap, NSL
● Reliable● Chain of custody, protected, properly handled● Not tainted, not changed, MD5
● Authentic● Computer data is different
● Complete● Must search entire hard disk
● Believable● Impossible for geeks
20/04/23 19
Definition of Forensics
● Discipline of digital evidence discovery, protection and presentation.
● Technologies, techniques, and responsibilities of a criminal or civil investigation involving computers, networks, network service providers and electronic evidence.
20/04/23 20
Types of Forensic Exams
● Legal or Liturgical
– Will go to trial● Civil
– Similar to liturgical probably for negotiation or extortion
● Business
– Termination or reprimand an employee● Disaster Recovery
– What happened, how to prevent● Illegal/Surveillance
20/04/23 21
Read Your Employee’s Handbook
● What can your employer do to you?
● What can they see?
● What can you do?
● What can’t you do?
20/04/23 22
Areas of Forensics
● Physical● Digital● Chemical● Accounting● Etc.
20/04/23 23
Physical
● Ballistics● Fingerprints● Artifacts
● etc.
20/04/23 24
Digital ForensicsComputer Forensics
● Evidence contained in computers● Evidence contained in digital devices
● Phones● Cameras● Memory sticks● Smart cards
● Evidence contained in networks
20/04/23 25
Chemical
● Blood● DNA● Explosives● Drugs● Fiber analysis● Etc.
20/04/23 26
Accounting
● Fraud● Multiple sets of books● Stock manipulation● Insider trading
20/04/23 27
Digital DevicesBe careful, be very careful
● Computers, Laptops● Palm pilots● Cell phones● iPods● Cameras● Camcorders● etc.
20/04/23 28
Digital Evidence
● Records and Logs● Results of activities● Statement of intent● Contraband● Indication of time line
20/04/23 29
Skills and Knowledge
● Be aware of the many types of digital devices and their components and potential contents
● Develop a Web behavior profile
● Learn how to seize a computer and other devices
● Proper handling of digital evidence
● How to search a computer for evidence
● Analyze a phishing scam
● Become more knowledgeable about the digital/information world
20/04/23 30
Conviction
Must Prove:
Actus Reaus - The criminal act
Mens Rea - The criminal intent
Recommended