• Home

  • Documents

  • 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA
9
7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Embed Size (px)

Citation preview

Page 1: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

7 Handling a Digital Crime Scene

Dr. John P. Abraham

Professor

UTPA

Page 2: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Introduction

• GOAL: Sequestered environment where– All contents are mapped and recorded– Accompanying photographs and basic diagrams showing areas

and items– Evidence is frozen in place

• This chapter deals with handling individual computers as a source of evidence.

• US department of Justice and Secret Service• Electronic Crime Scene Investigation.• Best Practices for Seizing Electronic Evidence• Guide for first responders

• Also The good practice guide for computer based evidence by association of chief of police officers (ACPO)

Page 3: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Major principles

• No action taken should change data held on a computer or storage media

• Anyone accessing the computer must be competent in cyber forensics.

• An audit trail or other record of all processes applied to electronic evidence must be kept.

• Person in charge of the overall case has the responsibility of ensuring that the law and these principles are adhered to.

Page 4: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Authorization

• Obtain written authorizations and instructions from attorneys.

• Private and personal computer access would require warrant unless an employee agrees to the search.

• Work place computer may not require a warrant.• Digital investigators are generally authorized to

collect and examine only what is directly pertinent to the investigation.

Page 5: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Preparing to handle digital crime scenes

• Make diagrams and have a plan as to what to examine.

• What type of tools should be brought to the scene.

• Bring questionnaire to interview individuals at the crime scene.

Page 6: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Surveying the Digital Crime Scene

• Look at laptops, handheld devices,• Digital video records (DVRs)• Gaming systems• External hard drives• Digital cameras• DVDs• Look for installation disks that give clues• Network configurations, look for remote machine

in the facility or outside.

Page 7: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Preserving the Digital Crime Scene

• Controlling Entry points – secure the crime scene.

• Save biometric access system data and video recordings.

• Save network level logs (copy).• Preserve all backup media, do not overwrite

backup media.• Preserve emails on the servers.• Keyboards may have fingerprints.

Page 8: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Preserving data on live systems

• The contents of volatile memory must be obtained such as a note being written.

• Which account is running under certain processes.

• Capture information related to active processes and network connections.

Page 9: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Shutting down

• Remove power from the back of the machine.

• Open the case and remove power to the hard drives.

• Check for missing parts

• Check for explosives.


OOP / VB.NET (Chp4) DR. JOHN ABRAHAM UTPA Credit: Partial slides from startvbdotnet.com

OOP / VB.NET (Chp4) DR. JOHN ABRAHAM UTPA Credit: Partial slides from startvbdotnet.com

Documents
UTPA Computer Science

UTPA Computer Science

Documents
Internet Applications and Network Programming Dr. Abraham Professor UTPA

Internet Applications and Network Programming Dr. Abraham Professor UTPA

Documents
JAVASCRIPT HOW TO PROGRAM -2 DR. JOHN P. ABRAHAM UTPA

JAVASCRIPT HOW TO PROGRAM -2 DR. JOHN P. ABRAHAM UTPA

Documents
UTPA Continuing Education Spring 2015 Course Catalog

UTPA Continuing Education Spring 2015 Course Catalog

Documents
21-IP addressing Dr. John P. Abraham Professor UTPA

21-IP addressing Dr. John P. Abraham Professor UTPA

Documents
My approach to teach e-commerce Dr. John P. Abraham Professor, UTPA

My approach to teach e-commerce Dr. John P. Abraham Professor, UTPA

Documents
WPF chapter 15 Dr. John Abraham Professor UTPA. WPF –an introduction WPF provides a single platform capable of handling graphics, audio and video. WPF

WPF chapter 15 Dr. John Abraham Professor UTPA. WPF –an introduction WPF provides a single platform capable of handling graphics, audio and video. WPF

Documents
The University of Texas-Pan American Web Site Designs Created Specifically for the Oracle Portal Project UTPA Main Site () UTPA Divisions:

The University of Texas-Pan American Web Site Designs Created Specifically for the Oracle Portal Project UTPA Main Site () UTPA Divisions:

Documents
3Digital Evidence in the Courtroom Dr. John P. Abraham Professor of Computer Science UTPA

3Digital Evidence in the Courtroom Dr. John P. Abraham Professor of Computer Science UTPA

Documents
Protocol Suits and Layering Models OSI Model Dr. Abraham UTPA

Protocol Suits and Layering Models OSI Model Dr. Abraham UTPA

Documents
UTPA Procedure for Welds

UTPA Procedure for Welds

Documents
How Computers Work Dr. John P. Abraham Professor UTPA

How Computers Work Dr. John P. Abraham Professor UTPA

Documents
Gil Penalosa at UTPA

Gil Penalosa at UTPA

Education
UTPA Business Development & Innovation Group

UTPA Business Development & Innovation Group

Documents
E-Commerce Types Dr. John P. Abraham Professor, UTPA

E-Commerce Types Dr. John P. Abraham Professor, UTPA

Documents
UTPA Business Development & Innovation Group

UTPA Business Development & Innovation Group

Documents
22-Datagram Forwarding Dr. John P. Abraham Professor UTPA

22-Datagram Forwarding Dr. John P. Abraham Professor UTPA

Documents
8-Reliability and Channel Coding Dr. John P. Abraham Professor UTPA

8-Reliability and Channel Coding Dr. John P. Abraham Professor UTPA

Documents
14-MAC Sub-layer Dr. John P. Abraham Professor UTPA

14-MAC Sub-layer Dr. John P. Abraham Professor UTPA

Documents
Week 4 UTPA · 2018-01-29 · Week 4 – UTPA 5:30 Today’s agenda Course review Class actions (cont.) Quiz 6:00 Break UTPA elements chart Fee shifting chart Damages chart 6:30 Break

Week 4 UTPA · 2018-01-29 · Week 4 – UTPA 5:30 Today’s agenda Course review Class actions (cont.) Quiz 6:00 Break UTPA elements chart Fee shifting chart Damages chart 6:30 Break

Documents
Starting an E-business Dr. John P. Abraham Professor UTPA

Starting an E-business Dr. John P. Abraham Professor UTPA

Documents
UTPA Brochure 1011

UTPA Brochure 1011

Documents
Elementary Probability - UTPA Faculty Web

Elementary Probability - UTPA Faculty Web

Documents
LINQ AND GENERIC COLLECTIONS DR. JOHN P. ABRAHAM PROFESSOR UTPA

LINQ AND GENERIC COLLECTIONS DR. JOHN P. ABRAHAM PROFESSOR UTPA

Documents
Intro to dot Net Dr. John Abraham UTPA – Fall 09 CSCI 3327

Intro to dot Net Dr. John Abraham UTPA – Fall 09 CSCI 3327

Documents
UTPA – Fall 2011

UTPA – Fall 2011

Documents
UTPA prez slides

UTPA prez slides

Documents
23-Support Protocols and Technologies Dr. John P. Abraham Professor UTPA

23-Support Protocols and Technologies Dr. John P. Abraham Professor UTPA

Documents
Texas Tech at UTPA Match Notes

Texas Tech at UTPA Match Notes

Documents