• Home

  • Documents

  • 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA
9
7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Embed Size (px)

Citation preview

Page 1: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

7 Handling a Digital Crime Scene

Dr. John P. Abraham

Professor

UTPA

Page 2: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Introduction

• GOAL: Sequestered environment where– All contents are mapped and recorded– Accompanying photographs and basic diagrams showing areas

and items– Evidence is frozen in place

• This chapter deals with handling individual computers as a source of evidence.

• US department of Justice and Secret Service• Electronic Crime Scene Investigation.• Best Practices for Seizing Electronic Evidence• Guide for first responders

• Also The good practice guide for computer based evidence by association of chief of police officers (ACPO)

Page 3: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Major principles

• No action taken should change data held on a computer or storage media

• Anyone accessing the computer must be competent in cyber forensics.

• An audit trail or other record of all processes applied to electronic evidence must be kept.

• Person in charge of the overall case has the responsibility of ensuring that the law and these principles are adhered to.

Page 4: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Authorization

• Obtain written authorizations and instructions from attorneys.

• Private and personal computer access would require warrant unless an employee agrees to the search.

• Work place computer may not require a warrant.• Digital investigators are generally authorized to

collect and examine only what is directly pertinent to the investigation.

Page 5: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Preparing to handle digital crime scenes

• Make diagrams and have a plan as to what to examine.

• What type of tools should be brought to the scene.

• Bring questionnaire to interview individuals at the crime scene.

Page 6: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Surveying the Digital Crime Scene

• Look at laptops, handheld devices,• Digital video records (DVRs)• Gaming systems• External hard drives• Digital cameras• DVDs• Look for installation disks that give clues• Network configurations, look for remote machine

in the facility or outside.

Page 7: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Preserving the Digital Crime Scene

• Controlling Entry points – secure the crime scene.

• Save biometric access system data and video recordings.

• Save network level logs (copy).• Preserve all backup media, do not overwrite

backup media.• Preserve emails on the servers.• Keyboards may have fingerprints.

Page 8: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Preserving data on live systems

• The contents of volatile memory must be obtained such as a note being written.

• Which account is running under certain processes.

• Capture information related to active processes and network connections.

Page 9: 7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Shutting down

• Remove power from the back of the machine.

• Open the case and remove power to the hard drives.

• Check for missing parts

• Check for explosives.


Elementary Probability - UTPA Faculty Web

Elementary Probability - UTPA Faculty Web

Documents
21-IP addressing Dr. John P. Abraham Professor UTPA

21-IP addressing Dr. John P. Abraham Professor UTPA

Documents
UTPA Graduate School Thesis Manual

UTPA Graduate School Thesis Manual

Documents
UTPA APT Summer Pre-Matriculation Program 2014

UTPA APT Summer Pre-Matriculation Program 2014

Education
July 24 utpa lori breslow

July 24 utpa lori breslow

Documents
The University of Texas-Pan American Web Site Designs Created Specifically for the Oracle Portal Project UTPA Main Site () UTPA Divisions:

The University of Texas-Pan American Web Site Designs Created Specifically for the Oracle Portal Project UTPA Main Site () UTPA Divisions:

Documents
UTPA Business Development & Innovation Group

UTPA Business Development & Innovation Group

Documents
22-Datagram Forwarding Dr. John P. Abraham Professor UTPA

22-Datagram Forwarding Dr. John P. Abraham Professor UTPA

Documents
Starting an E-business Dr. John P. Abraham Professor UTPA

Starting an E-business Dr. John P. Abraham Professor UTPA

Documents
UTPA Battalion Battle Book

UTPA Battalion Battle Book

Documents
Management Function Planning Dr. John P. Abraham UTPA

Management Function Planning Dr. John P. Abraham UTPA

Documents
UTPA Computer Science

UTPA Computer Science

Documents
23-Support Protocols and Technologies Dr. John P. Abraham Professor UTPA

23-Support Protocols and Technologies Dr. John P. Abraham Professor UTPA

Documents
Week 4 UTPA · 2018-01-29 · Week 4 – UTPA 5:30 Today’s agenda Course review Class actions (cont.) Quiz 6:00 Break UTPA elements chart Fee shifting chart Damages chart 6:30 Break

Week 4 UTPA · 2018-01-29 · Week 4 – UTPA 5:30 Today’s agenda Course review Class actions (cont.) Quiz 6:00 Break UTPA elements chart Fee shifting chart Damages chart 6:30 Break

Documents
JAVASCRIPT HOW TO PROGRAM -2 DR. JOHN P. ABRAHAM UTPA

JAVASCRIPT HOW TO PROGRAM -2 DR. JOHN P. ABRAHAM UTPA

Documents
8-Reliability and Channel Coding Dr. John P. Abraham Professor UTPA

8-Reliability and Channel Coding Dr. John P. Abraham Professor UTPA

Documents
Internet Applications and Network Programming Dr. Abraham Professor UTPA

Internet Applications and Network Programming Dr. Abraham Professor UTPA

Documents
UTPA Brochure 1011

UTPA Brochure 1011

Documents
18-WAN Technologies and Dynamic routing Dr. John P. Abraham Professor UTPA

18-WAN Technologies and Dynamic routing Dr. John P. Abraham Professor UTPA

Documents
UTPA Battalion Battle Book.doc

UTPA Battalion Battle Book.doc

Documents
WPF chapter 15 Dr. John Abraham Professor UTPA. WPF –an introduction WPF provides a single platform capable of handling graphics, audio and video. WPF

WPF chapter 15 Dr. John Abraham Professor UTPA. WPF –an introduction WPF provides a single platform capable of handling graphics, audio and video. WPF

Documents
My approach to teach e-commerce Dr. John P. Abraham Professor, UTPA

My approach to teach e-commerce Dr. John P. Abraham Professor, UTPA

Documents
Protocol Suits and Layering Models OSI Model Dr. Abraham UTPA

Protocol Suits and Layering Models OSI Model Dr. Abraham UTPA

Documents
4-Traditional Internet Applications Dr. John P. Abraham Professor UTPA

4-Traditional Internet Applications Dr. John P. Abraham Professor UTPA

Documents
E-Commerce Types Dr. John P. Abraham Professor, UTPA

E-Commerce Types Dr. John P. Abraham Professor, UTPA

Documents
UTPA prez slides

UTPA prez slides

Documents
5-Network Defenses Dr. John P. Abraham Professor UTPA

5-Network Defenses Dr. John P. Abraham Professor UTPA

Documents
Gil Penalosa at UTPA

Gil Penalosa at UTPA

Education
UTPA Procedure for Welds

UTPA Procedure for Welds

Documents
UTPA handout

UTPA handout

Documents