IT IS ALL ABOUT THE CRIME

Unit 7 – Recovering files & Network Forensics

CJ 317 - Dr. Joe Ciccone

Last Week & FERPA

How to locate and recover graphic filesHow to identify unknown file formats The types of data compression The standard procedures for performing a

live acquisition The standard procedures for network

forensics

Key Terms & Places

Carving: The process of recovering file fragments that are scattered across a disk. See also salvaging.

Lossless Compression: A compression method in which no data is lost. With this type of compression, a large file can be compressed to take up less space and then uncompressed without any loss of information.

Loss Compression: A compression method that permanently discards bits of information in a file. The removed bits of information reduce image quality.

Defense in Depth (DiD): The NSA’s approach to implementing a layered network defense strategy. It focuses on three modes of protection: people, technology, and operations.

Network Forensics: The process of collecting and analyzing raw network data and systematically tracking network traffic to determine how security incidents occur.

UCR Links – Federal Law Enforcement

2008 ReportCrime Clock - Crime Maphttp://www.fbi.gov/ucr/cius2008/about/

crime_clock.htmlViolent Crime – 23 secondProperty Crime – 3 second

National Incident-Based Reporting System(NIBRS) – Crp. Mike Roberts

Consists of individual incident records for the 8 Index crimes and 38 other offenses with details on Offense Victim Offender Property

Records each offense occurring in incident Distinguishes between attempted and completed crimes Expands burglary hotel rule to include rental storage

facilities Records rape of males and females Restructures definition of assault Collects weapon information for all violent offenses Provides details on arrests for the 8 Index crimes and 49

other offenses.

Link- Papers

Rules for Writers, 6th ed. Hacker, D. (2008).

Rules for writers (6th ed.). Boston, MA:

Bedford/St. Martin's Press. Plagiarism Policy

Kaplan University considers academic honesty to be one of its highest values. Students are expected to be the sole authors of their work. Use of another person’s work or ideas must be accompanied by specific citations and references.

Unit 7 Projects

Case Project 10-3:    You are investigating a case involving an employee

who is allegedly sending inappropriate photos via e-mail in attachments that have been compressed with a zip utility. As you examine the employee’s hard disk drive, you will find a file named orkty.zip, which you suspect is a graphic file. When you try to open the file in an image viewer, a message is displayed indicating that the file is corrupt. Write a 2-3 page report explaining how to recover the file, orkty.zip, for further investigation.

Case Part II & Name that Criminal

You work for a mid-sized corporation known for its inventions that does a lot of copyright and patent work. You are investigating an employee suspected of selling and distributing animations created for your corporation. During your investigations of the suspect’s drive, you find some files with an unfamiliar extension of  “.cde.”  The network administrator mentions that other “.cde” files have been sent through an FTP server to another site. Describe your findings after conducting an Internet search for “.cde” files.

Crime and Change~What will happen tomorrow?

Times are Changing !

In this unit, you got a feel for how quickly things are changing and how important procedures are in dealing with the new challenges. Network forensics and live acquisitions are just the tip of the iceburg.

Data carving and steganalysis are procedures that take time and care to perform. And they are not exact sciences. In many cases you will get false positives.

Thank you for all of your work this term!

Changes in Tech CrimeProblems & Questions from you? THANK YOUHave a great weekCheck your Grade book