Presentation is loading. Please wait.

Presentation is loading. Please wait.

COS/PSA 413 DAY 1. Guide to Computer Forensics and Investigations, 2e2 Agenda Roll Call Introduction WebCT Overview Syllabus Review Introduction to eMarketing.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "COS/PSA 413 DAY 1. Guide to Computer Forensics and Investigations, 2e2 Agenda Roll Call Introduction WebCT Overview Syllabus Review Introduction to eMarketing."— Presentation transcript:

1 COS/PSA 413 DAY 1

2 Guide to Computer Forensics and Investigations, 2e2 Agenda Roll Call Introduction WebCT Overview Syllabus Review Introduction to eMarketing

3 Guide to Computer Forensics and Investigations, 2e3 INSTRUCTOR Tony Gauvin, Assistant Professor of E-Commerce Contact info –216 Nadeau yG@maine.edu –(207) 834-7519 or ext 7519 –WebCT (Tony Gauvin)

4 Guide to Computer Forensics and Investigations, 2e4 Instructional Philosophy Out-Come based education Would rather discuss than lecture –Requires student preparation Hate grading assignments –Especially LATE assignments Use class interaction, assignments, quizzes and projects to determine if outcomes are met.

5 Guide to Computer Forensics and Investigations, 2e5 COS 413 Survival Primer Read Material BEFORE the class discussion Check WebCT Often Use the additional resources identified in syllabus ASK questions about what you didn’t understand in readings DON’T do assignments and projects at last minute. REVEIW lectures and notes Seek HELP if you are having difficulties OFFER feedback and suggestions to the instructor in a constructive manner

6 Guide to Computer Forensics and Investigations, 2e6 Computer Accounts Computer login –Sys admin Pete Cyr (x7547) or Art Drolet (x7809) –Applications MSDN Academic Alliance –Free Stuff –See Dr Ray Albert Access Cards –$10 deposit –See Lisa Fournier

7 Guide to Computer Forensics and Investigations, 2e7 WebCT http://webct.umfk.maine.edu Login –First name. Last Name –John Doe  John.Doe –Initial password is webct Help with WebCT available from Blake Library staff All quizzes and assignments will be administered from WebCT

8 Guide to Computer Forensics and Investigations, 2e8 Syllabus review Requirements Grading Course outline Special Notes Subject to change

9 Guide to Computer Forensics and Investigations, Second Edition Chapter 1 Computer Forensics and Investigations as a Profession

10 Guide to Computer Forensics and Investigations, 2e10 Objectives Understand computer forensics Prepare for computer investigations Understand enforcement agency investigations Understand corporate investigations Maintain professional conduct

11 Guide to Computer Forensics and Investigations, 2e11 Understanding Computer Forensics Computer forensics involves obtaining and analyzing digital information for use as evidence in civil, criminal, or administrative cases The Fourth Amendment to the U.S. Constitution protects everyone’s rights to be secure in their person, residence, and property from search and seizure

12 Guide to Computer Forensics and Investigations, 2e12 Understanding Computer Forensics (continued) When preparing to search for evidence in a criminal case, include the suspect’s computer and its components in the search warrant

13 Guide to Computer Forensics and Investigations, 2e13 Computer Forensics Versus Other Related Disciplines Involves scientifically examining and analyzing data from computer storage media so that the data can be used as evidence in court Investigating computers includes: –Securely collecting computer data –Examining suspect data to determine details such as origin and content –Presenting computer-based information to courts –Applying laws to computer practice

14 Guide to Computer Forensics and Investigations, 2e14 Computer Forensics Versus Other Related Disciplines (continued) Network forensics uses log files to determine: –When users logged on or last used their logon IDs –Which URLs a user accessed –How he or she logged on to the network –From what location Computer investigations functions –Vulnerability assessment and risk management –Network intrusion detection and incident response –Computer investigations

15 Guide to Computer Forensics and Investigations, 2e15 Computer Forensics Versus Other Related Disciplines (continued)

16 Guide to Computer Forensics and Investigations, 2e16 Computer Forensics Versus Other Related Disciplines (continued) Vulnerability assessment and risk management –Test and verify the integrity of standalone workstations and network servers –Physical security of systems and the security of operating systems (OSs) and applications –Test for known vulnerabilities of OSs –Launch attacks on the network, workstations, and servers to assess vulnerabilities

17 Guide to Computer Forensics and Investigations, 2e17 Computer Forensics Versus Other Related Disciplines (continued) Network intrusion detection and incident response functions: –Detect intruder attacks using automated tools and monitoring network firewall logs manually –Track, locate, and identify the intruder and deny further access to the network –Collect evidence for civil or criminal litigation against the intruders

18 Guide to Computer Forensics and Investigations, 2e18 Computer Forensics Versus Other Related Disciplines (continued) Computer investigation functions –Manage investigations and conduct forensic analysis of systems –Draw on resources from those involved in vulnerability assessment, risk management, and network intrusion detection and incident response –Resolve or terminate all case investigations

19 Guide to Computer Forensics and Investigations, 2e19 A Brief History of Computer Forensics Well-known crimes―one-half cent By the early 1990s, specialized tools for computer forensics were available ASR Data created the tool Expert Witness for the Macintosh –Recover deleted files and file fragments EnCase iLook

20 Guide to Computer Forensics and Investigations, 2e20 Developing Computer Forensics Resources Ask for help –Computer Technology Investigators Northwest (CTIN) –High Technology Crime Investigation Association (HTCIA) –LISTSERV –Majordomo

21 Guide to Computer Forensics and Investigations, 2e21 Preparing For Computer Investigations Computer investigations and forensics Public investigations –Government agencies responsible for criminal investigations and prosecution

22 Guide to Computer Forensics and Investigations, 2e22 Preparing For Computer Investigations (continued) Private or corporate investigations –Criminal cases –Government agencies –Private or corporate investigations –Private companies –Non-enforcement government agencies –Lawyers

23 Guide to Computer Forensics and Investigations, 2e23 Preparing For Computer Investigations (continued)

24 Guide to Computer Forensics and Investigations, 2e24 Understanding Enforcement Agency Investigations Understand: –Local city, county, state or province, and federal laws on computer-related crimes –Legal processes and how to build a criminal case

25 Guide to Computer Forensics and Investigations, 2e25 Understanding Enforcement Agency Investigations (continued) States have added specific language to their criminal codes to define crimes that involve computers Until 1993, laws defining computer crimes did not exist

26 Guide to Computer Forensics and Investigations, 2e26 Following the Legal Process A criminal case follows three stages: –Complaint Someone files a complaint –Investigation A specialist investigates the complaint –Prosecution Prosecutor collects evidence and builds a case

27 Guide to Computer Forensics and Investigations, 2e27 Following the Legal Process (continued)

28 Guide to Computer Forensics and Investigations, 2e28 Following the Legal Process (continued) Levels of law enforcement expertise: –Level 1 (street police officer) Acquiring and seizing digital evidence –Level 2 (detective) Managing high-tech investigations Teaching the investigator what to ask for Understanding computer terminology What can and cannot be retrieved from digital evidence –Level 3: (computer forensics expert) Specialist training in retrieving digital evidence

29 Guide to Computer Forensics and Investigations, 2e29 Following the Legal Process (continued)

30 Guide to Computer Forensics and Investigations, 2e30 Understanding Corporate Investigations Business must continue with minimal interruption from your investigation Corporate computer crimes: –E-mail harassment –Falsification of data –Gender and age discrimination –Embezzlement –Sabotage –Industrial espionage

31 Guide to Computer Forensics and Investigations, 2e31 Establishing Company Policies Company policies avoid litigation Policies provide: –Rules for using company computers and networks –Line of authority for internal investigations Who has the legal right to initiate an investigation Who can take possession of evidence Who can have access to evidence

32 Guide to Computer Forensics and Investigations, 2e32 Displaying Warning Banners Avoid litigation displaying a warning banner on computer screens A banner: –Informs user that the organization can inspect computer systems and network traffic at will –Voids right of privacy –Establishes authority to conduct an investigation

33 Guide to Computer Forensics and Investigations, 2e33 Displaying Warning Banners (continued)

34 Guide to Computer Forensics and Investigations, 2e34 Displaying Warning Banners (continued) Types of warning banners: –For internal employee access (intranet Web page access) –External visitor accesses (Internet Web page access)

35 Guide to Computer Forensics and Investigations, 2e35 Displaying Warning Banners (continued) Examples of warning banners: –Access to this system and network is restricted –Use of this system and network is for official business only –Systems and networks are subject to monitoring at any time by the owner –Using this system implies consent to monitoring by the owner –Unauthorized or illegal users of this system or network will be subject to discipline or prosecution

36 Guide to Computer Forensics and Investigations, 2e36 Displaying Warning Banners (continued) A for-profit organization banner –This system is the property of Company X –This system is for authorized use only –Unauthorized access is a violation of law and violators will be prosecuted –All activity, software, network traffic, and communications are subject to monitoring

37 Guide to Computer Forensics and Investigations, 2e37 Designating an Authorized Requester Establish a line of authority Specify an authorized requester who has the power to conduct investigations Groups who can request investigations: –Corporate Security Investigations –Corporate Ethics Office –Corporate Equal Employment Opportunity Office –Internal Auditing –The general counsel or legal department

38 Guide to Computer Forensics and Investigations, 2e38 Conducting Security Investigations Public investigations search for evidence to support criminal allegations Private investigations search for evidence to support allegations of abuse of a company’s assets and criminal complaints

39 Guide to Computer Forensics and Investigations, 2e39 Conducting Security Investigations (continued) Situations in the enterprise environment: –Abuse or misuse of corporate assets –E-mail abuse –Internet abuse

40 Guide to Computer Forensics and Investigations, 2e40 Conducting Security Investigations (continued)

41 Guide to Computer Forensics and Investigations, 2e41 Conducting Security Investigations (continued) Employee abuse of computer privileges –Employee company startup –Porn site –Malicious e-mail

42 Guide to Computer Forensics and Investigations, 2e42 Distinguishing Personal and Company Property PDAs and personal notebook computers Employee hooks up his PDA device to his company computer Company gives PDA to employee as bonus

43 Guide to Computer Forensics and Investigations, 2e43 Maintaining Professional Conduct Professional conduct determines credibility –Ethics –Morals –Standards of behavior –Maintain objectivity and confidentiality –Enrich technical knowledge –Conduct with integrity

44 Guide to Computer Forensics and Investigations, 2e44 Maintaining Professional Conduct (continued) Maintaining objectivity –Sustain unbiased opinions of your cases Avoid making conclusions about the findings until all reasonable leads have been exhausted Considered all the available facts Ignore external biases to maintain the integrity of the fact-finding in all investigations Keep the case confidential

45 Guide to Computer Forensics and Investigations, 2e45 Maintaining Professional Conduct (continued) Stay current with the latest technical changes in computer hardware and software, networking, and forensic tools Learn about the latest investigation techniques that can be applied to the case Record fact-finding methods in a journal –Include dates and important details that serve as memory triggers –Develop a routine of regularly reviewing the journal to keep past achievements fresh

46 Guide to Computer Forensics and Investigations, 2e46 Maintaining Professional Conduct (continued) Attend workshops, conferences, and vendor- specific courses conducted by software manufacturers Monitor the latest book releases and read as much as possible about computer investigations and forensics

47 Guide to Computer Forensics and Investigations, 2e47 Summary Computer forensics: systematic accumulation of digital evidence in an investigation Differs from network forensics, data recovery, and disaster recovery in scope, technique, and objective Laws relating to digital evidence were established in the late 1960s To be successful, you must be familiar with more than one computing platform

48 Guide to Computer Forensics and Investigations, 2e48 Summary (continued) To supplement your knowledge, develop and maintain contact with computer, network, and investigative professionals Public investigations typically require a search warrant before the digital evidence is seized The Fourth Amendment applies to governmental searches and seizures During public investigations, you search for evidence to support criminal allegations

49 Guide to Computer Forensics and Investigations, 2e49 Summary (continued) During private investigations, search for evidence to support allegations of abuse of a company or person’s assets and, in some cases, criminal complaints Silver-platter doctrine: handing the results of private investigations over to the authorities because of indications of criminal activity Forensics investigators must maintain an impeccable reputation to protect credibility

50 Guide to Computer Forensics and Investigations, 2e50 Summary (continued) Most information is stored on hard disks, floppy disks, and CD-ROMs in a nonvolatile manner Peripheral components (video adapter cards, sound cards, mice, keyboards, NICs) attach to mainboard via an expansion slot or port All peripherals must have a unique IRQ and I/O address to communicate with the processor Hardware information can be gathered from computer manuals, BIOS, or other OSs

Download ppt "COS/PSA 413 DAY 1. Guide to Computer Forensics and Investigations, 2e2 Agenda Roll Call Introduction WebCT Overview Syllabus Review Introduction to eMarketing."

Similar presentations

Acceptable Use of Computer and Network Resources Jim Conroy Acting Director, Academic Computing Services September 9, 2013.

Acceptable Use of Computer and Network Resources Jim Conroy Acting Director, Academic Computing Services September 9, 2013.
Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Security, Privacy, and Ethics Online Computer Crimes.

Security, Privacy, and Ethics Online Computer Crimes.
Computer & Network Forensics

Computer & Network Forensics
ELC/BUS/PSA 347 Day 1. Agenda Roll Call Introduction WebCT Overview Contract on Classroom Behavior Syllabus Review.

ELC/BUS/PSA 347 Day 1. Agenda Roll Call Introduction WebCT Overview Contract on Classroom Behavior Syllabus Review.
COS 413 DAY 2. Agenda Questions? Assignment 1 due next class Finish Discussion on Preparing for Computing Investigations Begin Discussion on Understanding.

COS 413 DAY 2. Agenda Questions? Assignment 1 due next class Finish Discussion on Preparing for Computing Investigations Begin Discussion on Understanding.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 1-1 COS 346 Day 1.

DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 1-1 COS 346 Day 1.
Day 1.  Roll Call  Introduction  Blackboard Overview  Contract on Classroom Behavior  Syllabus Review.

Day 1.  Roll Call  Introduction  Blackboard Overview  Contract on Classroom Behavior  Syllabus Review.
Day 1.  Roll Call  Introduction  Blackboard Overview  Contract on Classroom Behavior  Syllabus Review.

Day 1.  Roll Call  Introduction  Blackboard Overview  Contract on Classroom Behavior  Syllabus Review.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS 4600 - © Abdou Illia.

January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.

COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.
Computer Forensics Day 1

Computer Forensics Day 1
Fundamentals, Design, and Implementation, 9/e Chapter 1 Introduction to Database Processing.

Fundamentals, Design, and Implementation, 9/e Chapter 1 Introduction to Database Processing.
Guide to Computer Forensics and Investigations Third Edition

Guide to Computer Forensics and Investigations Third Edition
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Introduction to Computer Forensics Fall 2007. Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (http://www.forensics.nl).http://www.forensics.nl.

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J. 2009 w/ T. Scocca.

COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J w/ T. Scocca.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition

Similar presentations

Ads by Google