Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Forensics in the Classroom

Similar presentations

Presentation on theme: "Computer Forensics in the Classroom"— Presentation transcript:

1 Computer Forensics in the Classroom
Chris Eagle Naval Postgraduate School

2 The Challenge A one quarter course in computer forensics
Appropriate number of hours Meaningful labs More than just a survey of current state of forensics field

3 Background The “forensics process” Pre-incident planning
Incident recognition and response Evidence collection Evidence analysis Reporting of findings

4 Recognizing Overlap Much of forensics overlaps with other areas
Introductory computer security Viruses, worms, steganography, cryptographic hashing, etc. Networking and network defense Secure management of systems Recognize and reinforce, but don’t repeat

5 Technical vs. Non-technical
What are the goals for your course? High level SANS style overview? Low level technically oriented? How much time to dedicate to non-technical material Legal issues Handling and presentation of evidence Could each be entire courses

6 Laboratory Setup Many considerations Shared lab? Windows vs. *nix
Open source vs. proprietary Expense VMware and its limitations VMware Player Use of “hostile” tools and/or content Unhappy system administrators

7 Lab Exercises O/S Familiarity Tool familiarization Evidence collection
How do you “plant” evidence Evidence analysis Final project? Report style Case analysis Consider case development

8 Emphasizing Computer Science
Education vs. training How does it all tie in to their studies What are the challenges in forensics? Binary analysis RAM and virtual memory analysis Steganalysis Others

9 Resources Honeynet Project SANS Sleuth Kit Challenges and whitpapers
SANS Courses, newsletters Sleuth Kit Collection and analysis tools and newsletter

10 Conclusion Questions Contact info Chris Eagle

Download ppt "Computer Forensics in the Classroom"

Similar presentations

Ads by Google