Introduction to Digital Forensics

Slides:



Advertisements
Similar presentations
OC RIMS Cyber Safety & Security Incident Response.
Advertisements

Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.
I would like to thank Louis P. Wilder and Dr. Joseph Trien for the opportunity to work on this project and for their continued support. The Research Alliance.
Computer Forensics By: Stephanie DeRoche Benjamin K. Ertley.
Evidence Collection & Admissibility Computer Forensics BACS 371.
Mumbai Cyber Lab A Joint Endeavor of Mumbai Police and NASSCOM Mumbai Cyber Lab A Joint Endeavor of Mumbai Police and NASSCOM Dr. Pradnya Saravade Dy.
MSc in Business Information Technology
We’ve got what it takes to take what you got! NETWORK FORENSICS.
Computer Forensics, The Investigators Persepective Paul T. Mobley Sr. Computer Forensics Consultant Jawz Inc.
Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.
BACS 371 Computer Forensics
Forensic and Investigative Accounting
Computer Forensics Principles and Practices
T OWARDS S TANDARDS IN D IGITAL F ORENSICS E DUCATION.
COEN 152 Computer Forensics Introduction to Computer Forensics.
An Event-based Digital Forensic Investigation Framework Brian D. Carrier Eugene H. Spafford DFRWS 2004.
Digital Forensics Survey of Information Assurance.
3Digital Evidence in the Courtroom Dr. John P. Abraham Professor of Computer Science UTPA.
Defining Digital Forensic Examination & Analysis Tools Brian Carrier.
Digital Crime Scene Investigative Process
Evidence Collection 3 rd Grade Workshop. When a crime has been committed, a team of policemen usually called investigators are sent to the scene of the.
Computer Forensics Principles and Practices
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 11 09/27/2011 Security and Privacy in Cloud Computing.
Computer Forensics Peter Caggiano. Outline My Background What is it? What Can it do and not do? Goals Evidence Types of forensics Future problems How.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J
COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University September 28, 2007.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
 It is a branch of FORENSIC SCIENCE for legal evidence found in computer  It refers to detail investigation of the computers to carry out required tasks.
1 Chapter 2 Crime Scene Investigation and Evidence Collection By the end of this chapter you will be able to: o Summarize Locard’s exchange principle o.
Chapter 2 Crime Scene Investigation and Evidence Collection By the end of this chapter you will be able to: summarize Locard’s exchange principle.
Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Computer Security Fundamentals by Chuck Easttom Chapter 14 Introduction to Forensics.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Forensics Jeff Wang Code Mentor: John Zhu (IT Support)
Forensic Science: Fundamentals & Investigations, Chapter 2 1 Chapter 2 Crime Scene Investigation and Evidence Collection By the end of this chapter you.
© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter Extension 24 Computer Crime and Forensics.
Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.
Chapter 2 Incident Response Management Handbook Spring Incident Response & Computer Forensics.
Chapter 7 Live Data Collection Spring Incident Response & Computer Forensics.
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.
CIT 180 Security Fundamentals Computer Forensics.
Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.
Cell Phone Forensics Investigator - ICFECI
Digital Evidence Acquisition Using Cyberforensics Tools Oral Paper Presentation Graduate Student Research Development Day Virtual Conference October 25,
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
1D0-570 CIW CIW v5 Security Professional
Forensic Specialist.
PhD Oral Exam Presentation
Computer Security Fundamentals
Disclosure of designs under the CDR
Chapter 2 Crime Scene Investigation and Evidence Collection By the end of this chapter you will be able to: summarize Locard’s exchange principle.
Guide to Computer Forensics and Investigations Fifth Edition
CSI Survey 2007 Tiffany Gorman
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
Introduction to Operating Systems
Ad Hoc Phase Structured Phase Enterprise Phase
Chapter 2 Crime Scene Investigation and Evidence Collection By the end of this chapter you will be able to: summarize Locard’s exchange principle.
1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.
Electronic Discovery Sabrina Jones 4/14/2011.
Faculty Supervisor: Dr. Thomas Gallagher
Introduction to Digital Forensics
Presentation transcript:

Introduction to Digital Forensics “You can have data without information, but you cannot have information without data.” -Daniel Keys Moran

Overview Syllabus Value of Cybersecurity Job Statistics and Titles Interesting Problems Nortel Case Study Intro. To Digital Forensics What is Digital Forensics? Goals of Digital Forensics Overview of the Digital Forensics Process Course Project Scenarios

Syllabus

Cybersecurity Job Outlook 3.5 million unfilled job openings by 2021 (worldwide) Cybercrime is predicted to cost 6 trillion dollars annually by 2021 (worldwide) Currently a 0% unemployment rate Average salary for a “Cybersecurity Professional” is $116,000 a year In 2017, 750,000+ people employed in cybersecurity within the U.S. In 2017, 350,000+ unfilled cybersecurity job within the U.S.

Cybersecurity Job Outlook 3.5 million unfilled job openings by 2021 Cybercrime is predicted to cost 6 trillion dollars annually by 2021 http://cyberseek.org/heatmap.html

Job Titles Related to this Course Chief Information Security Officer Computer Forensics Analyst Computer Forensics Examiner Cyber Investigator Digital Forensics Analyst Digital Forensics Examiner Digital Forensic Engineer Information Security Analyst

Case Studies BTK Serial Killer (https://precisioncomputerinvestigations.wordpress.com /2010/04/14/how-computer-forensics-solved-the-btk- killer-case/) Nortel (https://www.bcg.com/publications/2017/technology- digital-develop-cybersecurity-strategy-your-organization- existence-depends-it.aspx & http://business.financialpost.com/technology/nortel- hacked-to-pieces) The Computer that got Lost (http://burgessforensics.com/csi-computer-forensics- real-cases-from-burgess-forensics-12-the-case-of-the- computer-that-got-lost/) Mergers & Acquisitions (https://businesslawtoday.org/2017/09/the-importance- of-cybersecurity-due-diligence-in-ma-transactions/)

Introduction to Digital Forensics What is Digital Forensics? As decided by the first Digital Forensics Research Workshop in 2001, digital forensics is defined as “The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions show to be disruptive to planned operations.”

Introduction to Digital Forensics What is Digital Forensics? Forensics can be considered an art and a science. The science of forensics combined with the art of investigation. Applying scientific method and deductive reasoning to data is the science, and interpreting the data to reconstruct events is an art.

Introduction to Digital Forensics Digital Forensics Examiner? In Forensic Discovery, Venema and Farmer argue an examiner acts more like a digital archaeologist and geologist than a traditional forensic examiner. “Digital archeology is about the direct effects from user activity, such as file contents, file access stamps, information from deleted files, and network flow logs. … Digital geology is about autonomous processes that users have no direct control over, such as the allocation and recycling of disk blocks, file ID numbers, memory pages or process ID numbers.

Introduction to Digital Forensics Goals of Digital Forensics: Find facts From these facts recreate the truth of an event

Introduction to Digital Forensics How do we figure out the truth? The truth of an event is established by discovering and exposing the remnants of the event which have been left on the system. These remnants are known as artifacts. Some artifacts may be evidence. Evidence is something used during a legal proceeding. Artifacts are traces left behind by activities and events. Artifacts may or may not be innocuous. Artifacts may or may not be material - able to be considered by the judge or jury to establish the truth or falsity of a fact or claim.

Introduction to Digital Forensics How do we figure out the truth? Every investigation has a hypothesis, “The user copied files to a USB”, “An unauthorized user gained root access”, etc. An examiner searches for artifacts which will indicate whether or not the hypothesis is valid. If it is a legal matter these artifacts are respectively called inculpatory and exculpatory evidence. Furthermore, since digital evidence is so easily manipulated, part of an examiner’s job is determining if the evidence is consistent with the processes and systems which purportedly generated it. This is called the evidence’s consistency and in some investigations assessing consistency is the examiner’s sole task.

Introduction to Digital Forensics Digital Forensics Process: Acquisition: collection of digital media to be examined. Analysis: the actual examination of the media Presentation: The process by which the examiner shares the results of this analysis. *Note: These steps are cyclical and many cycles may be necessary to complete a long running legal or incident response investigation.

Course Projects You will be tasked with the acquisition, analysis and presentation of information regarding the following scenarios: Attacker infiltrating a corporate network Employee exfiltrating sensitive data Computer user is suspected of performing illegal activities and potentially storing illegal data.

Suggested Supplemental Reading https://www.amazon.com/Incident-Response-Computer-Forensics-Third-ebook/dp/B00JFG7152 https://www.amazon.com/Art-Memory-Forensics-Detecting-Malware- ebook/dp/B00JUUZSQC/ref=sr_1_1?s=digital-text&ie=UTF8&qid=1514993139&sr=1- 1&keywords=art+of+memory+forensics https://www.amazon.com/Windows-Forensics-Dr-Philip- Polstra/dp/1535312432/ref=pd_bxgy_14_img_2?_encoding=UTF8&pd_rd_i=1535312432&pd_rd_r=RAMCJF V6WDTPXAWGPA3K&pd_rd_w=MilBL&pd_rd_wg=v3Gyv&psc=1&refRID=RAMCJFV6WDTPXAWGPA3K https://www.amazon.com/Digital-Forensics-Open-Source-Tools- ebook/dp/B004W7DO78/ref=sr_1_1?s=digital-text&ie=UTF8&qid=1514993191&sr=1- 1&keywords=forensics+open+source https://www.amazon.com/Practical-Forensic-Imaging-Securing-Evidence- ebook/dp/B01M0TQZRY/ref=sr_1_1?s=digital-text&ie=UTF8&qid=1514993397&sr=1- 1&keywords=forensics+linux+tools

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.