Prepared and presented by Group 5: 1. NGABOYERA Valens 2. TWAGIRAMUNGU Serge 3. KAYIRANGA Augustin 4. BAYINGANA Aimable 5. SAMVURA Jean de Dieu 6. RUKUNDO.

Slides:



Advertisements
Similar presentations
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
Advertisements

STOP.THINK.CONNECT™ NATIONAL CYBERSECURITY AWARENESS CAMPAIGN SMALL BUSINESS PRESENTATION.
We’ve got what it takes to take what you got! NETWORK FORENSICS.
Computer Forensics, The Investigators Persepective Paul T. Mobley Sr. Computer Forensics Consultant Jawz Inc.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Chapter 12 Network Security.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Computer Forensics What is Computer Forensics? What is the importance of Computer Forensics? What do Computer Forensics specialists do? Applications of.
Wonga example Register Question- What risks do you think businesses face due to IT developments?
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Bank Crime Investigation Techniques by means of Forensic IT
Security Guidelines and Management
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
Guide to Computer Forensics and Investigations, Second Edition
E-business Security Dana Vasiloaica Institute of Technology Sligo 22 April 2006.
Chapter 10: Authentication Guide to Computer Network Security.
Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.
Securing Information Systems
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Cameron Simpson.
COEN 252 Computer Forensics
What is FORENSICS? Why do we need Network Forensics?
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
Dr Richard Overill Department of Informatics King’s College London Cyber Sleuthing or the Art of the Digital Detective.
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
ED 505 Educational Technology By James Moore.  What is the definition of Netiquette and how does it apply to social media sites? ◦ Netiquette is the.
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
Computer Forensics Principles and Practices
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
1 Policy Types l Program l Issue Specific l System l Overall l Most Generic User Policies should be publicized l Internal Operations Policies should be.
Topic 5: Basic Security.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Chap1: Is there a Security Problem in Computing?.
Cybercrime What is it, what does it cost, & how is it regulated?
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.
CONTROLLING INFORMATION SYSTEMS
Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA Search.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Issues for Computer Users, Electronic Devices, Computer and Safety.
Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.
CIT 180 Security Fundamentals Computer Forensics.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
PhD Oral Exam Presentation
Guide to Computer Forensics and Investigations Fifth Edition
Introduction to Computer Forensics
Year 10 ICT ECDL/ICDL IT Security.
Securing Information Systems
Security in Networking
Introduction to Computer Forensics
INFORMATION SYSTEMS SECURITY and CONTROL
Firewalls and Security
1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.
Introduction to Digital Forensics
Presentation transcript:

Prepared and presented by Group 5: 1. NGABOYERA Valens 2. TWAGIRAMUNGU Serge 3. KAYIRANGA Augustin 4. BAYINGANA Aimable 5. SAMVURA Jean de Dieu 6. RUKUNDO Benjamin 7. NKURANGA John Titus 8. SHEMA Eugene

Definitions 1. Computer forensics as the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it. 2. Computer forensics is the collection, preservation, analysis and presentation of computer-related evidence. In summary, it helps determine the WHO, WHAT, WHERE, and WHEN related to a computer-based crime or violation.

Procedures used in forensic investigation Forensic investigators typically follow a standard set of procedures: After physically isolating the device in question to make sure it cannot be accidentally contaminated, investigators make a digital copy of the device's storage media. Once the original media has been copied, it is locked in a safe or other secure facility to maintain its pristine condition. All investigation is done on the digital copy.

Computer incidences involving forensic investigation Evidence can be sought in a wide range of computer incidents, including but not limited to:  Theft of Company Secrets (client, customer or employee lists)  Employee Sabotage or Terrorism  Credit Card Fraud  Financial Crimes  Embezzlement (money or information)  Economic Crimes  Harassment (sexual)  Child Pornography  Major Crimes  Identity Theft (short or long-term plans)

Legal cases where electronic evidence is required  Prove that something happened. You might find evidence in an indicating sexual harassment; in financial files indicating fraud or IRS violations; or in file transfers indicating theft of intellectual property, for example.  Prove that someone did not do something. Image files of child exploitation on a person's office PC might have been downloaded by someone else because the PC had no password or firewall protection.  Figure out what the facts prove or demonstrate. You might discover private messages, texting, financial accounts, or other online activities that demonstrate contract or patent violations, hidden assets, infidelity, theft of intellectual property, misuse of company networks, or illegal activities

They hide themselves behind widely known vulnerabilities One common practice that attackers employ to evade detection is to break into poorly secured computers and use those hijacked systems as proxies through which they can launch and route attacks worldwide. Although such attacks are an international problem, there is no international response, which frustrates local law enforcement seeking cooperation from countries where these proxy servers typically reside. The hardest problem in finding the source of these attacks is attribution. Each data packet sent over the Internet contains information about its source and its destination. The source field can be changed [spoofed] by an attacker to make it seem like it's coming from someplace it's not.

They delete logs Careful intruders attempt to hide or remove evidence of an intrusion by deleting logs, altering date stamps, and installing their own utilities to subvert the operating system. Programs like hacker defender (hxdef.czweb.org) alter the kernel and return false information to system calls, rendering useless most tools that incident responders have traditionally used to examine a live system for signs of compromise

They work around firewall restrictions using time-activated backdoors Locating the intruders is also becoming more challenging. Sophisticated intruders hide their locations and work around firewall restrictions using time-activated backdoors that periodically “phone home,” initiating a connection from inside the victim network to a remote host that the intruder controls. Some of these backdoors create a tunnel through firewalls that the intruder can use to communicate with compromised hosts, even establishing a Windows Terminal Service session when this protocol is blocked by a firewall.

When a crime involving electronics is suspected, a computer forensics investigator takes each of the following steps to reach a successful conclusion. Therefore, once an e-government website is broken by hackers, these steps will be followed to do digital investigation: 1. Obtain authorization to search and seize. 2. Secure the area, which may be a crime scene. 3. Document the chain of custody of every item that was seized. 4. Bag, tag, and safely transport the equipment and e- evidence. 5. Acquire the e-evidence from the equipment by using forensically sound methods and tools to create a forensic image of the e-evidence.

Cont’d 6. Design your review strategy of the e-evidence, including lists of keywords and search terms. 7. Examine and analyze forensic images of the e- evidence (never the original!) according to your strategy. 8. Interpret and draw inferences based on facts gathered from the e-evidence. 9. Describe your analysis and findings in an easy-to- understand and clearly written report. 10. Give testimony under oath in a deposition or courtroom.

Model forensics policy specifications that countries in Africa should put in place: 1. All access to DBs must be monitored. 2. Access logs and Administration logs to DBs should be preserved on regular basis 3. Access and activity to Web server should be monitored 4. Web server logs should be preserved on a regular basis 5. Firewall and Snort logs should be preserved on a regular basis 6. Router logs should be preserved for 6 months 7. Network should be tested regularly for congestion situation by overloading it until it begins to drop traffic 8. Network capacity should be increased before traffic hits the level where packets will be dropped

Important mechanisms to adopt for the success of the forensics policy : 1. Identify digital assets that have big value. 2. Perform a risk assessment for potential loss and threat to those assets 3. Remove assets that do not warrant the effort of prosecution 4. Identify associated data needed for these assets along with collection and storage needs 5. Write the forensic policy in terms of digital assets, forensic events, data collection and storage. 6. Ensure adequate forensics policy enforcement is in place

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.