Computer Forensics An Intro to Computer Crime. Computer Forensics BTK  The BTK Killer ( B lind, T orture, K ill)  Dennis Rader - Feb 2005 Charged with.

Slides:



Advertisements
Similar presentations
Computer Hardware.
Advertisements

Basic Computer Vocabulary
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Computer Basics Whats that thingamagige?. Parts of a computer.
Types of Computers & Computer Hardware Computer Technology.
The physical parts of Computer
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Basic Computer Components
Computer Parts There are many parts that work together to make a computer work.
IC3 GS3 Standard Computing Fundamentals Module
Parts of a Computer.
Computers They're Not Magic! (for the most part)‏ Adapted from Ryan Moore.
CS 0008 Day 2 1. Today Hardware and Software How computers store data How a program works Operators, types, input Print function Running the debugger.
Hardware and Software Basics. Computer Hardware  Central Processing Unit - also called “The Chip”, a CPU, a processor, or a microprocessor  Memory (RAM)
Computer Basics Flashcards #2
What is Computer Hardware
History of computers What your computer can do depends upon two things: the hardware your computer has, and the software that can be run on your computer. 
COMPONENTS OF THE SYSTEM UNIT
17-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein COMPUTER FORENSICS.
Instructor: Li Ma Department of Computer Science Texas Southern University, Houston August, 2011.
Lesson 3 — How a Computer Processes Data
Flash Cards Computer Technology.
Parts of a Computer.
© Paradigm Publishing Inc. 2-1 Chapter 2 Input and Processing.
Learning Targets Identify the external parts of the computer Identify examples of input devices Identify examples of output devices Define basic computer.
Explore the Parts of a Computer
Ch Review1 Review Chapter Microcomputer Systems Hardware, Software, and the Operating System.
CPU (CENTRAL PROCESSING UNIT): processor chip (computer’s brain) found on the motherboard.
Computer Terms. Computer A machine designed to run programs and store information that you create.
Hardware Lesson 2 Computer Components. Path of Information Through a Computer Input Device RAM CPU Output Device.
Lesson 2 — How Does A Computer Process Data?
17- PRENTICE HALL ©2007 Pearson Education, Inc. Upper Saddle River, NJ CRIMINALISTICS An Introduction to Forensic Science, 9/E By Richard Saferstein.
Chapter 1 1.  The computer system consists of: 1. Hardware: Physical Components, like the system unit,monitor,keyboard, mouse, camera, printer … etc.
The 4 functions of a computer are 1.Input 2.Output 3.Storage 4.Processing.
Computer Hardware Introduction. Computer Hardware Introduction The basic form of a computer is this: PROCESSING MEMORY INPUTOUTPUT But let’s look inside.
© Paradigm Publishing Inc. 2-1 Chapter 2 Input and Processing.
Lecture No 11 Storage Devices
Computer main parts Por: Walter Pérez. HARDWARE Computer hardware refers to the physical parts of a computer and related devices. Internal hardware devices.
The Mechanics Of Computers The Operating System (OS) & Hardware.
Lesson 3 — How a Computer Processes Data Unit 1 — Computer Basics.
 Identify computer system components.  Explain how the CPU works.  Differentiate between RAM and ROM.  Describe how data is represented.  Identify.
Computer Basic Vocabulary
Hardware Lesson 2 Computer Components. Power supply (the heart) Takes electricity from the wall outlet and converts it into a current that works for the.
Computer Hardware. The Desk Top Computer A PC is a general-purpose information processing device. It can take data from a person (through the keyboard.
Kaaba Technosolutions Pvt Ltd1 Objectives Learn that a computer requires both hardware and software to work Learn about the many different hardware components.
Click once to reveal the definition. Think of the answer. Then click to see if you were correct. HARDWARE Physical parts of the computer.
Types of Computers & Computer Hardware Computer Technology Day 1.
Hardware Lesson 2 Computer Components. Power supply (the heart) Takes electricity from the wall outlet and converts it into a current that works for the.
PARTS OF A COMPUTER 2 Hardware Computer Hardware is any of the physical parts of the computer you can touch. There are 4 categories: 1. Input Devices.
Lets Review Computers. Exactly what is a computer? A computer is an electronic device that manipulates information and data A computer sees data in 1’s.
Digital Literacy: Computer Basics
Digital Forensics. Hardware components Motherboard Motherboard System bus System bus CPU CPU ROM ROM RAM RAM HDD HDD Input devices Input devices Output.
R. Stewart Fayetteville High School Types of Computers & Computer Hardware Computer Technology.
Brandon Halleran.  The power supply for your personal computer gives your machine all the different voltages it needs to operate properly. It is able.
Parts of a Computer Created by Carmen Garzes. An electronic device that manipulates information or data. It can store, retrieve or process data. There.
Computer Fundamentals. Examples of Computers Hand-held (HPC)PDATablet PCLaptop/Notebook DesktopTowerWorkstation Computer Basics.
Computer Basics Just How Does a Computer Work?
IC 3 BASICS, Internet and Computing Core Certification Computing Fundamentals Lesson 2 How Does a Computer Process Data?
Introduction To Computer Programming – 1A Computer Parts, Words, and Definition Herriman High School.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Chapter 1 Looking Inside the Computer System.
~How PC Parts Work~ (30 MARKS). List 4 External components you can see on the PC in front of you and describe the basic function of each one. 1) DVD Drive.
Class Name, Instructor Name
Chapter 18: Computer Forensics 1.
Information Technology
Computer Hardware and Software
Business Computer Technology
Thursday April 19, 2018 (Discussion – Storing and Retrieving Data, Processing the Electronic Crime Scene)
Chapter 4: Hardware for Educators
Chapter 17 COMPUTER FORENSICS.
Computer components.
Presentation transcript:

Computer Forensics An Intro to Computer Crime

Computer Forensics BTK  The BTK Killer ( B lind, T orture, K ill)  Dennis Rader - Feb 2005 Charged with committing 10 murders beginning in 1974 in the Wichita, KS area.  “Erased” information on a floppy disk sent to a local TV station was recovered and restored by forensic computer specialists was traced back to Christ Lutheran Church where Dennis Rader was Council President. This, along with other mounting evidence since his last murder in 2001 served to convict him.

Computer Forensics  Computer forensics involves the preservation, acquisition, extraction, analysis, and interpretation of computer data.  Investigators frequently encounter computers and other digital devices in all types of cases.  The most logical place to start to examine these practices is with the most common form of electronic data: the personal computer.

Computer Forensics  Basic Parts/Key Terms : Bit Byte CPU Cluster File slack HDD Hardware Message Digest 5/Secure hash algorithm (SHA) Motherboard OS Partition RAM slack RAM Sector Software Swap file Temporary File Unallocated Space Visible Data

Computer Forensics  The Personal Computer Hardware Software

Computer Forensics Power Supply converts power from the wall outlet to a usable format for the computer. External drive is used to read from and write to a disk. CD/DVD Drive are used to store everything from music and video to data files. Hard Disk Drive (HDD) is the component of storage in the personal computer.

Computer Forensics  ROM: class of storage media used in computers and other electronic devices.  Motherboard : basic purpose is to provide the electrical and logical connections by which the other components of the system communicate.  Floppy Disk Drive : used to boot an operating system or to store data. By today’s standards, they don’t hold much data  Expansion Bus with Expansion Drive: lots of wires that carry data from one hardware device to another

Computer Forensics  CPU (Central Processing Unit): The main chip within the computer, know as the brain of the computer.  RAM (Random-Access Memory): the volatile memory of the computer, when power is turned off, its contents are lost.  Computer Case/ Chassis : it the physical box holding the fixed internal computer components in place.

 Input Device – the user side of the computer  i.e., keyboard, mouse, joystick, scanner Computer Forensics  Output Device – equipment through which data is obtained from the computer  i.e., monitor  HDD – primary storage component in a personal computer. Stores the OS, programs, and data files created by the user.

Computer Forensics The Operating System is a software program that allows the computer hardware to communicate and operate with the computer software. Without an operating system, a computer would be useless.

Computer Forensics The Operating System  Recognizing input from the keyboard  Sending output to the display screen  Keep track of files and directories on the disk  Controlling peripheral devices such as disk drives and printers

Computer Forensics  Provide a software platform on top of other programs called application programs.  Some examples of operating systems are Windows and Linux.

 Types of HDD  IDE – Integrated drive electronics  SCSI – small computer system interface  SATA – serial ATA  HDD are formatted or mapped and have a defined layout. They are “logically” divided into sectors, clusters, tracks and cylinders. Computer Forensics

 Sectors are the smallest unit of data by a hard disk drive. They generally consist of 512 bytes.  Bytes are a group of eight bits.  A bit takes the form of either a one or a zero, it is the smallest unit of measurement on a machine. The word bit is short for binary digit.  Clusters are a group of sectors in multiples of two. The cluster size varies from file system to file system and is typically the minimum space allocated to a file.

 Other Common Storage Devices  CD-ROM (CD-R/RW)  USB-thumb drive  Floppy disks  Zip disks  Tapes  DVD +/R /RW Computer Forensics

 NIC – Network Interface Card  Add-on cards that plug into the motherboard  Hard-wired devices on the motherboard  Add-on cards for laptops (PCMCIA)  USB plug-in cards  Wired/Wireless a/b/g/n Computer Forensics

How the HDD is Made Up Computer Forensics

 On each disk or platter there are tracks; these tracks are divided into sectors.  A group of sectors is a cluster.  Clusters always have sectors in groups of 2 Computer Forensics

 There are several platters stacked vertically which are divided by sectors, clusters, tracks, and cylinders. Tracks are circles that are defined around the platter. Cylinders are groups of tracks that reside directly above and below each other.  Each file system table tracks data in different ways.

 OS – Provides a bridge between the system hardware and the user. It lets the user interact with the hardware and manages the file system and applications  Partition – is a contiguous set of blocks that are defined and treated as an independent disk. After it is partitioned it is Formatted (high-level). i.e. floppy – FAT 12, Windows – FAT 32, Linux – EXT3 and Mac – HPFS  Each has a different way of storing data Computer Forensics

 Consider a room full of safe deposit boxes. If a person rents two boxes located in opposite ends of the room – the db tracking the locations of the boxes is much like a file system tracking the location of data within the clusters of a HDD.  If the db managing the locations of the boxes were wiped out, the property in them would still remain; we just wouldn’t know what was where!

Computer Forensics Processing the Electronic Crime Scene  Before an investigator can begin processing the crime scene he/she must still ensure that the proper legal requirements are present.  Search warrant (on school property, school has say!)  Consent  The scene must be documented in as much detail as possible. The investigator must make sure not to disturb any evidence before he/she touches the computer.

 Crime Scene Documentation  Sketching and Photographing  Floor plan of network, overall layout, close-ups of any running computer on the network.  All the connections to the main frame, peripheral devices and notation of serial numbers (Photos)  “Encase”, Forensic Toolkit (FTK), Forensic Autopsy Software – Forensic software applications capable of imaging and assisting in the analysis of data. Computer Forensics

 Forensic Software comes equipped with a method to obtain forensic images and compress data if need be. Computer Forensics

 Investigators must decide:  Perform a live acquisition of the data  Perform a system shutdown (i.e. with a server)  “Pull the Plug”  Combination of all three Computer Forensics  BEFORE Disconnecting  Labeling all peripherals of the computer to the port  Numbering scheme to ID peripherals if more than 1 computer

 Forensic Image Acquisition  Least Intrusive Method to obtain data without destroying evidentiary data  Remove HDD and place in Laboratory Forensic Computer so that a “Forensic Image” or copy can be created in a ‘read-only’ format  Must be able to PROVE there were no ‘Writes’ to the forensic image  Copy “Empty areas of the Drive” Computer Forensics

 Analysis of Electronic Data – Based on the skill of the Computer Forensic Technologist  Most Common Types of Evidentiary Data  Visible Data – all data that the OS is presently aware of and thus is readily accessible to the user  Data/Work Product Files – data from any software program. White Collar crimes-MS Word or WordPerfect, EXCEL or Peachtree or QuickBooks, etc. A suspect’s computer may contain valuable information in these files  Such as Bank Account Records, Counterfeiting pictures, and questionable s. Computer Forensics

 Swap File Data – a file or defined space on the HDD used to conserve RAM. Data is paged or swapped to this file or space to free – up RAM for use by applications that are open.  Temporary Files–temporarily written by an application to perform a function or a backup copy while working on a project. Some are automatically written as a program is running without the user telling the program to ‘save’. Computer Forensics

 Swap Files, Temporary Files, and Print Spools (data sent to a printer) can all be used to recover data not easily accessible to the average user and usually, even the suspect. Computer Forensics

 Latent Data – Areas of files and disks that are typically not apparent to the computer user & sometimes the OS but contains data all the same. Examples:  Slack Space-file & RAM  Unallocated Space  Defragmented Space  Swap Files and Space  Deleted Files Computer Forensics

 Deleted Files  When files are deleted, they still remain on the Hard Drive. The first character of a filename is replaced with the Greek letter sigma.  This renders the file inaccessible to the average user.  Forensic Scientists have programs that can access these files and obtain evidence. Computer Forensics

 The files you save on your computer rarely are ever totally gone.  Forensic Scientists can access a plethora of data from a Hard Drive even if it is deleted, defragmented, and reformatted.  This data can be used to incriminate or exonerate the suspect. Computer Forensics

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.