Dr Richard Overill Department of Informatics King’s College London Cyber Sleuthing or the Art of the Digital Detective.

Slides:



Advertisements
Similar presentations
Computer Forensics.
Advertisements

2 Language of Computer Crime Investigation
ICDFI 2013 Keynote Speech 1: Quantifying Likelihood in Digital Forensic Investigations Dr Richard Overill Department of Informatics, King’s College London.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Guide to Computer Forensics and Investigations, Second Edition
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Computer Forensics Principles and Practices
Technology for Computer Forensics by Alicia Castro.
What is meant by computer forensics?  Principle, Function of computer forensics.  History about computer forensics.  Needs of computer forensics.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Bank Crime Investigation Techniques by means of Forensic IT
Applying Digital Forensic techniques to AIM Gareth Knight, FIDO Project Manager Anatomy Theatre & Museum, King’s College London 15 th August 2011.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
COEN 152 Computer Forensics Introduction to Computer Forensics.
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.
The Impact of Physical Security on Network Security
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
Securing Information Systems
Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.
Prepared and presented by Group 5: 1. NGABOYERA Valens 2. TWAGIRAMUNGU Serge 3. KAYIRANGA Augustin 4. BAYINGANA Aimable 5. SAMVURA Jean de Dieu 6. RUKUNDO.
Richard E Overill & Jantje A M Silomon Department of Informatics, King’s College London K P Chow & Y W Law Department of Computer Science, University of.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.
Computer Forensics Iram Qureshi, Prajakta Lokhande.
Digital Forensics
Investigating Cybercrime DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Digital Crime Scene Investigative Process
8.1 © 2007 by Prentice Hall Minggu ke 6 Chapter 8 Securing Information Systems Chapter 8 Securing Information Systems.
Computer Forensics Principles and Practices
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.
Fraud Examination Evidence III: Forensic Science and Computer Forensics McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies,
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
© Sapphire 2006 Computer Misuse in the Workplace You only get one chance..... David Horn You only get one chance...
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
Quantification of Digital Forensic Hypotheses Using Probability Theory Richard E Overill & Jantje A M Silomon King’s College London Kam-Pui Chow & Hayson.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.
Chapter 16 Computer Crime. Three Key Characteristics of Computer Crime Computer Crimes are relatively easy to commit and difficult to detect. Most computer.
Research Interest overview and future directions Mina Guirguis Computer Science Department Texas State University – San Marcos CS5300 9/16/2011.
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University September 28, 2007.
 It is a branch of FORENSIC SCIENCE for legal evidence found in computer  It refers to detail investigation of the computers to carry out required tasks.
Topic 5: Basic Security.
Forensic Science: Fundamentals & Investigations, Chapter 2 1 Principle of Exchange C.S.I. and Evidence Collection Principle of Exchange Established by.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
& SELECTED TOPICS: DIGITAL FORENSICS Xinwen Fu, UMass Lowell, USA Center for Cyber Forensics, UMass Lowell.
Security fundamentals Topic 13 Detecting and responding to incidents.
Social Network Forensic By Xing Liu CSC153 Spring 2009.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA Search.
Security and Ethics Safeguards and Codes of Conduct.
By : Syed Shabi Ul Hassan. What is Cyber Crime?  Crimes that have been made possible by computers.  Such as Identity Theft, Bullying, Hacking, Internet.
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
DEPARTMENT OF COMPUTER SCIENCE INTRODUCTION TO CYBER AND SECURITY.
Intrusion Detection MIS ALTER 0A234 Lecture 12.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Criminal Prosecutors with Computer Forensics
Computer Forensics 1 1.
Guide to Computer Forensics and Investigations Fifth Edition
Introduction to Computer Forensics
Securing Information Systems
Introduction to Computer Forensics
Fourth Amendment: “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall.
1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.
Presentation transcript:

Dr Richard Overill Department of Informatics King’s College London Cyber Sleuthing or the Art of the Digital Detective

The work of a CSI at a digital crime scene has some similarities with its physical counterpart. But there are also some striking differences. You may be surprised at the amount of personal information that can be recovered and the identity characteristics that can be deduced.

Terminology - I Forensic, adj. (Lt. forensis = forum): used in courts of law. Forensic Science: the application of science to the law. Evidence must satisfy 5 legal criteria: –admissibility –authenticity –accuracy –completeness –probative value

Terminology - II Anti-forensics: deals with counter-forensic strategies and tactics. Meta-forensics: aims to quantify the forensic investigation process itself (e.g. the degree of plausibility of competing hypotheses, etc.) Digital forensics - includes all digital devices (e.g. computers, networks, PDAs, satnavs, mobile phones, ICS/SCADA systems, etc.)

Digital Forensics - I Applies the principles of Forensic Science to the detection, investigation and prosecution of crimes with a digital element Forensic science relies upon Locard’s exchange principle (Edmond Locard, ca.1910) that: “Every contact leaves a trace” because it leads to an exchange of traces of material between the objects that come into contact. But Locard’s Exchange Principle is physical, not digital!

Involves: –‘freezing & seizing’ then ‘bagging & tagging’ (i.e. isolating the scene-of-crime), but… computer may be running / in use computer may be connected to the Internet –making exact (‘bit-for-bit’) copies of all seized storage media, using a ‘write blocker’ –maintaining a continuous ‘chain of custody’ –searching the contents of the devices for evidence –analysing & evaluating the recovered evidence –presenting the evidence in a court of law Digital Forensics - II

Digital Forensics - III seize and secure all relevant digital equipment. copy (as a bit-for-bit image) storage media (hard disks, USB keys, mobiles, cameras, satnavs, etc.) look for files hidden in hard disk ‘slack space’. look for temporary files, swap files and spool files. check system logs & audit trails for user & network activity during the critical time-frame. check firewall logs & intrusion detection logs for misuse activity during the critical time-frame.

Digital Forensics - IV search for unpatched vulnerabilities. search for ‘backdoors’ and ‘Trojan horses’ pre- installed for subsequent exploitation (e.g. botnets). trace back suspicious Internet connections towards their origination (IP source spoofing). correlate times and traffic at each ISP in the trace- back chain. compare suspected intruder’s behavioural profile with known cyber-activity profiles:

Intruder Profiling Monitor online behavioural traits that characterise an individual’s digital activity: –what files / directories / databases are searched? –what keywords / key phrases are searched for? –how frequently is monitored? –how frequently is snooping monitored? –how long is a typical online session? –how many computers are scanned? –what system scanning tools are used? –what network scanning tools are used? –what backdoors / Trojans / scripts are exploited?

Digital Meta-Forensics statistical plausibility of competing hypotheses (e.g. prosecution versus defence cases in an adversarial judicial system) as to how the recovered digital evidence was created. –Likelihood Ratio –Odds Ratio complexity theory / information theory / probability theory / Bayesian (conditional) probabilities

Real-world cases We work with: –Met Police Service DEFS –Financial Conduct Authority DEU –Hong Kong Police DFU on real-world criminal cases like: –Illegal P2P uploads / downloads –Online auction fraud –Cyberlocker misuse –Online game weapon theft –Possession of child pornography, etc.

Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.