An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.

Slides:



Advertisements
Similar presentations
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Advertisements

Chapter 13: Advanced Security and Beyond
FRAUD EXAMINATION ALBRECHT, ALBRECHT & ALBRECHT
COEN 252 Computer Forensics
Effective Discovery Techniques In Computer Crime Cases.
No Nonsense File Collection Presented by: Pinpoint Labs Presenter: Jon Rowe, CCE, ISFCE Certified Computer Examiner Members: The International Society.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Guide to Computer Forensics and Investigations, Second Edition
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
BACS 371 Computer Forensics
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Police Investigator Vlada Aboymova. Table of Contents Slide 3: – What They Do Slide 4: – Similar Jobs Slide 5: – I AM Slide 6: – Skills Needed Slide 7:
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
FORENSIC ACCOUNTING - BA124 - Spring 2011Slide 8-1 Today’s Topics n Concealment Investigation Methods.
Some careers in… Scene of Crime Officer/ Crime Scene Investigator Fingerprint Examiner State Pathologist/ Forensic Pathologist/Medic al Examiner Forensic.
By: Logan Wilson.  Forensics is a science dedicated to the methodical gathering and analysis of evidence to establish facts that can be presented in.
Private Detective & Investigator Quristain Hand. What Do They Do? (Duties)  Interview people to gather information  Do various types of searches, using.
CHAIN OF CUSTODY Notes on Page 25. Important Points from Article  States that chain of custody is a set of procedures to ensure physical evidence is.
Capturing Computer Evidence Extracting Information.
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.
Undergraduate Technology Programs John Baker Johns Hopkins University Carey Business School
Professional Development: Group 1 Career Topic COMPUTER FORENSICS.
Computer Forensics Principles and Practices
Chapter 16 Tool Marks By the end of this chapter you will be able to:
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
CLOUD COMPUTING Overview on cloud computing. Cloud vendors. Cloud computing is a type of internet based computing where we use a network of remote servers.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.
Crime Scene Investigator Occupation PowerPoint Created by The University of North Texas in partnership with the Texas Education Agency.
Forensic Science: Fundamentals & Investigations, Chapter 16 1 Chapter 16 Tool Marks By the end of this chapter you will be able to: o Describe the three.
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University September 28, 2007.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Observation & Documentation
Crime Scene Processing.  Any questions before we begin about anything?  Unit 2 Seminar -Chain of Custody -Modus Operandi (MO) -Criminal Profiling -Importance.
Criminal Justice 2011 Class Name, Instructor Name Date, Semester Chapter 2: Investigation Basics.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Unit 3: Crime Scene Processing 3.4 Processing a Scene.
CJ 317 – Computer Forensics
Crime Scene Investigator. About Crime scene investigators (CSIs) go by many names, including: –evidence technician, –crime scene technician, –forensic.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Crime Scene Photographer Jordan Chin-Sang 11/10/2015.
2- PRENTICE HALL ©2007 Pearson Education, Inc. Upper Saddle River, NJ CRIMINALISTICS An Introduction to Forensic Science, 9/E By Richard Saferstein.
Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA Search.
Crime Scene Basics Forensic Science.
Forensic Training 101 Kiyosha N. Malcolm C. Kevin M. Imani W.
By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Cell Phone Forensics Investigator - ICFECI
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
Forensic Science Unit 1: Introduction to Forensics & Law.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
Investigations 2016 First semester [ 12 week ]-Forensic Analysis of the Windows 7 Registry.
Intrusion Detection MIS ALTER 0A234 Lecture 12.
CJS 215 RANK creative knowledge /cjs215rank.com
Computer Forensics By: Chris Rozic.
Chapter 16 Tool Marks By the end of this chapter you will be able to:
Chapter 16 Tool Marks By the end of this chapter you will be able to:
All rights Reserved Cengage/NGL/South-Western © 2016.
Guide to Computer Forensics and Investigations Fifth Edition
Aim: How is physical evidence packaged
Chapter 16 Tool Marks By the end of this chapter you will be able to:
FILE CARVING: Reassembling files from fragments of bytes/hex data on a digital device.
YOYO 1. Spot the differences 2. Turn In Timeline/sitn #2
Chapter 16 Tool Marks By the end of this chapter you will be able to:
Unit 1 Review Crime Scene Basics & Eyewitness Basics
Chapter 16 Tool Marks By the end of this chapter you will be able to:
Crime Scene Overview November 27, 2018.
Chapter 16 Tool Marks By the end of this chapter you will be able to:
Presentation transcript:

An Introduction to Computer Forensics Jim Lindsey Western Kentucky University

What are we talking about? Forensic … Forensic …

What are we talking about? Forensic Science is the use of science to investigate and establish facts in criminal and civil cases. Forensic Science is the use of science to investigate and establish facts in criminal and civil cases.

What are we talking about? Computer Forensics is the discovery, collection, and analysis of evidence found on computers and networks. Computer Forensics is the discovery, collection, and analysis of evidence found on computers and networks.

Many Hats Law Investigative Skills Technology

An Exam May Explain … Hidden data Hidden data Most recently used applications Most recently used applications Origin of documents Origin of documents Evidence of “wiping” Evidence of “wiping” Visited Internet sites Visited Internet sites

An Exam May Require … Cloning Cloning Write Blocker Write Blocker MD-5 & SHA-1 MD-5 & SHA-1 Cataloging Cataloging Recovery of Deleted Files Recovery of Deleted Files Search for hidden, disguised or encrypted files Search for hidden, disguised or encrypted files Viewing files Viewing files Analysis of time/date stamps Analysis of time/date stamps

Deleted Files

An Examiner Should … Possess requisite training and equipment Possess requisite training and equipment Be able to provide training Be able to provide training Be knowledgeable of data relevant to computer-related crimes Be knowledgeable of data relevant to computer-related crimes Be able to effectively testify as an expert in a court of law Be able to effectively testify as an expert in a court of law

What to do? If the computer is off, do not turn on. If the computer is off, do not turn on. If the computer is on, do not shut down normally – call for instructions. If the computer is on, do not shut down normally – call for instructions. Do not “browse” the files! Do not “browse” the files!

What to do? Document, document, document - W H Y ? Document, document, document - W H Y ? Records chain of custody: Records chain of custody: Where the evidence came from Where the evidence came from When it was obtained When it was obtained Who obtained it Who obtained it Who secured it Who secured it Who has had control of it Who has had control of it Where it is stored Where it is stored

Final Notes Forensic Examinations Forensic Examinations Normally 1-2 hours to forensically image a hard drive Normally 1-2 hours to forensically image a hard drive Exams can take 4-40 hours, depending on requests Exams can take 4-40 hours, depending on requests Helpful if “keywords” provided Helpful if “keywords” provided Know what you want to search for….. Know what you want to search for…..

Final Notes Average HD Volume590 GB* Gigabyte1,073,741,824 bytes Subtotal633,507,676,160 bytes Page size3000 bytes Pages211,169,225 Ream500 pages Reams422,338 Reams Ream height2” Total height844,676” Height in feet70,389 feet Height of Mt Everest29,029 feet** Note these figures are conservative! * **

Explain what the 'Chain of Custody' is in computer forensics. Furthermore, explain why it is important for forensic examiners to establish 'Chain of Custody' as soon as they arrive on a scene and maintain it throughout the life of a case. Explain what the 'Chain of Custody' is in computer forensics. Furthermore, explain why it is important for forensic examiners to establish 'Chain of Custody' as soon as they arrive on a scene and maintain it throughout the life of a case. We spent a day discussing computer forensics. How could knowledge of this topic help a human resources manager do their job? How could knowledge of this topic help a police officer do their job? We spent a day discussing computer forensics. How could knowledge of this topic help a human resources manager do their job? How could knowledge of this topic help a police officer do their job?

Are there any questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.