Computer Forensics An introduction Jessie Dunbar, Jr. Lynn Johnston Andrew Preece Kathy Spaulding September 18, 2007
Here you are getting ready to work hard on that major project… Then….
Shit Happens!!!
This is gonna cost…..
This is reaaaly gonna cost…
Not an option
Blame it on the kid!!!
How about the Dog?
BACKGROUND Computer forensics, also called cyberforensics, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law.Computer forensics, also called cyberforensics, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it.The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it. Computer specialists can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. A sample of this will be provided.Computer specialists can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. A sample of this will be provided. Any or all of this information may help during discovery, depositions, settlements, or actual litigation.Any or all of this information may help during discovery, depositions, settlements, or actual litigation.
Attacks happen - at any time
Let’s meet the characters… You gotta love these guys….
Hacker Meet Handsome Harry – Hackers Incorporated.
CyberterroristCyberterrorist The real Filthy McNasty
Cracker
Spies
Employees
Lets Go Home
“Script kiddies” Sweetie Scottie
Forensic tools tend to fall into four categories: Data imaging & validation toolsData imaging & validation tools Forensic suitesForensic suites Miscellaneous toolsMiscellaneous tools Hardware considerationsHardware considerations Forensic Tools
Data imaging & validation tools ByteBack, Tech Assist, Inc. full suite is $1700. DOS DriveSpy, Digital Intelligence, Inc. $200-$250 DOS is only 110KB in size, therefore easily transportable. Forensics Replicator, Paraben Forensic Tools for $189 Windows
Analysis tools. Generally packaged as suites offering a variety functionality Encase, Guidance Software Windows Forensic Toolkit(FTK), AccessData Windows The Sleuth Kit Open Source Unix Mac.
Special tools and utilities DiskJockey File Viewer from Clear and Simple Drivespy by Digital Intelligence dtSearch from dtSearch Corporation Quick View Plus File View by Avanstar Text Search Plus from New Technologies Inc ThumbsPlus File Viewer from Cerious Software Inc
Hardware Forensic Recovery of Evidence Device (F.R.E.D.) Digital Intelligence Stand Alone workstations Write Blockers Password Cracking Hardware Shadow devices
Andrew and his forensic tool kit
The Quandary
No one is immune…
Sabotage Theft of service Property crime Computer Crime Classifications
Electronic Crime Referrals Received by the Federal Police
Categories of Cyber Crime Theft of Software Copyright infringement and counterfeiting Espionage Transmitting child pornography Computer Fraud
The only way out isn’t nice
‘piece of cake