IT IS ALL ABOUT THE CRIME Unit 7 – Recovering files & Network Forensics CJ Dr. Joe Ciccone

Last Week & FERPA How to locate and recover graphic files How to identify unknown file formats The types of data compression The standard procedures for performing a live acquisition The standard procedures for network forensics

Key Terms & Places Carving: The process of recovering file fragments that are scattered across a disk. See also salvaging. Lossless Compression: A compression method in which no data is lost. With this type of compression, a large file can be compressed to take up less space and then uncompressed without any loss of information. Loss Compression: A compression method that permanently discards bits of information in a file. The removed bits of information reduce image quality. Defense in Depth (DiD): The NSA’s approach to implementing a layered network defense strategy. It focuses on three modes of protection: people, technology, and operations. Network Forensics: The process of collecting and analyzing raw network data and systematically tracking network traffic to determine how security incidents occur.

UCR Links – Federal Law Enforcement 2008 Report Crime Clock - Crime Map Crime ClockCrime Map k.html k.html Violent Crime – 23 second Property Crime – 3 second

National Incident-Based Reporting System (NIBRS) – Crp. Mike Roberts Consists of individual incident records for the 8 Index crimes and 38 other offenses with details on  Offense  Victim  Offender  Property Records each offense occurring in incident Distinguishes between attempted and completed crimes Expands burglary hotel rule to include rental storage facilities Records rape of males and females Restructures definition of assault Collects weapon information for all violent offenses Provides details on arrests for the 8 Index crimes and 49 other offenses.

Link- Papers Rules for Writers, 6th ed. Hacker, D. (2008). Rules for writers (6th ed.). Boston, MA: Bedford/St. Martin's Press. Plagiarism Policy Kaplan University considers academic honesty to be one of its highest values. Students are expected to be the sole authors of their work. Use of another person’s work or ideas must be accompanied by specific citations and references.

Unit 7 Projects Case Project 10-3: You are investigating a case involving an employee who is allegedly sending inappropriate photos via in attachments that have been compressed with a zip utility. As you examine the employee’s hard disk drive, you will find a file named orkty.zip, which you suspect is a graphic file. When you try to open the file in an image viewer, a message is displayed indicating that the file is corrupt. Write a 2-3 page report explaining how to recover the file, orkty.zip, for further investigation.

Case Part II & Name that Criminal You work for a mid-sized corporation known for its inventions that does a lot of copyright and patent work. You are investigating an employee suspected of selling and distributing animations created for your corporation. During your investigations of the suspect’s drive, you find some files with an unfamiliar extension of “.cde.” The network administrator mentions that other “.cde” files have been sent through an FTP server to another site. Describe your findings after conducting an Internet search for “.cde” files.

Crime and Change~What will happen tomorrow?

Times are Changing ! In this unit, you got a feel for how quickly things are changing and how important procedures are in dealing with the new challenges. Network forensics and live acquisitions are just the tip of the iceburg. Data carving and steganalysis are procedures that take time and care to perform. And they are not exact sciences. In many cases you will get false positives.

Thank you for all of your work this term! Changes in Tech Crime Problems & Questions from you? THANK YOU Have a great week Check your Grade book