Computer Forensics: A 5 Minute Introduction Santa Clara University Department of Computer Engineering April 2007
Information Assurance Continued need in the US for experts in Information Assurance. Legislative & Regulatory Pressure Sarbanes Oxley HIPPA … Safe from Off-shoring
Computer Forensics Reconstructs events from digital traces on a device such as Computer Router Switch Cell-phone, SIM-card GPS system (car accident investigation) SCADA
Computer Forensics Goal of Forensics: Reconstruction based on digital traces Criminal: Apprehension and conviction of offenders Computer is instrument of crime: Auction fraud, Check fraud, … Computer is target of crime: intrusion, … Computer contains evidence: s, printings Commercial: IP protection, Internet abuse, Security breaches, … Prevention
Computer Forensics Computer Forensics Types: Media Forensics Hard drive, USB, PDA, SIM, … Network Forensics Router logs, IDS logs, network capture files, SMTP logs, headers, … Malware Analysis Given malware code (Assembly Language), reconstruct its functionality Code Red Worm: GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNN NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN NNN NNNNNNNNNNNNNNNNNNN%u9090%u6858%ucbd 3%u7801%u9090%u6858%ucbd3%u7801%u9090%u 6858%ucbd3%u7801%u9090%u9090%u8190%u00c3 %u0003%u8b00%u531b%u53ff%u0078%u0000%u00
Activity Internet Explorer uses index.dat file to store past history.