Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ad Hoc Phase Structured Phase Enterprise Phase

Similar presentations


Presentation on theme: "Ad Hoc Phase Structured Phase Enterprise Phase"— Presentation transcript:

1 Ad Hoc Phase Structured Phase Enterprise Phase
“The ability to convert computer evidence into ‘physical’ evidence fueled the need for computer forensics” (p. 496) Ad Hoc Phase Structured Phase Enterprise Phase THE Ad Hoc Phase ‘Lack of formal structure, protocols, training, and adequate tools’ (p. 497)

2 THE Ad Hoc Phase “during the Ad Hoc phase, upper management lacked specific company policies defining ‘appropriate vs. inappropriate computer usage’ as well as procedures for due process” “when these inappropriate use cases did make it to trial, the courts raised questions about the chain-of-custody procedures and accuracy of forensic tools” (p. 497)

3 Chain of custody “the chronological documentation of evidence as it is processed during the investigation (i.e., seizure, custody, transfer, and analysis)” Accuracy “integrity of the data, such as whether or not the evidence remains unchanged”

4

5 Read pages 2,3,4 OR 4,5,6 Find someone sitting on the other side of the classroom. Summarize the three pages you read to them and listen to their summary of the three pages they read.

6 THE Structured Phase and the Golden Age: Legislations and Professional Training
Protecting Canadians from Online Crime Act: Digital Privacy Act: Identify TWO cybercrimes that are recognized in the Protecting Canadians from Online Crime Act Identify ONE cybercrime that is unrecognized or partially recognized by the Protecting Canadians from Online Crime Act

7 THE Structured Phase and the Golden Age: Legislations and Professional Training--Canada
Protecting Canadians from Online Crime Act: Digital Privacy Act: Identify ONE requirement specified by the Protecting Canadians from Online Crime Act on how a digital investigation should be conducted. Identify ONE requirement specified by the Digital Privacy Act on how to seek consent from clients/employees to share their private data.

8 Open Source Forensic Tools
Everyone can see the source code of the application. When they see the source code, users know exactly what files the open source forensic tool is accessing, modifying, and producing Open Source Tools are controversial because they can be seen by cyber criminals as well Closed Source Forensic Tools Users do not see the source code. Users cannot modify the source code and the behavior of the Forensic tool. Source code is unavailable to criminals

9 Ad Hoc Phase Structured Phase Enterprise Phase
Ad Hoc: No laws, no defined regulations and protocols Structured: Clear legal definitions of cybercrime and what makes digital evidence admissible in courts. Golden Age: Proliferation of open source and black box tools Future ? Internet of Things

10 Internet of things: devices that generate timelines and data about our movements, our activities, our physical and mental state, etc. Devices send/receive data Your organization has asked you to purchase internet of things devices that could provide valuable security data in case corporate digital forensics investigation needs to be conducted in the future. What devices would you buy ?

11 Internet of things: devices that generate timelines and data about our movements, our activities, our physical and mental state, etc. Hypothetical Scenario: A school requires pupils to wear digital watches. These digital watches track the location of the pupils, the watches can also be used to purchase food from the cafeteria with money loaded by parents through an App Is this security or surveillance? When does security become surveillance (There is no definite answer, it is an ongoing dialogue)

12 “Law enforcement analyzed the smart water meter and learned that an abnormal amount of water was used during a two-hour window on the evening of the murder. Law enforcement believed that this data indicated that James Bates cleaned up the murder scene during this two-hour period” (p. 503) Two concepts from statistics help us assess whether an amount is normal and abnormal: The mean (average) and the standard deviation

13 THE DIGITAL FORENSICS PROCESS
Identification social media, devices, IoT, hidden flash drives Collection Should respect privacy rights and the law of search and seizure Analysis Use digital data to uncover details about the crime Reporting Reporting the results of the investigation. Detailed, transparent, scientifically and forensically sound statements THE DIGITAL FORENSICS PROCESS

14 Evidence preservation Hashing
Collection Should respect privacy rights and the law of search and seizure Evidence preservation Hashing Bit by bit copying of the data to another hard drive Process transparency Documenting the chain of custody Checking for evidence integrity


Download ppt "Ad Hoc Phase Structured Phase Enterprise Phase"

Similar presentations


Ads by Google