Presentation is loading. Please wait.

Presentation is loading. Please wait.

Ad Hoc Phase Structured Phase Enterprise Phase

Published byEarl Casey Modified over 5 years ago

Similar presentations

Presentation on theme: "Ad Hoc Phase Structured Phase Enterprise Phase"— Presentation transcript:

1 Ad Hoc Phase Structured Phase Enterprise Phase
“The ability to convert computer evidence into ‘physical’ evidence fueled the need for computer forensics” (p. 496) Ad Hoc Phase Structured Phase Enterprise Phase THE Ad Hoc Phase ‘Lack of formal structure, protocols, training, and adequate tools’ (p. 497)

2 THE Ad Hoc Phase “during the Ad Hoc phase, upper management lacked specific company policies defining ‘appropriate vs. inappropriate computer usage’ as well as procedures for due process” “when these inappropriate use cases did make it to trial, the courts raised questions about the chain-of-custody procedures and accuracy of forensic tools” (p. 497)

3 Chain of custody “the chronological documentation of evidence as it is processed during the investigation (i.e., seizure, custody, transfer, and analysis)” Accuracy “integrity of the data, such as whether or not the evidence remains unchanged”

4

5 Read pages 2,3,4 OR 4,5,6 Find someone sitting on the other side of the classroom. Summarize the three pages you read to them and listen to their summary of the three pages they read.

6 THE Structured Phase and the Golden Age: Legislations and Professional Training
Protecting Canadians from Online Crime Act: Digital Privacy Act: Identify TWO cybercrimes that are recognized in the Protecting Canadians from Online Crime Act Identify ONE cybercrime that is unrecognized or partially recognized by the Protecting Canadians from Online Crime Act

7 THE Structured Phase and the Golden Age: Legislations and Professional Training--Canada
Protecting Canadians from Online Crime Act: Digital Privacy Act: Identify ONE requirement specified by the Protecting Canadians from Online Crime Act on how a digital investigation should be conducted. Identify ONE requirement specified by the Digital Privacy Act on how to seek consent from clients/employees to share their private data.

8 Open Source Forensic Tools
Everyone can see the source code of the application. When they see the source code, users know exactly what files the open source forensic tool is accessing, modifying, and producing Open Source Tools are controversial because they can be seen by cyber criminals as well Closed Source Forensic Tools Users do not see the source code. Users cannot modify the source code and the behavior of the Forensic tool. Source code is unavailable to criminals

9 Ad Hoc Phase Structured Phase Enterprise Phase
Ad Hoc: No laws, no defined regulations and protocols Structured: Clear legal definitions of cybercrime and what makes digital evidence admissible in courts. Golden Age: Proliferation of open source and black box tools Future ? Internet of Things

10 Internet of things: devices that generate timelines and data about our movements, our activities, our physical and mental state, etc. Devices send/receive data Your organization has asked you to purchase internet of things devices that could provide valuable security data in case corporate digital forensics investigation needs to be conducted in the future. What devices would you buy ?

11 Internet of things: devices that generate timelines and data about our movements, our activities, our physical and mental state, etc. Hypothetical Scenario: A school requires pupils to wear digital watches. These digital watches track the location of the pupils, the watches can also be used to purchase food from the cafeteria with money loaded by parents through an App Is this security or surveillance? When does security become surveillance (There is no definite answer, it is an ongoing dialogue)

12 “Law enforcement analyzed the smart water meter and learned that an abnormal amount of water was used during a two-hour window on the evening of the murder. Law enforcement believed that this data indicated that James Bates cleaned up the murder scene during this two-hour period” (p. 503) Two concepts from statistics help us assess whether an amount is normal and abnormal: The mean (average) and the standard deviation

13 THE DIGITAL FORENSICS PROCESS
Identification social media, devices, IoT, hidden flash drives Collection Should respect privacy rights and the law of search and seizure Analysis Use digital data to uncover details about the crime Reporting Reporting the results of the investigation. Detailed, transparent, scientifically and forensically sound statements THE DIGITAL FORENSICS PROCESS

14 Evidence preservation Hashing
Collection Should respect privacy rights and the law of search and seizure Evidence preservation Hashing Bit by bit copying of the data to another hard drive Process transparency Documenting the chain of custody Checking for evidence integrity

Download ppt "Ad Hoc Phase Structured Phase Enterprise Phase"

Similar presentations

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.

TECHNO-TONOMY Privacy & Autonomy in a Networked World Learning Module 2: Legislating Privacy: Your Rights.
Computer Forensics.

Computer Forensics.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
BACS 371 Computer Forensics

BACS 371 Computer Forensics
What’s Next What We believe Who We Are Cloud Computing Big data Mobility Social Enterprise.

What’s Next What We believe Who We Are Cloud Computing Big data Mobility Social Enterprise.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
Chapter 18 Lesson Goal After completing this lesson, the student shall be able to identify indicators of an incendiary fire and protect and preserve evidence.

Chapter 18 Lesson Goal After completing this lesson, the student shall be able to identify indicators of an incendiary fire and protect and preserve evidence.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
LESSONS AND BEST PRACTICES IN POLICE REDESIGN MEXICO CITY, MEXICO JULY 14, 2005.

LESSONS AND BEST PRACTICES IN POLICE REDESIGN MEXICO CITY, MEXICO JULY 14, 2005.
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J. 2009 w/ T. Scocca.

COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J w/ T. Scocca.
Learning Objective 1 Describe types of evidence used to indicate the area of origin or fire cause.

Learning Objective 1 Describe types of evidence used to indicate the area of origin or fire cause.
COEN 152 Computer Forensics Introduction to Computer Forensics.

COEN 152 Computer Forensics Introduction to Computer Forensics.
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.

Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.
An Event-based Digital Forensic Investigation Framework Brian D. Carrier Eugene H. Spafford DFRWS 2004.

An Event-based Digital Forensic Investigation Framework Brian D. Carrier Eugene H. Spafford DFRWS 2004.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition

Similar presentations

Ads by Google