Presentation is loading. Please wait.

Presentation is loading. Please wait.

CET4860 Mark Pollitt Associate Professor

Published byVéronique Martin Modified over 5 years ago

Similar presentations

Presentation on theme: "CET4860 Mark Pollitt Associate Professor"— Presentation transcript:

1 CET4860 Mark Pollitt Associate Professor
Hierarchy of Access CET4860 Mark Pollitt Associate Professor ©2005 DEPS, Inc.

2 How many objects do you see?
©2005 DEPS, Inc.

3 Computers are a mystery
Wrapped in an enigma ©2005 DEPS, Inc.

4 Digital Forensics is like Peeling an Onion!
Operating System File System File Physical Media Content Analysis ©2005 DEPS, Inc.

5 Hierarchy of Access User Computer Application Operating System
File System File Storage Media Network (inc. NAS) Physical Media ©2005 DEPS, Inc.

6 Users If it weren’t for users… Our best friends and worst enemies
If it weren’t for stupid criminals, I wouldn’t have a job! ©2005 DEPS, Inc.

7 Computer User Computer Application Operating System File System File
Storage Media Network (inc. NAS) Physical Media ©2005 DEPS, Inc.

8 Hierarchy of Access User Computer Application Operating System
File System File Storage Media Network (inc. NAS) Physical Media ©2005 DEPS, Inc.

9 Application Layer ©2005 DEPS, Inc.

10 Application Layer, cont.
©2005 DEPS, Inc.

11 Meta data ©2005 DEPS, Inc.

12 Operating Systems User Computer Application Operating System
File System File Storage Media Network (inc. NAS) Physical Media ©2005 DEPS, Inc.

13 OS Debris Recently used files Temporary Internet Files Logs Cookies
Cache files Spooler files Registry entries ©2005 DEPS, Inc.

14 Temporary Internet Files
©2005 DEPS, Inc.

15 Registry Entries ©2005 DEPS, Inc.

16 Hierarchy of Access User Application Network (inc. NAS)
Operating System File System File Media Physical ©2005 DEPS, Inc.

17 ©2005 DEPS, Inc.

18 Deleted Files ©2005 DEPS, Inc.

19 Hierarchy of Access User Computer Application Operating System
File System File Storage Media Network (inc. NAS) Physical Media ©2005 DEPS, Inc.

20 From these ©2005 DEPS, Inc.

21 To this! ©2005 DEPS, Inc.

22 Hierarchy of Access User Computer Application Operating System
File System File Storage Media Network (inc. NAS) Physical Media ©2005 DEPS, Inc.

23 Network Issues User Computer Application Operating System File System
Storage Media Network (inc. NAS) Physical Media ©2005 DEPS, Inc.

24 Network Logs ©2005 DEPS, Inc.

25 Hierarchy of Access User Network (inc. NAS) Computer Application
Operating System File System File Storage Media Physical Media ©2005 DEPS, Inc.

26 As we have seen… Digital crime scenes often have three loci:
The victim system(s) The perpetrator's system(s) Network devices which connect the first two We need to take the same layered approach to both the static (stored information) and the dynamic (information in transit) ©2005 DEPS, Inc.

27 OSI stack / model Application OS Presentation Session NOS Transport
Cables NIC / Drivers NOS OS Presentation Each layer May provide potential evidence! Session Transport Network Data - link Physical ©2005 DEPS, Inc.

28 Network Forensics T H H U U T H T T H U Data T H U T H U
©2005 DEPS, Inc.

29 Thank You for your Attention!
©2005 DEPS, Inc.

Download ppt "CET4860 Mark Pollitt Associate Professor"

Similar presentations

Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??

Why to learn OSI reference Model? The answer is too simple that It tells us that how communication takes place between computers on internet but how??
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.

Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.
Unit 1: Getting Started. What is a network?? A group of two or more computers that are linked together. Network Interface Card (NIC), basic network software.

Unit 1: Getting Started. What is a network?? A group of two or more computers that are linked together. Network Interface Card (NIC), basic network software.
2.1 Chapter 2 Network Models Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

2.1 Chapter 2 Network Models Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
File Management Systems

File Management Systems
Figure 3-8 WCB/McGraw-Hill  The McGraw-Hill Companies, Inc., 1998 Network Layer Example.

Figure 3-8 WCB/McGraw-Hill  The McGraw-Hill Companies, Inc., 1998 Network Layer Example.
Senior Design Project 2004/2005 Web Enabled Calling Number Delivery Daniel St. Clair Barron Shurn Professor Soules 10/28/2004.

Senior Design Project 2004/2005 Web Enabled Calling Number Delivery Daniel St. Clair Barron Shurn Professor Soules 10/28/2004.
Chapter 5 - TRANSPORT and NETWORK LAYERS - Part 2 - Static and Dynamic Addressing Address Resolution Dr. V.T. Raja Oregon State University.

Chapter 5 - TRANSPORT and NETWORK LAYERS - Part 2 - Static and Dynamic Addressing Address Resolution Dr. V.T. Raja Oregon State University.
Overview of simple LANs. Networking basics: LAN TCP/IP is the protocol used in the Internet and dominates the internet and transport layers The subnet.

Overview of simple LANs. Networking basics: LAN TCP/IP is the protocol used in the Internet and dominates the internet and transport layers The subnet.
The Internet Protocol  Eliot Grove  Danny Friel  Stuart Anderson.

The Internet Protocol  Eliot Grove  Danny Friel  Stuart Anderson.
Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.

Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1-1 Building a Simple Network Understanding the Host-to-Host Communications Model.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—1-1 Building a Simple Network Understanding the Host-to-Host Communications Model.
Operating System & Application Files BACS 371 Computer Forensics.

Operating System & Application Files BACS 371 Computer Forensics.
MAC Address The Media Access Control (MAC) address is just as important as the IP address. The MAC address is a unique value associated with the network.

MAC Address The Media Access Control (MAC) address is just as important as the IP address. The MAC address is a unique value associated with the network.
OS and Application Files BACS 371 Computer Forensics.

OS and Application Files BACS 371 Computer Forensics.
Capturing Computer Evidence Extracting Information.

Capturing Computer Evidence Extracting Information.
1 Semester 2 Module 1 WANs and Routers Yuda college of business James Chen

1 Semester 2 Module 1 WANs and Routers Yuda college of business James Chen
Layer 4 of the TCP/IP protocol stack: Application level Services: TELNET, FTP, SMTP, HTTP, DNS, RIP, NFS Hierarchy of protocols and services.

Layer 4 of the TCP/IP protocol stack: Application level Services: TELNET, FTP, SMTP, HTTP, DNS, RIP, NFS Hierarchy of protocols and services.

Similar presentations

Ads by Google