Presentation is loading. Please wait.

Presentation is loading. Please wait.

Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona.

Published byNathaniel Cannon Modified over 9 years ago

Similar presentations

Presentation on theme: "Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona."— Presentation transcript:

1 Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona

2 Agenda What is Computer Forensics What is Computer Forensics Trends in Computer Forensics Trends in Computer Forensics Structure of a Computer Forensics Course Structure of a Computer Forensics Course Investigative Mindset Investigative Mindset Criminal Mindset Criminal Mindset Legal Aspects of Computer Forensics Legal Aspects of Computer Forensics Ethics Ethics Highlights Highlights Questions & Answers Questions & Answers

3 What is Computer Forensics? Application of computer investigation and analysis in the interests of determining potential legal evidence Application of computer investigation and analysis in the interests of determining potential legal evidence Involves the identification, preservation, extraction, documentation, and interpretation of this digital evidence Involves the identification, preservation, extraction, documentation, and interpretation of this digital evidence

4 Trends in Computer Forensics Computer Information System/Information Technology Computer Information System/Information Technology 95% or world’s information is being generated and stored in a digital form 95% or world’s information is being generated and stored in a digital form Only about one-third of documentary evidence is printed out Only about one-third of documentary evidence is printed out

5 Structure Of Course Prerequisites Prerequisites Textbooks Used Textbooks Used Group and Individual Projects Group and Individual Projects Lab Environment/Facility Lab Environment/Facility

6 Quarter System Class Prerequisites Prerequisites Cal Poly – Junior/Senior level in a career track Cal Poly – Junior/Senior level in a career track Textbooks Textbooks Guide to Computer Forensics Guide to Computer Forensics from Course Technology from Course Technology Recommended: Hacking Exposed: Computer Forensics Secrets and Solutions Recommended: Hacking Exposed: Computer Forensics Secrets and Solutions

7 Topics Covered Applicable Laws Applicable Laws Processing Crime and Incident Scenes Processing Crime and Incident Scenes Collecting Evidence Collecting Evidence Recovering Evidence Recovering Evidence Computer Forensic Tools Computer Forensic Tools Documenting the Investigation Documenting the Investigation Communicating the Results Communicating the Results

8 Cal Poly’s Computer Forensics Lab Allows hands-on experience Allows hands-on experience Evidence lockers Evidence lockers 3 separate hard drives 3 separate hard drives Software available: Software available: EnCase Enterprise version 5 EnCase Enterprise version 5 FTK FTK Open source products Open source products Virtual PC Virtual PC

9 Additional Software HexWorkshop HexWorkshop Irfanview Irfanview Paraben Paraben PC-Encrypt PC-Encrypt WinHex WinHex BitPim BitPim Stegdetect Stegdetect

10 Group Project The goals are to: The goals are to: Follow a documented forensics investigation process Follow a documented forensics investigation process Identify relevant electronic evidence associated with various violations of specific laws Identify relevant electronic evidence associated with various violations of specific laws Identify probable cause to obtain a search warrant Identify probable cause to obtain a search warrant Recognize the limits of search warrants Recognize the limits of search warrants Locate and recover relevant electronic evidence Locate and recover relevant electronic evidence Maintain a chain of custody Maintain a chain of custody

11 Group Project Parts 1. Create the evidence 1. Pick a crime and identify the elements 2. Generate evidence to support that crime 3. Write and execute a search warrant 2. Analyzing the evidence seized 1. Maintain chain of custody 2. Analyze the digital medium for evidence 3. Document the process and findings 3. Presentation of findings

12 Group Projects Created Bioterrorism of 80% of the world’s coconut supply on a fictitious island Bioterrorism of 80% of the world’s coconut supply on a fictitious island A Da Vinci Code takeoff where the curator interrupts the robbery of the Mona Lisa and is killed in the process A Da Vinci Code takeoff where the curator interrupts the robbery of the Mona Lisa and is killed in the process Murder of a faculty member and where they are buried Murder of a faculty member and where they are buried Counterfeit Anaheim Angel playoff tickets Counterfeit Anaheim Angel playoff tickets

13 Individual Projects (Labs) Acquiring an image for analysis Acquiring an image for analysis Recovering deleted data Recovering deleted data Password and encryption methods Password and encryption methods Images and steganography Images and steganography Tracing emails Tracing emails Email analysis Email analysis Cell phones Cell phones PDA PDA

14 Investigative Mindset Handling the Crime Scene Handling the Crime Scene Ears, Eyes, Hands Ears, Eyes, Hands Computer Evidence Computer Evidence Digital Evidence Digital Evidence Crime Scene investigation and boundaries Crime Scene investigation and boundaries Searching and Collecting evidence Searching and Collecting evidence Do’s and Don’ts Do’s and Don’ts

15 Criminal Mindset Identify Theft Identify Theft Pornography Pornography Sexual Harassment Sexual Harassment Embezzlement Embezzlement Mail -Hate -Gambling across States -Drug Trafficking -Images Mail -Hate -Gambling across States -Drug Trafficking -Images Understanding anti-forensic techniques to hide evidence Understanding anti-forensic techniques to hide evidence

16 Legal Aspects of Computer Forensics Don’t commit a crime when manufacturing evidence Don’t commit a crime when manufacturing evidence Verify the tools Verify the tools Document everything Document everything

17 Ethics Do your job Do your job Remove any personal agendas you may have about the case/investigation Remove any personal agendas you may have about the case/investigation Knowing it and proving it are 2 different things Knowing it and proving it are 2 different things State the facts as you see them State the facts as you see them It is not your job to be Judge and/or Jury It is not your job to be Judge and/or Jury Ethical Hacking Ethical Hacking

18 Highlights Professor in class challenges: Professor in class challenges: Time available after class for lab work Time available after class for lab work Student Technical Experience is varied Student Technical Experience is varied Evidence created could be hit or miss Evidence created could be hit or miss Student creativity Student creativity Training/Certifications Training/Certifications Computer Usage Policy Computer Usage Policy White Hacker Policy White Hacker Policy

19 Questions and Answer

Download ppt "Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona."

Similar presentations

Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, ITIL Certified.

Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, ITIL Certified.
Complex Recovery/ Data Reduction DFRWS 2002. Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.

Complex Recovery/ Data Reduction DFRWS Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.
Chapter 14 Cyber Crimes © 2012 Cengage Learning. All Rights Reserved.

Chapter 14 Cyber Crimes © 2012 Cengage Learning. All Rights Reserved.
Computer Forensics.

Computer Forensics.
The next generation in digital forensics Mobile Phones A New Frontier in Digital Forensics BK Forensics.

The next generation in digital forensics Mobile Phones A New Frontier in Digital Forensics BK Forensics.
2 Language of Computer Crime Investigation

2 Language of Computer Crime Investigation
E-Discovery for System Administrators Russell M. Shumway.

E-Discovery for System Administrators Russell M. Shumway.
No Nonsense File Collection Presented by: Pinpoint Labs Presenter: Jon Rowe, CCE, ISFCE Certified Computer Examiner Members: The International Society.

No Nonsense File Collection Presented by: Pinpoint Labs Presenter: Jon Rowe, CCE, ISFCE Certified Computer Examiner Members: The International Society.
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Computer Forensics 101 Essential Knowledge for 21 st Century Investigators with Case Studies Presented by Steve Abrams, M.S. Abrams Computer Forensics.

Computer Forensics 101 Essential Knowledge for 21 st Century Investigators with Case Studies Presented by Steve Abrams, M.S. Abrams Computer Forensics.
Forensic and Investigative Accounting

Forensic and Investigative Accounting
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.

Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.

COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.

Similar presentations

Ads by Google