Presentation is loading. Please wait.

Presentation is loading. Please wait.

Extended Learning Module H Computer Crime and Digital Forensics Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Extended Learning Module H Computer Crime and Digital Forensics Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin."— Presentation transcript:

1 Extended Learning Module H Computer Crime and Digital Forensics Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin

2 STUDENT LEARNING OUTCOMES 1. Define computer crime and list three types of computer crime that can be perpetrated from inside and three from outside the organization 2. Identify the seven types of hackers and explain what motivates each group 3. Define digital forensics and describe the two phases of a forensic investigation Mod H-2

3 STUDENT LEARNING OUTCOMES 4. Describe what is meant by anti-forensics, and give an example of each of the three types 5. Describe two ways in which corporations use digital forensics Mod H-3

4 INTRODUCTION  Computers are involved in crime in two ways  1.  2.  Computer crimes can be committed  1.  2. Mod H-4

5 MODULE ORGANIZATION 1. Computer Crime  Learning Outcomes #1 & #2 2. Digital Forensics  Learning Outcome #3 3. Recovery and Interpretation  Learning Outcome #4 4. Who Needs Digital Forensic Investigators?  Learning Outcome #5 Mod H-5

6 COMPUTER CRIME  Computer crime Mod H-6

7 Examples of Computer Crimes Mod H-7

8 Crimes in Which Computers Usually Play a Part Mod H-8

9 Outside the Organization  In 2006 the greatest financial loss stemmed from Mod H-9

10 Types of Malware  Malware – software designed to harm you computer or computer security  1.  2.  3.  Types of Malware  1.  2.  3. Mod H-10

11 Viruses  Computer virus (virus)  Worm Mod H-11

12 Recent Problems  The most common type of worm was a botnet in 2007 and 2008  Botnet  A botnet can  1.  2.  3. Mod H-12

13 The Love Bug Worm Mod H-13

14 Stand-Alone Viruses  Spoofing  Klez family of worms Mod H-14

15 Trojan Horse Viruses  Trojan horse virus  Examples:  Key logger (key trapper) software  Ping-of-Death DoS attack Mod H-15

16 Misleading E-mail: Virus Hoax  Objective is to cause damage to your system  Virus hoax is an e-mail telling you of a non- existent virus  1.  2. Mod H-16

17 Denial-of-Service Attacks  Denial-of-Service (DoS) attack Mod H-17

18 Distributed DoS  Distributed denial-of-service attack (DDoS) Mod H-18

19 Distributed Denial-of-Service Attack Mod H-19

20 Malware Bots  Bot  Malware bots  Zombies (or drones) Mod H-20

21 Rootkits  Rootkit Mod H-21

22 Web Defacing  Web defacing Mod H-22

23 Players  Hackers  Thrill-seeker hackers  White-hat (ethical) hackers Mod H-23

24 Players  Black hat hackers  Crackers Social engineering Mod H-24

25 Players  Hacktivists  Cyberterrorists Mod H-25

26 Players  Script kiddies (or bunnies) Mod H-26

27 DIGITAL FORENSICS  Digital forensics  Two phases  1.  2. Mod H-27

28 Phase 1: Collection – Places to look for Electronic Evidence Mod H-28

29 Phase 1: Preservation  If possible, hard disk is removed without turning computer on  Special forensics computer is used to ensure that nothing is written to drive  Forensic image copy Mod H-29

30 Phase 1: Authentication  Authentication process necessary for ensuring that no evidence was planted or destroyed  MD5 hash value Mod H-30

31 Forensic Hardware and Software Tools  Forensics computers usually have a lot of RAM and very fast processors  EnCase – software that finds all information on disks  Quick View Plus and Conversions Plus – read files in many formats  Mailbag Assistant – reads most e-mail Mod H-31

32 Forensics Hardware and Software Tools  Gargoyle – software that identifies encrypted files and may decrypt them  Irfan View – reads image files  Ingenium – semantic analysis software that searches for meaning rather than an exact match Mod H-32

33 Cell Phones  In 2004 - 200 countries with more than 1.5 billion users of GSM cell phones (Cingular and most of Europe)  Cell phones can be used for  Illegal drug deals  Storing stolen data  Fraudulently securing goods and services  Setting off explosives Mod H-33

34 Cell Phones and Other Handheld Devices Files Can Be Recovered from… Mod H-34

35 Phase 2: Analysis Mod H-35

36 Where Data is Hiding Mod H-36

37 History of Disk Activity Mod H-37

38 Live Analysis Mod H-38

39 RECOVERY AND INTERPRETATION Mod H-39

40 E-Mail between engineers about the Spaceship Columbia Mod H-40

41 E-Mail between Enron and Andersen Consulting Mod H-41

42 E-Mail from Arresting Officer in the Rodney King Beating Mod H-42

43 Internal E-Mail from Bill Gates to Microsoft Employee Mod H-43

44 Places to Look for Useful Information  Deleted files and slack space  Slack space  System and registry files Mod H-44

45 Places to Look for Useful Information  Unallocated space Mod H-45

46 Anti-Forensics  New branch of digital forensics  Set of tools and activities that make it hard or impossible to track user activity  Three categories  1.  2.  3. Mod H-46

47 Configuration Settings Examples:  Use Shift + Delete to bypass the recycle bin  Rename the file with a different extension  Clear out virtual memory  Use Defrag to rearrange data on the hard disk and overwrite deleted files  Use Disk Cleanup to delete ActiveX controls and Java applets Mod H-47

48 Configuration Settings Examples:  Delete temporary Internet files  Hide information by making it invisible with Hidden feature in Word or Excel  Redact – black out portions of a document  Protect your files with passwords Mod H-48

49 Configuration Settings Examples:  Make the information invisible  Use Windows to hide files  Protect file with password Mod H-49

50 Third-Party Tools to  Alter your registry  Hide Excel files inside Word documents and visa versa  Change the properties like creation date in Windows  Replace disk contents with 1’s and 0’s – called wiping programs Mod H-50

51 Third Party Tools  Encryption  Steganography  U3 Smart drive Mod H-51

52 Forensic Defeating Software  Software on the market specially designed to evade forensic examination  Such software would include programs to remove  data in slack space  data in cache memory  cookies, Internet files, Google search history, etc. Mod H-52

53 WHO NEEDS DIGITAL FORENSICS INVESTIGATORS?  Digital forensics is used in Mod H-53

54 Organizations Use Digital Forensics in Two Ways 1. 2. Mod H-54

55 Proactive Education to Educate Employees  Proactive Education for Problem Prevention  What to do and not to do with computer resources such as  1.  2.  3. Mod H-55

56 Reactive Digital forensics for Incident Response  What to do if wrong-doing is suspected and how to investigate it  Encouraged by the Sarbanes-Oxley Act, which expressly requires implementation of policies to prevent illegal activity and to investigate allegations promptly Mod H-56

57 A Day in the Life…  As a digital forensics expert you must  Know a lot about computers and how they work  Keep learning  Have infinite patience  Be detail-oriented  Be good at explaining how computers work  Be able to stay cool and think on your feet Mod H-57

Download ppt "Extended Learning Module H Computer Crime and Digital Forensics Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin."

Similar presentations

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
OC RIMS Cyber Safety & Security Incident Response.

OC RIMS Cyber Safety & Security Incident Response.
Computer Forensics.

Computer Forensics.
Extended Learning Module H Computer Crime and Digital Forensics Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

Extended Learning Module H Computer Crime and Digital Forensics Copyright © 2010 by the McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
This presentation will take a look at to prevent your information from being discovered by and investigator.

This presentation will take a look at to prevent your information from being discovered by and investigator.
2 Language of Computer Crime Investigation

2 Language of Computer Crime Investigation
CHAPTER OVERVIEW SECTION 4.1 – Ethics

CHAPTER OVERVIEW SECTION 4.1 – Ethics
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.

McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.

Chapter 4 McGraw-Hill/Irwin Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. Ethics and Information Security.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Chapter 9: Privacy, Crime, and Security

Chapter 9: Privacy, Crime, and Security
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
BUSINESS PLUG-IN B6 Information Security.

BUSINESS PLUG-IN B6 Information Security.
McGraw-Hill/Irwin ©2005 The McGraw-Hill Companies, All rights reserved Extended Learning Module H COMPUTER CRIME AND FORENSICS.

McGraw-Hill/Irwin ©2005 The McGraw-Hill Companies, All rights reserved Extended Learning Module H COMPUTER CRIME AND FORENSICS.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Chapter 10 Privacy and Security McGraw-Hill

Chapter 10 Privacy and Security McGraw-Hill
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Similar presentations

Ads by Google