Presentation is loading. Please wait.

Presentation is loading. Please wait.

Phases of Computer Forensics 1 Computer Forensics BACS 371 1 Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,

Published byDamian Foster Modified over 8 years ago

Similar presentations

Presentation on theme: "Phases of Computer Forensics 1 Computer Forensics BACS 371 1 Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,"— Presentation transcript:

1 Phases of Computer Forensics 1 Computer Forensics BACS 371 1 Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005, McGraw Hill

2 Phases of Computer Forensics  Collection Phase  Get physical access to computer and related items  Make a forensic image copy of all information  Authentication & Preservation  Examination Phase  Makes evidence visible  Explains origin and significance  Should document content and state of evidence  Technical review – forensic examiner  Analysis Phase  Follow trail of clues  Build evidence  Looks for probative value – investigation team  Reporting Phase  Outline examination process  Pertinent data recovered  Validity of procedure

3 Collection  Search for…  Recognition of…  Documentation of…  Collection and Preservation of…  Packaging and Transportation of…  Electronic Evidence

4 Digital Evidence Collection Toolkit 1  Documentation Tools  Cable tags  Indelible felt tip markers  Stick-on labels  Disassembly and Removal Tools  Flat-blade and Philips-type screwdrivers  Hex-nut drivers  Needle-nose pliers  Secure-bit drivers  Small tweezers  Specialized screwdrivers  Standard pliers  Star-type nut drivers  Wire cutters  Package and Transport Supplies  Antistatic bags  Antistatic bubble wrap  Cable ties  Evidence bags  Evidence tape  Packing materials  Packing tape  Sturdy boxes of various sizes  Other Items  Gloves  Hand truck  Large rubber bands  List of contact telephone numbers for assistance  Magnifying glass  Printer paper  Seizure disk  Small flashlight  Unused floppy diskettes (3 ½” and 5 ¼”) 1 Electronic Crime Scene Investigation: A guide for First Responders, NIJ Guide, DOJ

5 Preliminary Interviews 1  Separate and identify all persons (witnesses, subjects, others)  Obtain Information  Owners/users of devices  Passwords  Purpose of System  Unique security schemes  Offsite data storage  Documentation 1 Electronic Crime Scene Investigation: A guide for First Responders, NIJ Guide, DOJ

6 Document the Scene 1  Observe and document scene – photos and sketches  Document condition of computers  Identify related, but not collected, electronics  Photograph scene  Photograph computer 1 Electronic Crime Scene Investigation: A guide for First Responders, NIJ Guide, DOJ

7 Evidence Collection  Non-electronic evidence  Stand-alone/Laptop computers  Network attached computers  Network servers  Other electronic devices

8 Places to Look for Information  Deleted Files and Slack Space  Recycle Bin  System and Registry Files  Unallocated Disk (Free) Space  Unused Disk Space  Erased Information

9 Ways of Hiding Information  Rename the File  Make the Information Invisible  Use Windows to Hide Files  Protect the File with a Password  Encrypt the File  Use Steganography  Compress the File  Hide the Hardware

10 Methodology for Investigating Computer Crime 1  Search and Seizure  Formulate a plan  Approach and Secure Crime Scene  Document Crime Scene Layout  Search for Evidence  Retrieve Evidence  Process Evidence  Information Discovery  Formulate Plan  Search for Evidence  Process Evidence  While maintaining Chain of Custody 1 Field Guide for Investigating Computer Crime, Timothy E. Wright, http://www.securityfocus.com/print/infocus/1244

11 Brief Outline of the Scientific Method 1. Identify and research a problem 2. Formulate a hypothesis 3. Conceptually and empirically test the hypothesis 4. Evaluate the hypothesis with regards to test results 5. If hypothesis is acceptable, evaluate its impact

Download ppt "Phases of Computer Forensics 1 Computer Forensics BACS 371 1 Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,"

Similar presentations

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
OC RIMS Cyber Safety & Security Incident Response.

OC RIMS Cyber Safety & Security Incident Response.
First responder (usually a uniformed police officer): 1.Medical assistance is first priority…protecting evidence is secondary! 2.Protect scene…nothing.

First responder (usually a uniformed police officer): 1.Medical assistance is first priority…protecting evidence is secondary! 2.Protect scene…nothing.
Computer Forensics.

Computer Forensics.
F6-Preparing for forensic Duplication Dr. John P. Abraham Professor UTPA.

F6-Preparing for forensic Duplication Dr. John P. Abraham Professor UTPA.
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Processing a Crime Scene

Processing a Crime Scene
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
8/23/06 | Slide 1 Scott L. Ksander Computer Forensics in the Campus Environment Scott L. Ksander

8/23/06 | Slide 1 Scott L. Ksander Computer Forensics in the Campus Environment Scott L. Ksander
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.

Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Chapter 9 Electronic Evidence, Electronic Records Management, and Computer Forensics.

Chapter 9 Electronic Evidence, Electronic Records Management, and Computer Forensics.
Electronic Evidence, Electronic Records Management, and Computer Forensics.

Electronic Evidence, Electronic Records Management, and Computer Forensics.
Evidentiary Methods II Evidence Acquisition Computer Forensics BACS 371.

Evidentiary Methods II Evidence Acquisition Computer Forensics BACS 371.

Similar presentations

Ads by Google