Download presentation
Presentation is loading. Please wait.
Published byDamian Foster Modified over 8 years ago
1
Phases of Computer Forensics 1 Computer Forensics BACS 371 1 Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005, McGraw Hill
2
Phases of Computer Forensics Collection Phase Get physical access to computer and related items Make a forensic image copy of all information Authentication & Preservation Examination Phase Makes evidence visible Explains origin and significance Should document content and state of evidence Technical review – forensic examiner Analysis Phase Follow trail of clues Build evidence Looks for probative value – investigation team Reporting Phase Outline examination process Pertinent data recovered Validity of procedure
3
Collection Search for… Recognition of… Documentation of… Collection and Preservation of… Packaging and Transportation of… Electronic Evidence
4
Digital Evidence Collection Toolkit 1 Documentation Tools Cable tags Indelible felt tip markers Stick-on labels Disassembly and Removal Tools Flat-blade and Philips-type screwdrivers Hex-nut drivers Needle-nose pliers Secure-bit drivers Small tweezers Specialized screwdrivers Standard pliers Star-type nut drivers Wire cutters Package and Transport Supplies Antistatic bags Antistatic bubble wrap Cable ties Evidence bags Evidence tape Packing materials Packing tape Sturdy boxes of various sizes Other Items Gloves Hand truck Large rubber bands List of contact telephone numbers for assistance Magnifying glass Printer paper Seizure disk Small flashlight Unused floppy diskettes (3 ½” and 5 ¼”) 1 Electronic Crime Scene Investigation: A guide for First Responders, NIJ Guide, DOJ
5
Preliminary Interviews 1 Separate and identify all persons (witnesses, subjects, others) Obtain Information Owners/users of devices Passwords Purpose of System Unique security schemes Offsite data storage Documentation 1 Electronic Crime Scene Investigation: A guide for First Responders, NIJ Guide, DOJ
6
Document the Scene 1 Observe and document scene – photos and sketches Document condition of computers Identify related, but not collected, electronics Photograph scene Photograph computer 1 Electronic Crime Scene Investigation: A guide for First Responders, NIJ Guide, DOJ
7
Evidence Collection Non-electronic evidence Stand-alone/Laptop computers Network attached computers Network servers Other electronic devices
8
Places to Look for Information Deleted Files and Slack Space Recycle Bin System and Registry Files Unallocated Disk (Free) Space Unused Disk Space Erased Information
9
Ways of Hiding Information Rename the File Make the Information Invisible Use Windows to Hide Files Protect the File with a Password Encrypt the File Use Steganography Compress the File Hide the Hardware
10
Methodology for Investigating Computer Crime 1 Search and Seizure Formulate a plan Approach and Secure Crime Scene Document Crime Scene Layout Search for Evidence Retrieve Evidence Process Evidence Information Discovery Formulate Plan Search for Evidence Process Evidence While maintaining Chain of Custody 1 Field Guide for Investigating Computer Crime, Timothy E. Wright, http://www.securityfocus.com/print/infocus/1244
11
Brief Outline of the Scientific Method 1. Identify and research a problem 2. Formulate a hypothesis 3. Conceptually and empirically test the hypothesis 4. Evaluate the hypothesis with regards to test results 5. If hypothesis is acceptable, evaluate its impact
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.