Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Why should we be teaching Linux Forensics? Paul Stephens 1.

Similar presentations

Presentation on theme: "1 Why should we be teaching Linux Forensics? Paul Stephens 1."— Presentation transcript:

1 1 Why should we be teaching Linux Forensics? Paul Stephens 1

2 22 Harmonisation of Computer Forensics Investigation Training ISEC AGIS FALCONE

3 Participants Include 3

4 4 AGIS Courses Developed Introductory IT Forensics and Network Investigations 2003-2004 Applied NTFS Forensics Intermediate Internet Investigations Intermediate Network Investigations 2005-2006 Linux as a Forensic Tool Mobile Phone Forensics Wireless LANs and VOIP 2006-2008 4

5 5 ISEC Developments (2008-2011) Advanced Scripting Enterprise/Server Forensics Live Data Forensics Proposed New Courses funded by EC/Partners Seven courses in all Update all AGIS courses funded by Microsoft Initially accredited by University College Dublin Full run of the MSc 5 Vista Forensics

6 6 Linux as a Forensic Tool Initially run as a one week course Following evaluations Basics [online] – Week One Forensic Features and Tools – Week Two Currently being updated by a team of five 6

7 7 Advanced Scripting Currently in development One week course to be run at Microsoft Copenhagen! 7

8 Other Linux Forensics Courses 8 GNU/Linux Forensics Data Recovery & Analysis ICT and Forensic Investigation Digital Forensics

9 Why should we be teaching Linux Forensics? 9

10 10 Why should we be teaching Linux Forensics? Scripting will allow investigators to carry out: Large scale investigations on unusual data sets Automation for routine tasks Integration of various standalone tools into one process Will also equip the investigator with advanced knowledge beyond pre-provided software functionality Projects Open Source Open Source 10

11 11 Some of the Linux Forensic Tools LibEWF dcfldd and rdd The Sleuth Kit Autopsy Forensic Browser/PTK ophcrack QEMU 11

12 12 CCCU Forensic Lab Setup Two PCs Normal PC Internet connection HazardNET PC Students have BIOS/Administrator control Network linked to Windows server running RIS and Linux SSH/SFTP server 12

13 13 Teaching Materials (Basics) Linux Linux Forensics Disk Images and other cool stuff Distributions Debian/Ubuntu? 13

14 14 Development of Teaching Materials Download other peoples evidence files Create the test images/network dumps/etc yourself Takes a loooooooooooooooong time Get someone else to create resources Spec what you want and set it for your current students as an assessment/project Report/presentation on the task 14

15 15 Some Current Projects AGIS/ISEC course developments Analysis of the accuracy and usefulness of Linux Tools Usability analysis of Autopsy/PTK Presentation of computer-based evidence in an electronic format (MOD) A triage toolkit for divisional examiners (Essex) Using virtual technology in the presentation of digital evidence (Trading Standards) 15

16 3rd Annual International Conference on Cybercrime Forensics Education and Training - CFET 2009 First Announcement and Call for Papers The conference will take place in the Powell Building at the North Holmes Road campus of Canterbury Christ Church University on 1st and 2nd September 2009. The conference invites papers, practical workshop proposals, and poster presentations including the following: Development of cybercrime forensics as a new discipline Hacking detection and prevention Viruses and antivirus software Commercial training in cybercrime forensics Supporting police investigations Defining educational programmes and their objectives Ethical, Professional and legal issues New software tools for cybercrime forensics International cooperation to develop standards Career pathways in cybercrime forensics Network and mobile communication technologies Cooperation of commercial and academic partners Case studies in cybercrime forensics Deadline for papers 1st May 2009. Please contact Denis Edgar-Nevill [] for details. Sponsored by

17 17 Cybercrime Forensics SG The Aim of the new SG is: Promoting Cybercrime Forensics and the use of Cybercrime Forensics; of relevance to computing professionals, lawyers, law enforcement officers, academics and those interested in the use of Cybercrime Forensics and the need to address cybercrime for the benefit of those Groups and of the wider public. 17

18 18 Cybercrime Forensics SG The interim committee: Denis Edgar-Nevill HoD Computing Canterbury Christ Church University - Chair Alastair Irons HoD Computing University Sunderland - Vice Chair Dr Abhaya Induruwa Canterbury Christ Church University - Treasurer Paul Stephens Canterbury Christ Church University - Membership Secretary Dr Richard Overill Kings College London Dr James Uhomoibhi University of Ulster Dr Bernd Carsten Stahl DeMontfort University Professor Margaret Ross MBE Southampton Solent University Geoff Staples Southampton Solent University Dr Liz Bacon HoD Computing University of Greenwich 18

19 19 Cybercrime Forensics SG INAUGURAL MEETING The SG will formally come into being with its first meeting at Canterbury Christ Church University Monday 15th December 2008 held at 1400. The current President of the BCS, Rachel Burnett, will open the inaugural meeting. The event will include a keynote presentation on Tackling the Criminal Use of Technology by Chris SimpsonHigh Tech Crime Training Manager NPIA. The event will be open to all. 19

20 20 Questions?

Download ppt "1 Why should we be teaching Linux Forensics? Paul Stephens 1."

Similar presentations

Ads by Google