Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Fundamentals by Chuck Easttom Chapter 14 Introduction to Forensics.

Published byJessica Banks Modified over 8 years ago

Similar presentations

Presentation on theme: "Computer Security Fundamentals by Chuck Easttom Chapter 14 Introduction to Forensics."— Presentation transcript:

1 Computer Security Fundamentals by Chuck Easttom Chapter 14 Introduction to Forensics

2 © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 2 Chapter 14 Objectives Understand basic forensics principles Make a forensic copy of a drive Use basic forensics tools

3 © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 3 Don’t Touch the Suspect Drive The first, and perhaps most important, is to touch the system as little as possible. You do not want to make changes to the system in the process of examining it. Look at one possible way to make a forensically valid copy of a drive. Some of this depends on Linux commands, which you may or may not be familiar with. If you are not, students with no Linux experience can use these same commands and accomplish the task tomake a forensic copy of a drive.

4 © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 4 Document Trail Beyond not touching the actual drive, the next issue is documentation. If you have never worked in any investigative capacity, the level of documentation may seem onerous to you. But the rule is simple: Document everything.

5 © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 5 Secure the Evidence First and foremost, the computer must be taken offline to prevent further tampering. There are some limited circumstances in which a machine would be left online to trace down an active, ongoing attack. But the general rule is to take it offline immediately.

6 © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 6 Document Losses Labor cost spent in response and recovery. (Multiply the number of participating staff by their hourly rates.) If equipment were damaged, the cost of that equipment. If data were lost or stolen, what was the value of that data? How much did it cost to obtain that data and how much will it cost to reconstruct it? Any lost revenue, including losses due to down time, having to give customers credit due to inconvenience, or any other way in which revenue was lost.

7 © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 7 Finding Evidence in the Browser The browser can be a source of both direct evidence and circumstantial or supporting evidence. Obviously in cases of child pornography, the browser might contain direct evidence of the specific crime. You may also find direct evidence in the case of cyber stalking. However, if you suspect someone of creating a virus that infected a network, you would probably find only indirect evidence such as the person having searched virus creation/programming-related topics.

8 © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 8 Finding Evidence in System Logs Application logs Security logs System logs E-mail logs Printer logs

9 © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 9 Windows Utilities Net sessions Openfiles fc netstat Windows Registry

10 © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 10 Summary The most important things you have learned are to first make a forensics copy to work with, and second, to document everything. You simply cannot over-document. You have also learned how to retrieve browser information and recover deleted files, and you have learned some commands that may be useful forensically.

Download ppt "Computer Security Fundamentals by Chuck Easttom Chapter 14 Introduction to Forensics."

Similar presentations

This presentation will take a look at to prevent your information from being discovered by and investigator.

This presentation will take a look at to prevent your information from being discovered by and investigator.
Computer Security Fundamentals by Chuck Easttom Chapter 3 Cyber Stalking, Fraud, and Abuse.

Computer Security Fundamentals by Chuck Easttom Chapter 3 Cyber Stalking, Fraud, and Abuse.
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.

Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Computer Forensics, The Investigators Persepective Paul T. Mobley Sr. Computer Forensics Consultant Jawz Inc.

Computer Forensics, The Investigators Persepective Paul T. Mobley Sr. Computer Forensics Consultant Jawz Inc.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Technology for Computer Forensics by Alicia Castro.

Technology for Computer Forensics by Alicia Castro.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Computer Forensics What is Computer Forensics? What is the importance of Computer Forensics? What do Computer Forensics specialists do? Applications of.

Computer Forensics What is Computer Forensics? What is the importance of Computer Forensics? What do Computer Forensics specialists do? Applications of.
Computer Security Fundamentals

Computer Security Fundamentals
Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.

Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.
I Information Systems Technology Ross Malaga 3 Part I Understanding Information Systems Technology Copyright © 2005 Prentice Hall, Inc. 3-1 SOFTWARE.

I Information Systems Technology Ross Malaga 3 "Part I Understanding Information Systems Technology" Copyright © 2005 Prentice Hall, Inc. 3-1 SOFTWARE.
Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.

Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 E-mail Investigations.

Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.
Data Deletion and Recovery. Data Deletion  What does data deletion mean in your own words?

Data Deletion and Recovery. Data Deletion  What does data deletion mean in your own words?
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
General Awareness Training

General Awareness Training
Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.

Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.

Similar presentations

Ads by Google