Hierarchy of Access
Download
Report
Transcript Hierarchy of Access
Hierarchy of Access
CET4860
Mark Pollitt
Associate Professor
©2005 DEPS, Inc.
How many objects do you see?
©2005 DEPS, Inc.
Computers are a mystery
Wrapped in an enigma
©2005 DEPS, Inc.
Digital Forensics is like
Peeling an Onion!
Operating
System
File
System
File
Physical
Media
Content
Analysis
©2005 DEPS, Inc.
Hierarchy of Access
•
•
•
•
•
•
•
•
•
User
Computer
Application
Operating System
File System
File
Storage Media
Network (inc. NAS)
Physical Media
©2005 DEPS, Inc.
Users
• If it weren’t for
users…
• Our best friends and
worst enemies
• If it weren’t for stupid
criminals, I wouldn’t
have a job!
©2005 DEPS, Inc.
Computer
•
•
•
•
•
•
•
•
•
User
Computer
Application
Operating System
File System
File
Storage Media
Network (inc. NAS)
Physical Media
©2005 DEPS, Inc.
Hierarchy of Access
•
•
•
•
•
•
•
•
•
User
Computer
Application
Operating System
File System
File
Storage Media
Network (inc. NAS)
Physical Media
©2005 DEPS, Inc.
Application Layer
©2005 DEPS, Inc.
Application Layer, cont.
©2005 DEPS, Inc.
Meta data
©2005 DEPS, Inc.
Operating Systems
•
•
•
•
•
•
•
•
•
User
Computer
Application
Operating System
File System
File
Storage Media
Network (inc. NAS)
Physical Media
©2005 DEPS, Inc.
OS Debris
•
•
•
•
•
•
•
Recently used files
Temporary Internet Files
Logs
Cookies
Cache files
Spooler files
Registry entries
©2005 DEPS, Inc.
Temporary Internet Files
©2005 DEPS, Inc.
Registry Entries
©2005 DEPS, Inc.
Hierarchy of Access
•
•
•
•
•
•
•
•
User
Application
Network (inc. NAS)
Operating System
File System
File
Media
Physical
©2005 DEPS, Inc.
Slack
This is to
confirm our
meeting of
File
Last Thurs
day morning
. I was very
Memory
Slack
Drive
Slack
glad.<EOF>
the dope is
in the car.
This is the
remains of
an old file
©2005 DEPS, Inc.
}
}
Allocation
Unit
Allocation
Unit
Deleted Files
©2005 DEPS, Inc.
Hierarchy of Access
•
•
•
•
•
•
•
•
•
User
Computer
Application
Operating System
File System
File
Storage Media
Network (inc. NAS)
Physical Media
©2005 DEPS, Inc.
From these
©2005 DEPS, Inc.
To this!
©2005 DEPS, Inc.
Hierarchy of Access
•
•
•
•
•
•
•
•
•
User
Computer
Application
Operating System
File System
File
Storage Media
Network (inc. NAS)
Physical Media
©2005 DEPS, Inc.
Network Issues
•
•
•
•
•
•
•
•
•
User
Computer
Application
Operating System
File System
File
Storage Media
Network (inc. NAS)
Physical Media
©2005 DEPS, Inc.
Network Logs
©2005 DEPS, Inc.
Hierarchy of Access
•
•
•
•
•
•
•
•
•
User
Network (inc. NAS)
Computer
Application
Operating System
File System
File
Storage Media
Physical Media
©2005 DEPS, Inc.
As we have seen…
• Digital crime scenes often have three loci:
– The victim system(s)
– The perpetrator's system(s)
– Network devices which connect the first two
• We need to take the same layered
approach to both the static (stored
information) and the dynamic (information
in transit)
©2005 DEPS, Inc.
OSI stack / model
Application
Presentation
Each layer
May provide
potential
evidence!
OS
Session
Transport
NOS
Network
Data - link
Physical
©2005 DEPS, Inc.
NIC / Drivers
Cables
Network Forensics
T
H
H
U
U
T
H
T
T
T
T
Data
©2005 DEPS, Inc.
H
H
H
U
U
U
Thank You for your Attention!
©2005 DEPS, Inc.