COEN 152 Computer Forensics

Download Report

Transcript COEN 152 Computer Forensics

COEN 252 Computer Forensics
Introduction to Computer
Forensics
Thomas Schwarz, S.J. 2013
Computer Forensics

Digital Investigation

Focuses on a digital device







Computer
Router
Switch
Cell-phone
SIM-card
Kindle
…
Computer Forensics

Digital Investigation

Focuses on a digital device involved in an incident
or crime


Computer intrusion
Generic criminal activity


Perpetrator uses internet to gather information used in the
perpetration of a crime.
Digital device is an instrument of a crime






Perpetrator uses cell-phone to set-off a bomb.
Email scams
Internet auction fraud
Crimeware
Computer is used for intrusion of another system
Botnet
Computer Forensics

Digital Investigation

Has different goals

Prevention of further intrusions.


Assessment of damage.


Goal is to reconstruct modus operandi of intruder to
prevent further intrusions.
Goal is to certify system for safe use.
Reconstruction of an incident.


For criminal proceedings.
For organization-internal proceedings.
Computer Forensics

Digital Investigation

Process where we develop and test
hypotheses that answer questions about
digital events.

We can use an adaptation of the scientific
method where we establish hypotheses based
on findings and then (if possible) test our
hypotheses against findings resulting from
additional investigations.
Computer Forensics

Evidence

Procedural notion


That on what our findings are based.
Legal notion

Defined by the “rules of evidence”


Differ by legislation
“Hear-say” is procedurally evidence, but
excluded (under many circumstances) as
legal evidence.
Computer Forensics

Forensics

Used in the “forum”, especially for judicial
proceedings.

Definition: legal
Computer Forensics

Digital Crime Scene Investigation
Process



System Preservation Phase
Evidence Searching Phase
Event Reconstruction Phase

Note: These phases are different activities that
intermingle.
Computer Forensics

Who should know about Computer Forensics

Those involved in legal proceedings that might use
digital evidence


Judges, Prosecutors, Attorneys, Law Enforcement, Expert
Witnesses
Those involved in Systems Administration



Systems Administrators, Network Administrators,
Security Officers
Those writing procedures
Managers
Computer Forensics

Computer Forensics presupposes skills in



Ethics
Law, especially rules of evidence
System and network administration

Digital data presentation


Systems



OS, especially file systems.
Hardware, especially disk drives, memory systems, computer
architecture, …
Networking


Number and character representation
Network protocols, Intrusion detection, …
Information Systems Management
COEN 252
Prerequisites

Required:





Good moral character. Ability and willingness to respect
ethical boundaries.
Familiarity with at least one type of operating system.
(Windows, Unix/Linux, DOS experience preferred.)
Some programming.
Access to a computer with Hex editor.
Desired:



Familiarity with OS Theory.
Familiarity with Networking.
Some Knowledge of U.S. Legal System.