COEN 152 Computer Forensics
Download
Report
Transcript COEN 152 Computer Forensics
COEN 252 Computer Forensics
Introduction to Computer
Forensics
Thomas Schwarz, S.J. 2013
Computer Forensics
Digital Investigation
Focuses on a digital device
Computer
Router
Switch
Cell-phone
SIM-card
Kindle
…
Computer Forensics
Digital Investigation
Focuses on a digital device involved in an incident
or crime
Computer intrusion
Generic criminal activity
Perpetrator uses internet to gather information used in the
perpetration of a crime.
Digital device is an instrument of a crime
Perpetrator uses cell-phone to set-off a bomb.
Email scams
Internet auction fraud
Crimeware
Computer is used for intrusion of another system
Botnet
Computer Forensics
Digital Investigation
Has different goals
Prevention of further intrusions.
Assessment of damage.
Goal is to reconstruct modus operandi of intruder to
prevent further intrusions.
Goal is to certify system for safe use.
Reconstruction of an incident.
For criminal proceedings.
For organization-internal proceedings.
Computer Forensics
Digital Investigation
Process where we develop and test
hypotheses that answer questions about
digital events.
We can use an adaptation of the scientific
method where we establish hypotheses based
on findings and then (if possible) test our
hypotheses against findings resulting from
additional investigations.
Computer Forensics
Evidence
Procedural notion
That on what our findings are based.
Legal notion
Defined by the “rules of evidence”
Differ by legislation
“Hear-say” is procedurally evidence, but
excluded (under many circumstances) as
legal evidence.
Computer Forensics
Forensics
Used in the “forum”, especially for judicial
proceedings.
Definition: legal
Computer Forensics
Digital Crime Scene Investigation
Process
System Preservation Phase
Evidence Searching Phase
Event Reconstruction Phase
Note: These phases are different activities that
intermingle.
Computer Forensics
Who should know about Computer Forensics
Those involved in legal proceedings that might use
digital evidence
Judges, Prosecutors, Attorneys, Law Enforcement, Expert
Witnesses
Those involved in Systems Administration
Systems Administrators, Network Administrators,
Security Officers
Those writing procedures
Managers
Computer Forensics
Computer Forensics presupposes skills in
Ethics
Law, especially rules of evidence
System and network administration
Digital data presentation
Systems
OS, especially file systems.
Hardware, especially disk drives, memory systems, computer
architecture, …
Networking
Number and character representation
Network protocols, Intrusion detection, …
Information Systems Management
COEN 252
Prerequisites
Required:
Good moral character. Ability and willingness to respect
ethical boundaries.
Familiarity with at least one type of operating system.
(Windows, Unix/Linux, DOS experience preferred.)
Some programming.
Access to a computer with Hex editor.
Desired:
Familiarity with OS Theory.
Familiarity with Networking.
Some Knowledge of U.S. Legal System.