Introduction to Computer Forensics
Download
Report
Transcript Introduction to Computer Forensics
COEN 152 Computer Forensics
Introduction to Computer
Forensics
Thomas Schwarz, S.J. 2006
Computer Forensics
Digital Investigation
Focuses on a digital device
Computer
Router
Switch
Cell-phone
SIM-card
…
Computer Forensics
Digital Investigation
Focuses on a digital device involved in an incident
or crime
Computer intrusion
Generic criminal activity
Perpetrator uses internet to gather information used in the
perpetration of a crime.
Digital device is an instrument of a crime
Perpetrator uses cell-phone to set-off a bomb.
Details are sensitive to natural security. If you get
clearance, I can tell you who to ask.
Email scams
Internet auction fraud
Computer is used for intrusion of another system.
Computer Forensics
Digital Investigation
Has different goals
Prevention of further intrusions.
Assessment of damage.
Goal is to reconstruct modus operandi of intruder to
prevent further intrusions.
Goal is to certify system for safe use.
Reconstruction of an incident.
For criminal proceedings.
For organization-internal proceedings.
Computer Forensics
Digital Investigation
Process where we develop and test
hypotheses that answer questions about
digital events.
We can use an adaptation of the scientific
method where we establish hypotheses based
on findings and then (if possible) test our
hypotheses against findings resulting from
additional investigations.
Computer Forensics
Evidence
Procedural notion
That on what our findings are based.
Legal notion
Defined by the “rules of evidence”
Differ by legislation
“Hear-say” is procedurally evidence, but
excluded (under many circumstances) as
legal evidence.
Computer Forensics
Forensics
Used in the “forum”, especially for judicial
proceedings.
Definition: legal
Computer Forensics
Digital Crime Scene Investigation
Process
System Preservation Phase
Evidence Searching Phase
Event Reconstruction Phase
Note:
These phases are different activities that
intermingle.
Computer Forensics
Who should know about Computer Forensics
Those involved in legal proceedings that might use
digital evidence
Judges, Prosecutors, Attorneys, Law Enforcement, Expert
Witnesses
Those involved in Systems Administration
Systems Administrators, Network Administrators,
Security Officers
Those writing procedures
Managers
Computer Forensics
Computer Forensics presupposes skills in
Ethics
Law, especially rules of evidence
System and network administration
Digital data presentation
Systems
OS, especially file systems.
Hardware, especially disk drives, memory systems, computer
architecture, …
Networking
Number and character representation
Network protocols, Intrusion detection, …
Information Systems Management
COEN 252
Prerequisites
Required:
Good moral character. Ability and willingness to respect
ethical boundaries.
Familiarity with at least one type of operating system.
(Windows, Unix/Linux, DOS experience preferred.)
Some programming.
Access to a computer with Hex editor.
Desired:
Familiarity with OS Theory.
Familiarity with Networking.
Some Knowledge of U.S. Legal System.
COEN 252
Text Books
SKOUDIS, E., Zeltser, L.: Malware:
Fighting Malicious Code.. Prentice Hall
Professional Technical Reference. 2004.
Second edition about to appear.
MANDIA, K., PROSISE, C., PEPE, M.
Incident Response & Computer
Forensics. 2nd edition. OsbourneMcGraw Hill, 2003.
COEN 252
Grading
Written Final (20%) (No collaboration.)
Practical Final (35%, due day of the final) (No
collaboration.)
Ethics Case (5%, due day of the final) (No
collaboration.)
Laboratories & Homeworks (30%) (Limited
collaboration.)
Class Project (10%) Groups.
This class is subject to the School of Engineering's Honor code.
Disability Accommodation Policy: To request academic accommodations for a disability, students must contact Disability Resources located in
the Drahmann Center in Benson, Room 214 (Tel.: 554-4111, TTY 554-5445). Students must provide documentation of a disability to Disability
Resources prior to receiving accommodations.
You should take the PERL courses offered by the Sun Academic Alliance. You can find instructions at ~tschwarz/ Homepage/
SunAcademicAllianceInstructions.html