Computer Security Fundamentals

Slides:



Advertisements
Similar presentations
Computer Forensics.
Advertisements

This presentation will take a look at to prevent your information from being discovered by and investigator.
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
Computer Security Fundamentals by Chuck Easttom Chapter 3 Cyber Stalking, Fraud, and Abuse.
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Guide to Computer Forensics and Investigations Fourth Edition
Guide to Computer Forensics and Investigations Fourth Edition
Computer & Network Forensics
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Computer Forensics What is Computer Forensics? What is the importance of Computer Forensics? What do Computer Forensics specialists do? Applications of.
COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.
By Drudeisha Madhub Data Protection Commissioner Date:
Guide to Computer Forensics and Investigations, Second Edition
Hands-on: Capturing an Image with AccessData FTK Imager
Guide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.
Reporting Results Testifying in Court.  Start with a short summary of the case and evidence  The type of report depends on intended use  For court.
Chapter 17 ©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved. Forensic Examination of Windows Systems.
Forensic Science: Fundamentals & Investigations, Chapter 2 1 Chapter 2 Crime Scene Investigation and Evidence Collection By the end of this chapter you.
Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.
Computer Forensics Principles and Practices
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
Computer Security Fundamentals by Chuck Easttom Chapter 13 Cyber Detective.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
Computer Forensics Peter Caggiano. Outline My Background What is it? What Can it do and not do? Goals Evidence Types of forensics Future problems How.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.
Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University September 28, 2007.
Computer Forensics An introduction Jessie Dunbar, Jr. Lynn Johnston Andrew Preece Kathy Spaulding September 18, 2007.
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
Chapter 2 Crime Scene Investigation and Evidence Collection By the end of this chapter you will be able to: summarize Locard’s exchange principle.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Computer Security Fundamentals by Chuck Easttom Chapter 14 Introduction to Forensics.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Forensics Jeff Wang Code Mentor: John Zhu (IT Support)
Computer Security Fundamentals by Chuck Easttom Chapter 11 Network Scanning and Vulnerability Scanning.
2- PRENTICE HALL ©2007 Pearson Education, Inc. Upper Saddle River, NJ CRIMINALISTICS An Introduction to Forensic Science, 9/E By Richard Saferstein.
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 14 – Windows Security.
1 Introduction to Forensic Science and the Law Fourth amendment protects citizens against “unreasonable search and seizures” Police and crime scene investigators.
Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Chapter 8 Forensic Duplication Spring Incident Response & Computer Forensics.
Case Brief Gregory Morton William Campbell Dave Wildner.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
Investigations 2016 First semester [ 12 week ]-Forensic Analysis of the Windows 7 Registry.
TECHNOLOGY IN ACTION. Chapter 5 System Software: The Operating System, Utility Programs, and File Management.
Chapter 2 Crime Scene Investigation and Evidence Collection By the end of this chapter you will be able to: Summarize Locard’s exchange principle.
Computer Security Fundamentals
1D0-570 CIW CIW v5 Security Professional
Computer Security Fundamentals
CYBER FORENSICS | Kiran Bettadapur S. | 5/8/2018.
Chapter 7: Investigating Theft Acts
Criminal Prosecutors with Computer Forensics
Computer Viruses Latifah alabdulkarim
Lesson # 7 A Practical Guide to Computer Forensics Investigations
Introduction The Regional Computer Forensics Laboratory (RCFL) National Program Office created this toolkit to help law enforcement executives assess.
Guide to Computer Forensics and Investigations Fifth Edition
INVESTIGATION PROCESS AND TECHNIQUE
How to fix QuickBooks Payroll Update Error 15276
CHFI & Digital Forensics [Part.1] - Basics & FTK Imager
Chapter 2 Crime Scene Investigation and Evidence Collection By the end of this chapter you will be able to: Summarize Locard’s exchange principle.
Introduction to Digital Forensics
Chapter 2 Crime Scene Investigation and Evidence Collection By the end of this chapter you will be able to: Summarize Locard’s exchange principle.
1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.
Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Chapter 2 Crime Scene Investigation and Evidence Collection By the end of this chapter you will be able to: Summarize Locard’s exchange principle.
Presentation transcript:

Computer Security Fundamentals by Chuck Easttom Chapter 14 Introduction to Forensics

Chapter 14 Objectives Understand basic forensics principles Make a forensic copy of a drive Use basic forensics tools © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Don’t Touch the Suspect Drive The first, and perhaps most important, is to touch the system as little as possible. You do not want to make changes to the system in the process of examining it. Look at one possible way to make a forensically valid copy of a drive. Some of this depends on Linux commands, which you may or may not be familiar with. If you are not, students with no Linux experience can use these same commands and accomplish the task tomake a forensic copy of a drive. © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Document Trail Beyond not touching the actual drive, the next issue is documentation. If you have never worked in any investigative capacity, the level of documentation may seem onerous to you. But the rule is simple: Document everything. © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Secure the Evidence First and foremost, the computer must be taken offline to prevent further tampering. There are some limited circumstances in which a machine would be left online to trace down an active, ongoing attack. But the general rule is to take it offline immediately. © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Using FTK Widely used tool © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Concepts to know Chain of Custody Locard’s principle © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Document Losses Labor cost spent in response and recovery. (Multiply the number of participating staff by their hourly rates.) If equipment were damaged, the cost of that equipment. If data were lost or stolen, what was the value of that data? How much did it cost to obtain that data and how much will it cost to reconstruct it? Any lost revenue, including losses due to down time, having to give customers credit due to inconvenience, or any other way in which revenue was lost. © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Tools AccessData FTK Guidence Encase OSForensics SleuthKit Oxygen Cellabrite © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Finding Evidence in the Browser The browser can be a source of both direct evidence and circumstantial or supporting evidence. Obviously in cases of child pornography, the browser might contain direct evidence of the specific crime. You may also find direct evidence in the case of cyber stalking. However, if you suspect someone of creating a virus that infected a network, you would probably find only indirect evidence such as the person having searched virus creation/programming-related topics. © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Finding Evidence in System Logs Application logs Security logs System logs E-mail logs Printer logs © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Windows Utilities Net sessions Openfiles fc netstat Windows Registry © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Windows Forensics The Registry is extremely important Logs Specific entries Logs Recovering Deleted Files © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Phone Forensics General Cell Phone Concepts Specific Phones iOS Android Windows © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Legal Issues Daubert Rule 702 © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Forensic Certifications CCFP CHFI Sans Access Data © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics

Summary The most important things you have learned are to first make a forensics copy to work with, and second, to document everything. You simply cannot over-document. You have also learned how to retrieve browser information and recover deleted files, and you have learned some commands that may be useful forensically. © 2012 Pearson, Inc. Chapter 14 Introduction to Forensics