Extract and Correlate Evidences in Computer Forensics

Slides:



Advertisements
Similar presentations
Computer Forensics Internet Artifacts.
Advertisements

CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.
Effective Discovery Techniques In Computer Crime Cases.
Internet Artifacts Dr. John Abraham Professor UTPA.
SOFTWARE PRESENTATION ODMS (OPEN SOURCE DOCUMENT MANAGEMENT SYSTEM)
BACS 371 Computer Forensics
E-commerce Web Site: Sales and Inventory Management System Markku Marjoneva.
Technology for Computer Forensics by Alicia Castro.
© InLoox ® InLoox PM Web App product presentation The Online Project Software.
Forensic analysis of Windows hosts using UNIX-based tools Source : Digital Investigation (2004) 1, Writer : Cory Altheide Reporter : Yao Professor.
P6 - CONFIGURE THE SOFTWARE. CONFIGURE SOFTWARE Most software can be configured to suit an individual user, for example by changing the appearance of.
Medical Application Giant Squid Michal Cohen Robet Esho Chris Hogan Kate Kuleva Nisha Makwana Alex Rodrigues Rafal Urbanczyk.
The aim We had to “build” a laptop from scratch. We needed to install the software and the Operating system needed. We came across all sorts of problems.
Cloud Computing Characteristics A service provided by large internet-based specialised data centres that offers storage, processing and computer resources.
©2010 John Wiley and Sons Chapter 12 Research Methods in Human-Computer Interaction Chapter 12- Automated Data Collection.
1 and Internet Evidence Mark Pollitt Associate Professor, Engineering Technology.
Tool Names: 1. VISION 2. PASCO 3. GALLETA. Tool 1 VISION.
DIGITAL RECORDING SYSTEM Installation Setup Wizard About Our Software.
Timeline Analysis Geoff Black, EnCE, SnortCP Senior Forensic Consultant Professional Services Division Guidance Software, Inc.
Technology in Computer Forensics  Alicia Castro  Thesis Defense  Master of Software Engineering  Department of Computer Science  University of Colorado,
Unit 8: Abacus Law and Smart Draw. Specialty Software Abacus Law is a legal specialty software that can be used for case management, calendaring, contact.
FitnessGram® 2015 Student Information System (SIS) Extract Import Training for Georgia School Year.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Performance Testing Test Complete. Performance testing and its sub categories Performance testing is performed, to determine how fast some aspect of a.
Web Browsing *TAKE NOTES*. Millions of people browse the Web every day for research, shopping, job duties and entertainment. Installing a web browser.
Internet Privacy Define PRIVACY? How important is internet privacy to you? What privacy settings do you utilize for your social media sites?
TWFG Branch Meeting – 1 st Quarter Logging In AMP was designed for use with Chrome. While some features may work in Internet Explorer, we recommend.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Investigations 2016 First semester [ 12 week ]-Forensic Analysis of the Windows 7 Registry.
Manage your projects efficiently and on a high level PROJECT MANAGEMENT SYSTEM Enovatio Projects Efficient project management Creating project plans Increasing.
Internet Basics 10/23/2012. What is the Internet? It’s a world-wide network of computer networks. It grows hourly and involves national governments, communities,
Media analyses based on Microsoft NTFS file ownership Writer : Fred C. Kerr Information Systems Management, Applied Management and Decision Sciences, Walden.
Responder Field Edition & Pro
HedEx Lite Obtaining and Using Huawei Documentation Easily
Start-SPPowerShell – Introduction to PowerShell for SharePoint Admins and Developers Paul BAker.
Unit 3 Virtualization.
Electronic Handbooks (EHBs) Overview
Automated ad placement
Platform Overview Provide your marketing and sales groups with a single, integrated, web based on-demand platform that allows them to easily automate and.
Improving searches through community clustering of information
Database System Concepts and Architecture
Browser Settings *Failure to have the correct Browser cache setting may result in incorrect data being displayed. This is the procedure to allow Indistar.

Welcome to Week 3 in the computer lab
Computer Basics Technology’s Impact.
Responder Field Edition & Pro
By Janet Crawford and Dam Luong Submitted to the Faculty of
Extract and Correlate Evidences in Computer Forensics
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
HOW CAN I MAKE MOZILLA FIREFOX WORK FASTER? Mozilla Firefox is one the free and open source web browsers available in the world of technology. It is available.
How To Fix AOL Desktop Update Error AOL Helpline Number
Firefox Launched New Browser Update July 2018| All Features with best Mozilla Firefox Support.
A User Issue Reported  “I'm running FF portable. I've done a complete reinstall of FF and I'm still having the same problem, virtually any website.
Telnet/SSH Connecting to Hosts Internet Technology.
SharePoint Saturday Omaha April 2016
Internet Basics.
Chapter 12: Automated data collection methods
InLoox PM Web App product presentation
Extract and Correlate Evidences in Computer Forensics
Network Media, models and number systems
Is your computer being used against you while you sleep?
Application Software EIT, © Author Gay Robertson, 2016.
Skills Development Program
Manuscript Transcription Assistant Initiative
software & cloud computing
Software - Operating Systems
Francesco Giarletta.
FitnessGram® 2015 Student Information System (SIS) Extract Import Training for Georgia School Year.
What do we mean by WebData?
Web Application Development Using PHP
Presentation transcript:

Extract and Correlate Evidences in Computer Forensics Alicia Castro Thesis Defense Master of Engineering in Software Engineering Department of Computer Science University of Colorado, Colorado Springs Alicia Castro/NICA Computer Forensic 11/13/2018

Computer Forensics Facts Computer forensics is about investigating digital evidence related to criminal or suspicious behavior where computers or computer and related equipment may or may not be the target. Internet crime has increased 22.3% in 2009 over 2008. Alicia Castro/NICA Computer Forensic 11/13/2018

Computer Forensic Background Digital evidence includes computer generated records such as the logs/output of computer programs and computer-stored records such as email messages/chats It is difficult to attribute certain computer activities to an individual especially in a shared multi-access environment.  require establish timeline and correlating of events Add a viewgraph lists related work/computer forensic tools right after this. Later you mentioned other forensic tools but you never mentioned what they are! Alicia Castro/NICA Computer Forensic 11/13/2018

Comparable Forensic Tools Cookie History Cache Browser Outlook IM Registry $ RegRipper   free Galleta 1 Pasco EventLog Nica 3 Encase 4 $$$ Alicia Castro/NICA Computer Forensic 11/13/2018

Computer Forensics Legal Issues Understand fundamentals of: Search and Seizure laws Electronic Communication Privacy Act Wiretap Statute Pen/Trap Statute Patriotic Act State Laws about Search and Seizure Alicia Castro/NICA Computer Forensic 11/13/2018

Forensic Investigation Accessories to a Crime Alicia Castro/NICA Computer Forensic 11/13/2018

…Forensic Investigation Suspect Accomplices of a Crime Alicia Castro/NICA Computer Forensic 11/13/2018

Utilities Used by Nica Forensic Tool Nica is the nick name of Nicaraguan citizens, being that I am from Nicaragua I decided that this was a good name for it. Nica Forensic Tool uses external tools to help parse and extract info from the cache files of IE, Mozilla Firefox, Google Chrome browsers and Outlook .pst files IECacheView MozillaCacheView ChromeCacheView IEHV Outlook Redemption Microsoft Log Parser What is Nica stands for? Alicia Castro/NICA Computer Forensic 11/13/2018

Nica Forensic tool functionality Use the cache files parser information and determine what information is valuable. Get cookies and history files of each web browser, Skype logs, Instant Messenger and Outlook logs. Store information in a database Display any output providing potential evidences. Design of GUI for easy assess to forensic evidences. Alicia Castro/NICA Computer Forensic 11/13/2018

Nica Forensic Tool Unlike similar forensic tools like Galleta and Pasco; it finds all the users on the computer not just the logged on users. Unlike similar forensic tools like Galleta, Pasco and RegRipper; it does not need the investigator to enter the path where the information would be found. Nica Forensic Tool does it for the investigator. What are similar forensic tools? Add them in Viewgraph 3 Alicia Castro/NICA Computer Forensic 11/13/2018

Nica Forensic Tool Design Enter Case Number Case Description Forensic Investigator Notes Alicia Castro/NICA Computer Forensic 11/13/2018

Run the parser to find entries by activities. Note the time stamp for date that the investigation was done and also the time it takes to find all the activities Alicia Castro/NICA Computer Forensic 11/13/2018

Provide Timeline Viewer Report by user, date time and activities Alicia Castro/NICA Computer Forensic 11/13/2018

Facilitate Finding/Gathering of Evidences Alicia Castro/NICA Computer Forensic 11/13/2018

Select the Evidences Alicia Castro/NICA Computer Forensic 11/13/2018

Display Selected Suspected Activities Alicia Castro/NICA Computer Forensic 11/13/2018

Evidence Classification Inclusion Criteria More than one activity Time between activities is less than 15 minutes Previous history of web sites visited Exclusion Criteria One isolated activity and no previous history Two or more activities with time intervals of more than 15 minutes between each activity Alicia Castro/NICA Computer Forensic 11/13/2018

Nica Forensic Tool Logic Flow Chart Font too small at least font size 18. Use two viewgraphs. In each viewgraph, expand one side and minimize the other side. Alicia Castro/NICA Computer Forensic 11/13/2018

Nica Forensic Tool Logic Flow Chart (2) Alicia Castro/NICA Computer Forensic 11/13/2018

Nica Forensic Tool Implementation Number of End Users = 6 (it can be unlimited) Effects on change of task and responsibilities of End Users: Tool is portable, investigators can carry it with them. It works fast, that it can be run when a suspect just moves away from his/her computer for a few minutes. It is still a forensic tool, all the legal steps should be followed before trying to run the tool. Alicia Castro/NICA Computer Forensic 11/13/2018

Nica Forensic Tool Usage & Limitations Nica Forensic Tool was used by one investigator during the investigation of a specific case. The investigator was amazed that the tool provided information about other activities like Outlook and IM. The investigator did not know that there was such a tool that provided all that information. (Used in a real case) Nica Forensic Tool can be used only on computers that are using the Windows platform. Currently set to use the most popular browsers, instant messengers, and Outlook email client but more can be added easily to the scalable architecture. Alicia Castro/NICA Computer Forensic 11/13/2018

Performance Results Computer Name Activities Entries Total Time PC 1 IE, Firefox, Chrome, Outlook, IM, Skype 25,356 5 min, 10 sec. PC 2 IE, Firefox, Outlook 256 2 sec. PC 3 IE, Firefox, Outlook, IM 16,381 2 min, 12 sec The time depends on how many activities are storage on the computer and how many applications are installed. It can be as fast as two seconds or can take several minutes. Alicia Castro/NICA Computer Forensic 11/13/2018

Lessons Learned Difficulties encountered and overcome Limited research documentation Forensic Tools are limited to specific activities Output information was not user friendly Mistakes to avoid Allow enough time for testing. Test and test again and carefully review your work. Test again with a third party. Alicia Castro/NICA Computer Forensic 11/13/2018

Future Directions Enhancements made: Future Works: Automatically looks for path to each of the applications and files where evidence can be found. Gets all the user profiles, actual logged and not logged Produce timeline reports by user per activity. Future Works: Add more applications and/or tools to the scalable application Add more methods to look in to other parts of applications and give more evidence for investigations. Alicia Castro/NICA Computer Forensic 11/13/2018

Conclusion Only portable Forensic Tool that automatically looks for login paths and all user profiles Captures relevant Evidences Easy to use Assist Investigators in obtaining reliable evidence Alicia Castro/NICA Computer Forensic 11/13/2018

References Please refer to Thesis Document http://cs.uccs.edu/~chow/master/acastro/doc/MasterThesisV6.doc Alicia Castro/NICA Computer Forensic 11/13/2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.