Chapter 13: Advanced Security and Beyond Security+ Guide to Network Security Fundamentals Second Edition.

Slides:



Advertisements
Similar presentations
Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
Advertisements

Computer Forensics.
Chapter 13: Advanced Security and Beyond
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
COEN 252 Computer Forensics
Discovering Computers Fundamentals, Third Edition CGS 1000 Introduction to Computers and Technology Fall 2006.
Network+ Guide to Networks, Fourth Edition
Evidence Collection & Admissibility Computer Forensics BACS 371.
Guide to Computer Forensics and Investigations, Second Edition
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
Security Awareness: Applying Practical Security in Your World
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.
Computer Storage Devices Principles of Information Technology Lytle High School Click to continue.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
COEN 252 Computer Forensics Forensic Duplication of Hard Drives.
COEN 252 Computer Forensics
IT Essentials: PC Hardware and Software 1 Chapter 7 Windows NT/2000/XP Operating Systems.
Section 11.1 Identify customer requirements Recommend appropriate network topologies Gather data about existing equipment and software Section 11.2 Demonstrate.
Administering Windows 7 Lesson 11. Objectives Troubleshoot Windows 7 Use remote access technologies Troubleshoot installation and startup issues Understand.
Network+ Guide to Networks, Fourth Edition Chapter 1 An Introduction to Networking.
VisaPro Services Pvt. Ltd.. THE COMPANY VisaPro Immigration Services LLC, USA –US based immigration law firm –Offices in US and India.
What is FORENSICS? Why do we need Network Forensics?
Security in Practice Enterprise Security. Business Continuity Ability of an organization to maintain its operations and services in the face of a disruptive.
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.
7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.
© CCI Learning Solutions Inc. 1 Lesson 5: Basic Troubleshooting Techniques Computer performance Care of the computer Working with hardware Basic maintenance.
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Computer Forensics Principles and Practices
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.
Guide to Linux Installation and Administration, 2e1 Chapter 2 Planning Your System.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
1 IT Investigative Tools Tools and Services for the Forensic Auditor.
Computer Forensics Peter Caggiano. Outline My Background What is it? What Can it do and not do? Goals Evidence Types of forensics Future problems How.
Guide to Computer Forensics and Investigations Fourth Edition
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
Information Systems Security
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
Chapter 4 Objectives Upon completion you will be able to: Classful Internet Addressing Understand IPv4 addresses and classes Identify the class of an.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 9 Performing Vulnerability Assessments.
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Chapter 13: LAN Maintenance. Documentation Document your LAN so that you have a record of equipment location and configuration. Documentation should include.
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Chao-Hsien Chu, Ph.D. College of Information Sciences and Technology The Pennsylvania State University University Park, PA Search.
COEN 252 Computer Forensics Forensic Duplication of Hard Drives.
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Chapter 12: Disaster Recovery and Incident Response
Chapter 13: The IT Professional
Instructor Materials Chapter 13: The IT Professional
Unit 27: Network Operating Systems
Forensic Concept of Data
Digital Forensics Chris Rozic.
Chapter 13: The IT Professional
6. Application Software Security
CIS101B Week 4 Class 1 Chapter 12 Security 12.1 through 12.6
Presentation transcript:

Chapter 13: Advanced Security and Beyond Security+ Guide to Network Security Fundamentals Second Edition

Objectives  Define computer forensics  Respond to a computer forensics incident  Harden security through new solutions  List information security jobs and skills

Understanding Computer Forensics  Computer forensics can attempt to retrieve information— even if it has been altered or erased —that can be used in the pursuit of the criminal  The interest in computer forensics is heightened: High amount of digital evidence Increased scrutiny by legal profession Higher level of computer skills by criminals

Forensics Opportunities and Challenges  Computer forensics creates opportunities to uncover evidence impossible to find using a manual process  One reason that computer forensics specialists have this opportunity is due to the persistence of evidence Electronic documents are more difficult to dispose of than paper documents Deleting a data file does NOT actually delete the file from the computer’s hard drive, it changes the status of that storage location to unused

Responding to a Computer Forensics Incident  Generally involves four basic steps similar to those of standard forensics: Secure the crime scene Collect the evidence Establish a chain of custody Examine and preserve the evidence

Securing the Crime Scene  Physical surroundings of the computer should be clearly documented  Photographs of the area should be taken before anything is touched  Cables connected to the computer should be labeled to document the computer’s hardware components and how they are connected  Team takes custody of the entire computer along with the keyboard and any peripherals

Preserving the Data  Computer forensics team first captures any volatile data that would be lost when computer is turned off and moves data to a secure location  Includes any data not recorded in a file on the hard drive or an image backup: Contents of RAM Current network connections Logon sessions Network configurations Open files

Preserving the Data (continued)  After retrieving volatile data, the team focuses on the hard drive  Mirror image backup (or bit-stream backup) is an evidence-grade backup because its accuracy meets evidence standards (exact duplicate or original)  Mirror image backups are considered a primary key to uncovering evidence; they create exact replicas of the computer contents at the crime scene

Mirror Image Backups  Mirror image backups must meet the following criteria: Mirror image software should only be used by trained professionals Those using the mirror image software must have evidence handling experience The mirror imaging tools must be able to find any bad sectors on the original drive that may cause problems for the imaging software Forensic imaging done in a controlled manner Imaging personnel should be a disinterested third- party

Establishing the Chain of Custody  As soon as the team begins its work, they must start and maintain a strict chain of custody  Chain of custody documents that evidence was under strict control at all times and no unauthorized person was given the opportunity to corrupt the evidence A chain of custody includes documenting all of the serial numbers of the systems and devices involved Who handled the systems and for how long How systems were shipped and stored

Examining Data for Evidence  After a computer forensics expert creates a mirror image of system, original system should be secured and the mirror image examined to reveal evidence  All exposed application data should be examined for clues (documents, spreadsheets, , digital photographs, cookies, cache…)  Microsoft Windows operating systems use Windows page file as a “scratch pad” to write data when sufficient RAM is not available

Windows Page File  Windows page files can range from 1 megabyte to over a gigabyte in size and can be temporary or permanent By default, XP creates a page file which is 1.5 times the amount of installed RAM pagefile.sys  These files can contain remnants of work done in past  Special programs are needed to search through the page file quickly

Examining Data for Evidence  Slack is another source of hidden data  Windows computers use two types of slack 1. RAM slack 2. File slack

RAM Slack  Windows stores files on a hard drive or other media type in 512-byte sectors Multiple sectors make up a cluster  When a file saved is not long enough to fill up the last sector, Windows pads the remaining sector space (for that cluster) with data that is currently stored in RAM This padding creates “RAM slack” and pertains only to the last sector of a file  If additional sectors are needed to round out the block size for the last cluster assigned to the file (if there is not enough data in RAM), a different type of slack is created…

File Slack  File slack (drive slack): padded data that Windows uses comes from data stored on the hard drive  Such data could contain remnants of previously deleted files

Examining Data for Evidence

Summary of Examining Data for Evidence

Exploring Information Security Jobs and Skills  Need for information security workers will continue to grow for the foreseeable future  Information security personnel are in short supply; those in the field are being rewarded well  Security budgets have been spared the drastic cost-cutting that has plagued IT since 2001  Companies recognize the high costs associated with weak security and have decided that prevention outweighs cleanup

Exploring Information Security Jobs and Skills  Most industry experts agree security certifications continue to be important  Preparing for the Security+ certification will help you solidify your knowledge and skills in cryptography, firewalls, and other important security defenses

TCP/IP Protocol Suite  One of the most important skills is a strong knowledge of the foundation upon which network communications rests, namely Transmission Control Protocol/Internet Protocol (TCP/IP)  Understanding TCP/IP concepts helps effectively troubleshoot computer network problems and diagnose possible anomalous behavior on a network

Packets  No matter how clever the attacker is, they still must send their attack to your computer with a packet  To recognize the abnormal, you must first understand what is normal

Firewalls  Firewalls are essential tools on all networks and often provide a first layer of defense  Network security personnel should have a strong background of how firewalls work, how to create access control lists (ACLs) to mirror the organization’s security policy, and how to tweak ACLs to balance security with employee access

Routers  Routers form the heart of a TCP/IP network  Configuring routers for both packet transfer and packet filtering can become very involved  As network connections become more complex (VPN, IPv6), understanding how to implement and configure routers becomes more important

Intrusion-Detection Systems (IDS)  Security professionals should know how to administer and maintain an IDS  Capabilities of these systems has increased dramatically since first introduced, making them mandatory for today’s networks  One problem is that IDS can produce an enormous amount of data that requires checking In addition, IDS/IPS systems can produce a number of false positives.

Other Skills  A programming background is another helpful tool for security workers  Security workers should also be familiar with penetration testing Once known as “ethical hacking,” probes vulnerabilities in systems, networks, and applications

Computer Forensic Skills  Computer forensic specialists require an additional level of training and skills: Basic forensic examinations Advanced forensic examinations Incident responder skills Managing computer investigations

Summary  Forensic science is application of science to questions of interest to the legal profession  Several unique opportunities give computer forensics the ability to uncover evidence that would be extremely difficult to find using a manual process  Computer forensics also has a unique set of challenges that are not found in standard evidence gathering, including volume of electronic evidence, how it is scattered in numerous locations, and its dynamic content

Summary (continued)  Searching for digital evidence includes looking at “obvious” files and messages  Need for information security workers will continue to grow, especially in computer forensics  Skills needed in these areas include knowledge of TCP/IP, packets, firewalls, routers, IDS, and penetration testing

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.