Data Collection, Analysis and Preservation Computer Forensics: Data Collection, Analysis and Preservation Kikunda Eric Kajangu, Cher Vue, and John Mottola.

Slides:

Advertisements

Similar presentations

Security and Control Soetam Rizky. Why Systems Are Vulnerable ?

Advertisements

Computer Forensics By: Stephanie DeRoche Benjamin K. Ertley.

E-Discovery for System Administrators Russell M. Shumway.

No Nonsense File Collection Presented by: Pinpoint Labs Presenter: Jon Rowe, CCE, ISFCE Certified Computer Examiner Members: The International Society.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

We’ve got what it takes to take what you got! NETWORK FORENSICS.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

Computer Forensics, The Investigators Persepective Paul T. Mobley Sr. Computer Forensics Consultant Jawz Inc.

Guide to Computer Forensics and Investigations, Second Edition

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,

Forensic and Investigative Accounting

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

OPERATING SYSTEMS AND SYSTEMS SOFTWARE. SYSTEMS SOFTWARE Systems software consists of the programs that control the operations of the computer and its.

Computer Forensics Tools

Computer Forensics Mr.PRAWEE PROMPONMUANG M.Sc(Forensic Science) NO

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (

By Drudeisha Madhub Data Protection Commissioner Date:

Guide to Computer Forensics and Investigations, Second Edition

Information Technology & Computer Science E-Discovery Lab Identification and Collection Seminar on E-Discovery, February 9th, 2012, College of Information.

Guide to Computer Forensics and Investigations, Second Edition

Software CSI -- Effects of Computer-Resident Evidence September 12, 2008 Southern California Software Process Improvement Network (SCSPIN) John Cosgrove,

IT GOVERNANCE AND CYBERCRIME Open Source Forensic Tools 19/04/10.

Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.

Use of IT Resources for Evidence Gathering & Analysis Use of IT Resources for Evidence Gathering & Analysis Raymond SO Wing-keung Assistant Director Independent.

7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.

Computer Forensics Iram Qureshi, Prajakta Lokhande.

Recordkeeping for Good Governance Toolkit Digital Recordkeeping Guidance Funafuti, Tuvalu – June 2013.

Undergraduate Technology Programs John Baker Johns Hopkins University Carey Business School

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Chapter 3 Databases and Data Warehouses: Supporting the Analytics-Driven.

Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.

Rewriting the Law in the Digital Age

Computer Forensics Principles and Practices

An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.

1 IT Investigative Tools Tools and Services for the Forensic Auditor.

Computer Forensics Peter Caggiano. Outline My Background What is it? What Can it do and not do? Goals Evidence Types of forensics Future problems How.

CLOUD COMPUTING Overview on cloud computing. Cloud vendors. Cloud computing is a type of internet based computing where we use a network of remote servers.

Guide to Computer Forensics and Investigations Fourth Edition

Deloitte Forensic Forensic Technology Conference of Regulatory Officers - CORO November 2012.

An Introduction to Computer Forensics Jim Lindsey Western Kentucky University September 28, 2007.

Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.

Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.

Cyber Forensics From Data To Digital Evidence Book by - A. Marcella, F. Guillossou.

 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.

Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.

Forensics Jeff Wang Code Mentor: John Zhu (IT Support)

Cybercrime Courses 1.Child Protection Software 2.Forensic Scan 3.Internet For Investigators 1.Intelligence Gathering On The Internet (Open Source) 1.Covert.

ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.

By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.

Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.

CYBER AND COMPUTER FORENSICS. 2016/06/082 Network of experienced stakeholders in the cybercrime environment Information gathering capability and analytical.

Digital Forensics Market Analysis: By Forensic Tools; By Application (Network Forensics, Mobile Forensics, Database Forensics, Computer Forensics) - Forecast.

Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.

Cell Phone Forensics Investigator - ICFECI

By: Tom Maloney. Overview What is ProDiscover What it can be used for A few quick tools A real example ProDiscover vs. ENCASE ProDiscover IR Applications.

Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.

By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.

CyberLaw. Assignment Review Cyber LawCyberLaw 6/23/2016 CyberLaw 3 Securing an Organization  This Chat: CyberLaw and Compliance –Forensics –Privacy.

By: Tom Maloney. Overview What is ProDiscover What it can be used for A few quick tools A real example ProDiscover vs. ENCASE ProDiscover IR Applications.

Computers: Tools for an Information Age

Chapter 13: The IT Professional

Computer Forensics By: Chris Rozic.

Associate Degree in Cyber security

Computer Forensics 1 1.

Introduction The Regional Computer Forensics Laboratory (RCFL) National Program Office created this toolkit to help law enforcement executives assess.

Digital Forensics Chris Rozic.

1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.

Ensuring the Quality and Best Use of Information

Chapter 13: The IT Professional

Electronic Discovery Sabrina Jones 4/14/2011.

Presentation transcript:

Data Collection, Analysis and Preservation Computer Forensics: Data Collection, Analysis and Preservation Kikunda Eric Kajangu, Cher Vue, and John Mottola ITIS

Computer Forensics defined: The use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded.

Industry companies interested in computer forensics Guidance Software ( ◦ They are the creators of the popular GUI-based forensic tool “EnCase”. Digital Intelligence, Inc. ( ◦ Digital Intelligence designs and builds computer forensic software and hardware. They also offer free forensic utility software for law enforcement. IVIZE Data Center: ( ◦ They provide several litigation support services including Electronic Data Discovery

Three main concepts Data collection Data analysis Data preservation

Data Collection Research challenges ◦ Gathering data  Ensuring the data is relevant and complete  Obtaining volitile data  Obtaining deleted and changed files ◦ Lack of trained professionals  Computer Forensics is a relatively new field  Threat of System administrators corrupting data  No standards

Data Collection Evolution of data collection ◦ Mid 1980’s  X-Tree Gold and Norton Disk Edit  Limited to recovering lost or deleted files ◦ 1990’s  Specialized tools began to appear  Tools to perform Network investigations ◦ 1999  Boot to floppy and write to alternative media  Very slow transfer rate. (1GB/hr) ◦ Current  Many tools to choose from  GUI and Command Line Tools are available  Fast and efficient

Data Analysis The main problem when dealing with electronic data analysis is not only the size that can easily reach a very large volume to manage, but also the different number of the application associated with those files. Electronic Data Discovery : - , Microsoft Office files, accounting databases,… - other electronically-stored information which could be relevant evidence in a law suit. Tools to analyze electronic data in computer forensics : ◦ - Needle Finder: use a special.NET framework application in conjunction with a SQL database to process hundreds of file types and s simultaneously and pinpoint pertinent, requested information for analysis. ◦ - E-Discovery

Data Preservation Data should never be analyzed using the same machine it is collected from Forensically sound copies of all data storage devices, primarily hard drives, must bet made. There are two goals when making an image ◦ Completeness ◦ Accuracy This is done by using standalone hard-drive duplicator or software imaging tools such as DCFLdd or Iximager

Research Challenges: What are the essential problems in this field Training Operational Standards International Standardization

Training Law enforcement personnel should be trained to handle it Network operators should also be trained, to improve their abilities in intrusion detection, Lawyers should receive some training to give a basic understanding of computer evidence.

Operational Standards Basic guidelines for the evidence collection process to be established ◦ Planning ◦ Recording ◦ Performance ◦ Monitoring ◦ Recording ◦ Reporting

International Standardization Different countries each have their own methods, standards, and laws What is acceptable evidence in one country may not be in another Serious problem when dealing with international crimes, as computer crime often is

Conclusions and future work Even though it is a fascinating field, due to the nature of computers, far more information is available than there is time to analyze. The main emphasis of future work is on recovery of data. To improve ways to: ◦ Identify the evidence ◦ Determine how to preserve the evidence ◦ Extract, process, and interpret the evidence ◦ Ensure that the evidence is acceptable in a court of law

Works Cited "5 Common Mistakes in Computer Forensics." Online Security. 25 June Nov.-Dec "Computer Forensics." Digitalintelligence Oct "Computer Forensics." Disklabs Oct "Computer Forensics." Techtarget. 16 Dec Oct "Computer Forensics." Wikipedia. 26 Nov Nov Dearsley, Tony. "United States: Computer Forensics." Mondaq. 14 June Oct Garner, George M. "Forensic Acquisition Utilities." Gmgsystemsinc Nov "International High Technology." Htcia Oct “Computer Forensics-A Critical Need In Computer Science Programs” “Computer Forensics Laboratory and Tools”

Works Cited Ispirian. "Following Procedure." Hgexperts Nov Monica. "A Community of Computer Forensics Professionals." Computerforensicsworld. 26 Aug Nov Morris, Jamie. "Computer Forensics Tools." Ezinearticles. 27 Oct Oct Reuscher, Dori. "How to Become a Cyber-Investigator." About Nov Robinson, Judd. "An Explanation of Computer Forensics." Computerforensics Oct Swartz, Jon. "Cybercrime Spurs College Courses in Digital Forensics." Usatoday. 06 June Nov LaBancz, Melissa. “Expert vs. Expertise: Computer Forensics and the Alternative OS” “Computer Forensics – Past, Present And Future”