We’ve got what it takes to take what you got! NETWORK FORENSICS.

Slides:



Advertisements
Similar presentations
Introduction to Information System
Advertisements

INFORMATION WITHOUT BORDERS CONFERENCE February 7, 2013 e-DISCOVERY AND INFORMATION MANAGEMENT.
Computer Forensics By: Stephanie DeRoche Benjamin K. Ertley.
Evidence Collection & Admissibility Computer Forensics BACS 371.
Data Collection, Analysis and Preservation Computer Forensics: Data Collection, Analysis and Preservation Kikunda Eric Kajangu, Cher Vue, and John Mottola.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Guide to Computer Forensics and Investigations, Second Edition
Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.
Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
BACS 371 Computer Forensics
EDiscovery and Records Management. Records Management- Historical Perspective- Paper Historically- Paper was the “Corporate Memory” – a physical entity.
Developing a Records & Information Retention & Disposition Program:
Forensic and Investigative Accounting
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
January 14, 2010 Introduction to Ethical Hacking and Network Defense MIS © Abdou Illia.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
seminar on Intrusion detection system
Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.
Network security policy: best practices
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
By Drudeisha Madhub Data Protection Commissioner Date:
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
Dr. Bhavani Thuraisingham The University of Texas at Dallas
COEN 152 Computer Forensics Introduction to Computer Forensics.
ISMS for Mobile Devices Page 1 ISO/IEC Information Security Management System (ISMS) for Mobile Devices Why apply ISMS to Mobile Devices? Overview.
What is FORENSICS? Why do we need Network Forensics?
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.
Practical Investigative Strategies
Computer Forensics Principles and Practices
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
QUALITY OF EVIDENCE FRCC Compliance Workshop September/October 2008.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
INTERACTIVE ANALYSIS OF COMPUTER CRIMES PRESENTED FOR CS-689 ON 10/12/2000 BY NAGAKALYANA ESKALA.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
每时每刻 可信安全 1 Since disks and other magnetic media are only copies of the actual or original evidence, what type of evidence are they are often considered.
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University September 28, 2007.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Record Authenticity as a Measure of Trust: A View Across Records Professions, Sectors, and Legal Systems Corinne Rogers University of British Columbia.
Security fundamentals Topic 13 Detecting and responding to incidents.
Cyber Forensics From Data To Digital Evidence Book by - A. Marcella, F. Guillossou.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Forensic and Investigative Accounting Chapter 13 Computer Forensics: A Brief Introduction © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago,
By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.
Mobile Device Collection More Than Just a Phone. More than just a phone… Cell phone Address book Planner & Organizer Messenger Photo & Video camera GPS.
Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.
CIT 180 Security Fundamentals Computer Forensics.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
Intrusion Detection MIS ALTER 0A234 Lecture 12.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
PhD Oral Exam Presentation
Computer Forensics By: Chris Rozic.
Introduction to Computer Forensics
CompTIA Security+ Study Guide (SY0-501)
Chapter 1 Scientific Method.
Introduction to Digital Forensics
1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.
Presentation transcript:

We’ve got what it takes to take what you got! NETWORK FORENSICS

INTRODUCTION AND COURSE OVERVIEW What is network forensics Sources of Network Data and Evidence Forensically Sound Evidence Acquisition Techniques Packet Analysis Statistical Analysis Event Log Aggregation, Correlation and Analysis Active Evidence Acquisition Analysis of Wireless Network Traffic

WHAT IS NETWORK FORENSICS “Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection.” 1

Data is changing constantly Pinpointing direct location of needed evidence is problematic Physical access to network devices can be difficult Most network devices do not have persistent data storage Investigators must minimize investigation impact on business network Conflicting precedence and not yet standardized Data is static and preserved once power is removed Evidence is contained within the file system Easy to make a forensically sound image Seizing a businesses computer/s usually involves limited disruption Legal precedence in place and is routinely admitted into court DEAD-BOX vs. NETWORK FORENSICS Dead-boxNetwork

WHY DO WE NEED TO WORRY ABOUT NETWORK CRIME? “The Federal Bureau of Investigation (FBI) estimates that cyber crime costs more than $100 billion per year.” 2 Attacks can come from both inside and outside of the network. Not just basement hackers anymore Employees Business competition Professional hackers for hire City-states

QUICK EVIDENCE REVIEW Real evidence - physical objects that play a relevant role in the crime Physical HHD or USB Computer – box, keyboard, etc. Best evidence - can be produced in court Recovered file Bit – for – bit snapshot of network transaction Direct evidence – eye witness Circumstantial evidence – linked with other evidence to draw conclusion signature USB serial number Hearsay – second-hand information Text file containing personal letter Business records – routinely generated documentation Contracts and employee policies Logs Digital evidence – electronic evidence s / IM Logs

INVESTIGATIVE METHODOLOGY OSCAR 3 Obtain information Strategize Collect evidence Analyze Report

OBTAIN INFORMATION 3 Incident description Information regarding incident discovery Known persons involved Systems and / or data known to be involved Actions taken by organization since discovery Potential legal issues Working time frame for investigation and resolution Specific goals Etc.

THE ENVIRONMENT 3 Working business model and enforceable policies Potential legal issues involved with said business model and policies Organizational structure Network topology Possible network evidence sources Incident response management procedures Central communication systems (investigator communication and evidence repository) Available resources Staff Equipment Funding Time

STRATEGIZE 3 Understand the goals and time frame for investigation Organize and list resources Identify and document evidence sources Estimate value of evidence versus value of obtaining it Prioritize based on this estimate Plan of attack – both for acquisition and analysis Set up schedule for regular communication between investigators Remember that this is fluid and will most likely have to be adjusted

COLLECT EVIDENCE 3 Document, document, document Lawfully capture evidence Make cryptographically verifiable copies Setup secure storage of collected evidence Establish chain of custody Analyze copies only Use legally obtained, reputable tools Document every step

ANALYZE 3 Show correlation with multiple sources of evidence Establish a well documented timeline of activities Highlight and further investigate events that are potentially more relevant to incident Corroborate all evidence, which may require more evidence gathering Reevaluate initial plan of attack and make needed adjustments Make educated interpretations of evidence that lead to a thorough investigation, look for all possible explanations Build working theories that can be backed up by the evidence (this is only to ensure a thorough investigation) SEPARATE YOUR INTERPRETATIONS FROM THE FACTS

REPORT 3 Every report must be: Understandable by nontechnical people Complete and meticulous Defensible in every detail Completely factual

WORKS CITED emid=49 3.Davidoff, S., & Ham, J. (2012). Network Forensics Tracking Hackers Through Cyberspace. Boston: Prentice Hall.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.