7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.

Slides:



Advertisements
Similar presentations
CLEARSPACE Digital Document Archiving system INTRODUCTION Digital Document Archiving is the process of capturing paper documents through scanning and.
Advertisements

2 Language of Computer Crime Investigation
Fraud Examination, 3E Chapter 7: Investigating Theft Acts
Albrecht, Albrecht, Albrecht, Zimbelman © 2011 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part, except.
COEN 252 Computer Forensics
F6-Preparing for forensic Duplication Dr. John P. Abraham Professor UTPA.
Guide to Computer Forensics and Investigations, Second Edition
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
CERT ® System and Network Security Practices Presented by Julia H. Allen at the NCISSE 2001: 5th National Colloquium for Information Systems Security Education,
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.
COS/PSA 413 Lab 4. Agenda Lab 3 write-ups over due –Only got 9 out of 10 Capstone Proposals due TODAY –See guidelines in WebCT –Only got 4 out of 10 so.
By Drudeisha Madhub Data Protection Commissioner Date:
Data Acquisition Chao-Hsien Chu, Ph.D.
Capturing Computer Evidence Extracting Information.
New Data Regulation Law 201 CMR TJX Video.
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
The Impact of Physical Security on Network Security
Guide to Computer Forensics and Investigations, Second Edition
Data Stewardship May 13, 2010 Tom Barton R.L. Morgan Ron Kraemer.
Phases of Computer Forensics 1 Computer Forensics BACS Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,
What is FORENSICS? Why do we need Network Forensics?
Data management in the field Ari Haukijärvi 2nd EHES training seminar.
Dr Richard Overill Department of Informatics King’s College London Cyber Sleuthing or the Art of the Digital Detective.
Computer Forensics Principles and Practices
Your Interactive Guide to the Digital World Discovering Computers 2012.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
What is MediaCAST. MediaCAST is an on-demand learning platform purchased by the CCSD to enhance the delivery of lessons in the classroom. The system provides.
© Sapphire 2006 Computer Misuse in the Workplace You only get one chance..... David Horn You only get one chance...
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #9 Preserving Digital Evidence; Image Verifications and Authentication.
The Crime Scene. Vocabulary Make a vocabulary page in your notebook for each of the following terms: Primary Crime Scene Secondary Crime Scene Physical.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.
Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Crime Scene Investigation. Basic Premise The actions taken at the onset of an investigation are vitally important to the successful resolution of the.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
_______________________________________________________________________________________________________________ ____________ Successfully Investigating.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
Keyboard Computer Mouse Input devices is the information you put into the computer.
Chapter 2.1 Notes. Objectives Define physical evidence. Discuss the responsibilities of the first police officer who arrives at the crime scene. Explain.
1 UNIT 19 Data Security 2. Introduction 2 AGENDA Hardware and Software protect ion Network protect ion Some authentication technologies :smart card Storage.
1 UNIT 19 Data Security 2 Lecturer: Ghadah Aldehim.
CMPF124 Personal Productivity with Information Technology Chapter 2 – Part 3 Introduction To Windows Operating Systems Windows Accessories CMPF 112 : COMPUTING.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
1 Introduction to Forensic Science and the Law Fourth amendment protects citizens against “unreasonable search and seizures” Police and crime scene investigators.
Digital Literacy: Computer Basics
Forensic Training 101 Kiyosha N. Malcolm C. Kevin M. Imani W.
Forensics Chapter 3 THE CRIME SCENE. AT THE CRIME SCENE Crime scene: any place where evidence may be located to help explain events. ALL crime scenes.
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Chapter 11 Analysis Methodology Spring Incident Response & Computer Forensics.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
Intrusion Detection MIS ALTER 0A234 Lecture 12.
CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.
Chapter 2 – Introduction to Windows Operating System II Manipulating Windows GUI 1CMPF112 Computing Skills for Engineers.
Fundamental of Information Communication Technology (ICT)
Chapter 3 First Response.
Guide to Computer Forensics and Investigations Fifth Edition
UNIT 19 Data Security 2.
©2011 Eoghan Casey. Published by Elsevier Inc. All rights reserved.
Forensics Week 2.
Digital forensics Andrej Brodnik Andrej Brodnik: Digital forensics.
CIS101B Week 4 Class 1 Chapter 12 Security 12.1 through 12.6
On-Site Investigations
Presentation transcript:

7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA

Introduction GOAL: Sequestered environment where –All contents are mapped and recorded –Accompanying photographs and basic diagrams showing areas and items –Evidence is frozen in place This chapter deals with handling individual computers as a source of evidence. US department of Justice and Secret Service Electronic Crime Scene Investigation. Best Practices for Seizing Electronic Evidence Guide for first responders Also The good practice guide for computer based evidence by association of chief of police officers (ACPO)

Major principles No action taken should change data held on a computer or storage media Anyone accessing the computer must be competent in cyber forensics. An audit trail or other record of all processes applied to electronic evidence must be kept. Person in charge of the overall case has the responsibility of ensuring that the law and these principles are adhered to.

Authorization Obtain written authorizations and instructions from attorneys. Private and personal computer access would require warrant unless an employee agrees to the search. Work place computer may not require a warrant. Digital investigators are generally authorized to collect and examine only what is directly pertinent to the investigation.

Preparing to handle digital crime scenes Make diagrams and have a plan as to what to examine. What type of tools should be brought to the scene. Bring questionnaire to interview individuals at the crime scene.

Surveying the Digital Crime Scene Look at laptops, handheld devices, Digital video records (DVRs) Gaming systems External hard drives Digital cameras DVDs Look for installation disks that give clues Network configurations, look for remote machine in the facility or outside.

Preserving the Digital Crime Scene Controlling Entry points – secure the crime scene. Save biometric access system data and video recordings. Save network level logs (copy). Preserve all backup media, do not overwrite backup media. Preserve s on the servers. Keyboards may have fingerprints.

Preserving data on live systems The contents of volatile memory must be obtained such as a note being written. Which account is running under certain processes. Capture information related to active processes and network connections.

Shutting down Remove power from the back of the machine. Open the case and remove power to the hard drives. Check for missing parts Check for explosives.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.