Study of Comparison of Digital Forensic Investigation Models.

Slides:



Advertisements
Similar presentations
Fieldwork assessment The difference between AS and A2 David Redfern
Advertisements

Six Blind Men from Indostan Mark M. Pollitt Digital Evidence Professional Services, Inc.
Mapping Studies – Why and How Andy Burn. Resources The idea of employing evidence-based practices in software engineering was proposed in (Kitchenham.
Evidence Collection & Admissibility Computer Forensics BACS 371.
Crime Scene Basics. The Crime Scene Crime Scene- any physical location in which a crime has occurred or is suspected of having occurred – Classifications:
MSc in Business Information Technology
We’ve got what it takes to take what you got! NETWORK FORENSICS.
Guide to Computer Forensics and Investigations, Second Edition
Forensic and Investigative Accounting
1.  The term ballistics refers to the science of the travel of a projectile in flight.  The flight path of a bullet includes: travel down the barrel,
Technology for Computer Forensics by Alicia Castro.
1. True or False? When testing for DNA, investigators must use all of the sample to make sure they get an accurate test. 2. Where do we find DNA in a cell?
Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.
The Next Step in Biometric Data Fusion Ged Griffin APCOA Melbourne 23 February 2011.
Crime Analysis/Mapping Crime Analysis is the process of analyzing crime to identify patterns and suspects. –Who is doing what to whom, where, and when.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
By Drudeisha Madhub Data Protection Commissioner Date:
Presented by Dorian S. Conger Conger-Elsea, Inc Riveredge Parkway, Suite 740 Atlanta, GA phone fax
T OWARDS S TANDARDS IN D IGITAL F ORENSICS E DUCATION.
An Event-based Digital Forensic Investigation Framework Brian D. Carrier Eugene H. Spafford DFRWS 2004.
Guide to Computer Forensics and Investigations, Second Edition
{ Senate Hearing Project Kathryn Gustafson Farmington High School.
December 2010 Project Director’s Report OIDAP Quarterly Meeting Baltimore, MD Sylvia Karman OIDAP Member & Director, Office of Vocational Resources Development.
INTRODUCTION TO FORENSICS Science, Technology, & Society MR. CANOVA PERIOD 11.
Defining Digital Forensic Examination & Analysis Tools Brian Carrier.
Fraud Examination Evidence III: Forensic Science and Computer Forensics McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies,
 Services of the Crime Laboratory- ◦ Many local crime laboratories have been created solely for the purpose of processing evidence. Currently most of.
Ragib Hasan University of Alabama at Birmingham CS 491/691/791 Fall 2011 Lecture 11 09/27/2011 Security and Privacy in Cloud Computing.
Methods: Pointers for good practice Ensure that the method used is adequately described Use a multi-method approach and cross-check where possible - triangulation.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #14 Network Forensics September 26, 2007.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #9 Preserving Digital Evidence; Image Verifications and Authentication.
STANKIEWICZ. Essential Questions and Learning What is the purpose of criminal Investigation? What are the basic steps in criminal investigations? What.
℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.
Information commitments, evaluative standards and information searching strategies in web-based learning evnironments Ying-Tien Wu & Chin-Chung Tsai Institute.
 It is a branch of FORENSIC SCIENCE for legal evidence found in computer  It refers to detail investigation of the computers to carry out required tasks.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Forensic Science “ Oh, how simple it would all have been had I been here before they came like a herd of buffalo and wallowed all over it.” —A. Conan Doyle,
1 Book Cover Here Copyright © 2014, Elsevier Inc. All Rights Reserved Chapter 14 RECONSTRUCTING THE PAST Methods, Evidence, Examples Criminal Investigation:
APPR: Ready or Not Joan Townley & Andy Greene October 20 and 21, 2011.
Consultant Advance Research Team. Outline UNDERSTANDING M&E DATA NEEDS PEOPLE, PARTNERSHIP AND PLANNING 1.Organizational structures with HIV M&E functions.
Using automation to enhance the process of Digital Forensic analysis Daniel Walton School of Computer and Information Science
A Hierarchical, Objectives-Based Framework for the Digital Investigations Process Nicole Beebe & Jan Guynes Clark University of Texas at San Antonio DFRWS.
Crime Laboratories Forensic Science Services. Objectives   List and describe the functions of the various units found in a modern all- purpose crime.
WHO Regional Workshop on Good Manufacturing Practices for Blood Establishments Dr Ana Padilla, Blood Products & related Biologicals Essential Medicines.
All rights Reserved Cengage/NGL/South-Western © 2016.
2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA Automatically Creating Realistic Targets for Digital Forensics Investigation  Frank Adelstein.
Forensic Science Paradigm Mark Pollitt Associate Professor.
Forensic and Investigative Accounting Chapter 13 Computer Forensics: A Brief Introduction © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago,
Chapter 1. What is Forensic Science? Methods of science applied to public matters Justice system: criminal and civil law.
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
Digital Forensics Market Analysis: By Forensic Tools; By Application (Network Forensics, Mobile Forensics, Database Forensics, Computer Forensics) - Forecast.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Chang, Wen-Hsi Division Director National Archives Administration, 2011/3/18/16:15-17: TELDAP International Conference.
Digital Evidence Acquisition Using Cyberforensics Tools Oral Paper Presentation Graduate Student Research Development Day Virtual Conference October 25,
2014 Digital Forensics Conference. 2 Conference 3  Post-Proceedings will be published by Springer as an LNCS volume  March 14, 2014 / Aug 24, 2014.
RESEARCH METHODS Lecture 8. REVIEW OF LITERATURE.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
An Internet of Things (IoT) Digital Forensics Framework (IDFF) Edewede Oriwoh Department of Computer Science and Technology 3.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
MANAGEMENT of INFORMATION SECURITY, Fifth Edition
PhD Oral Exam Presentation
Introduction to Computer Forensics
Digital Forensics Dr. Bhavani Thuraisingham
Introduction to Computer Forensics
Introduction to Digital Forensics
1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.
OECD good practices for setting up an RIA system Regional Capacity-Building Seminar on Regulatory Impact Assessment Istanbul, Turkey 20 November 2007.
CRISP Process Stephen Wyrick.
Public Safety What is it?.
Presentation transcript:

Study of Comparison of Digital Forensic Investigation Models

What is Digital Forensics? Forensics - The use of science and technology to investigate and establish facts in criminal or civil courts of law. Forensics - The use of science and technology to investigate and establish facts in criminal or civil courts of law. Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums. Computer forensics is also known as Digital Forensics. Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums. Computer forensics is also known as Digital Forensics. Ref:

► Inculpatory Evidence – Supports a given theory ► Exculpatory Evidence – Contradicts a given theory ► Evidence of Tampering – Shows that the system was tampered with to avoid identification Types of Evidence Ref: T. Lillard Consulting, Inc. 2002

Computer Forensics Methodologies consist of Three Basic Components ► Acquiring the evidence while ensuring that the integrity is preserved; ► Authenticating the validity of the extracted data, which involves making sure that it is as valid as the original ► Analyzing the data while keeping its integrity. Ref: Kruse II, Warren and Jay, G. Heiser (2002) Computer Forensics: Incident Response Essentials. Addison-Wesley

The Forensics Process Model ► Collection ► Examination ► Analysis ► Reporting Ref: National Institute of Justice. (July 2001) Electronic Crime Scene Investigation. A Guide for First Responders.

The Abstract Digital Forensics Model ► Identification ► Preparation ► Approach strategy ► Preservation ► Collection ► Examination ► Analysis ► Presentation ► Returning evidence Ref: Mark Reith, Clint Carr and Gregg Gunsch.(2002)An Examination of Digital Forensic Models International Journal of Digital Evidence, Fall 2002,Volume 1, Issue 3

Pollitt 1995 Ref: Pollitt, M. “Computer Forensics: an Approach to Evidence in Cyberspace”, Proceedings (Vol. II, pp ) of the National Information Systems Security Conference, Baltimore, MD. 1995

Noblett, et al 2000 Ref: Noblett, M., Pollitt, M., Presley, L. “Recovering and Examining Computer Forensic Evidence”, Forensic Science Communications, Volume 2 Number

Digital Forensic Research Workshop 2001 Ref: Digital Forensic Research Workshop (DFRWS) Research Road Map, Utica, NY. (2001)

Reith, Carr and Gunsch 2002 They offer a model comprised of nine steps: ► Identification ► Preparation ► Approach Strategy ► Preservation ► Collection ► Examination ► Analysis ► Presentation ► Returning Evidence. Ref: Reith, M., Carr C. and Gunsch, G. “An Examination of Digital Forensic Models”, IJDE Fall 2002 Volume 1, Issue 3.

Carrier and Spafford 2003 ► Readiness ► Deployment ► Physical Crime Scene Investigation ► Digital Crime Scene Investigation ► Review Phases Ref: Carrier, B. and Spafford, E. “Getting Physical with the Digital Investigation Process”, International Journal of Digital Evidence Fall 2003, Volume 2, Issue 2.

Carrier 2003 ► In Carrier’s outlines the layers of abstraction that constitute Forensic Examination Ref: Carrier, B. “Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers”, International Journal of Digital Evidence Winter 2003, Volume 1, Issue 4.

Mocas 2003 She identified multiple contexts for digital forensics: ► Law Enforcement Context ► A Military Context ► Business System Security Context. Ref: Mocas, S. (2003) “Building Theoretical Underpinnings for Digital Forensics”,

Baryamueeba and Tushabe 2004 They suggested a modification to Carrier and Spafford’s Integrated Digital Investigation Model of ► They describes two additional phases  Trace back  Dynamite They seek to separate the investigation into primary crime scene (the computer) and the secondary crime scene (the physical crime scene). The goal is to reconstruct the two crime scenes concurrently to avoid inconsistencies Ref: Baryamureeba V. and Tushabe, F. “The Enhanced Digital Investigation Process Model”, DFRWS 2004, Baltimore, MD.

Beebe and Clark 2004 He proposes previous models were single tier, in fact the process tends to be multi-tiered. He proposes SEE approach: ► Survey ► Extract ► Examine They introduce the concept of objectives-based tasks. Ref: Beebe, N. and Clark, J. “A Hierarchical, Objectives-Based Framework for the Digital Investigations Process”, DFRWS 2004 Baltimore, MD.

Carrier and Spafford 2004 ► Carrier and Spafford add new elements to the digital forensic framework  Events and  Event Reconstruction Ref: Carrier, B. and Spafford, E. “An Event-based Digital Forensic Investigation Framework”, DFRWS 2004, Baltimore, MD

Ruibin, Yun and Gaertner 2005 Ref: Pollitt, M. “Six Blind Men from Indostan”, DFRWS, 2004, Baltimore, MD.

Erbacher, Christensen and Sundberg Ref: Robert F. Erbacher, Kim Christensen, and Amanda Sundberg, "Visual Forensic Techniques and Processes," Proceedings of the 9th Annual NYS Cyber Security Conference Symposium on Information Assurance, Albany, NY, June 2006, pp

Kent, Chevalier, Grance and Dang 2006 ► Collection ► Examination ► Analysis ► Reporting Ref: Kent, K., Chevalier, S., Grance, T. and Dang, H. “ Guide to Integrating Forensics into Incident Response”, Special Publication , Computer Security Division Information Technology Laboratory, National Institute of Standards and Technology, Gaithersburg, MD August 2006

Project Goals ► Study all existing digital forensic investigation models. ► Capture their timeline and basis for development. ► Compare them for their use in various situations and their pro and cons for those situations. ► Suggest drawbacks and need for further development. ► Evaluate their scalability and growth and technology adaptation. ► Find various important parameters to rate compare the existing and upcoming models. ► Tell their usage in Indian and Global context.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.