Computer Security Fundamentals by Chuck Easttom Chapter 14 Introduction to Forensics.

Slides:



Advertisements
Similar presentations
This presentation will take a look at to prevent your information from being discovered by and investigator.
Advertisements

Computer Security Fundamentals by Chuck Easttom Chapter 3 Cyber Stalking, Fraud, and Abuse.
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Computer Forensics, The Investigators Persepective Paul T. Mobley Sr. Computer Forensics Consultant Jawz Inc.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Guide to Computer Forensics and Investigations Fourth Edition
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Technology for Computer Forensics by Alicia Castro.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Computer Forensics What is Computer Forensics? What is the importance of Computer Forensics? What do Computer Forensics specialists do? Applications of.
Computer Security Fundamentals
Recovering and Examining Computer Forensic Evidence Noblett, Pollit, & Presley Forensic Science Communications October 2000 (Cited by 13 according to Google.
I Information Systems Technology Ross Malaga 3 "Part I Understanding Information Systems Technology" Copyright © 2005 Prentice Hall, Inc. 3-1 SOFTWARE.
Advance evidence collection and analysis of web browser activity by Junhoon Oh David Rivera 11/7/2013 Digital Forensics.
By Drudeisha Madhub Data Protection Commissioner Date:
Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.
Data Deletion and Recovery. Data Deletion  What does data deletion mean in your own words?
Guide to Computer Forensics and Investigations, Second Edition
General Awareness Training
Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.
File Recovery and Forensics
7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.
With Windows 7 Introductory© 2011 Pearson Education, Inc. Publishing as Prentice Hall1 Windows 7 Introductory Chapter 2 Managing Libraries Folders, Files.
Reason for Cyber Crime Pursuit of fame Purely out of mischief For finance means To get revenge on someone they hate Purely to pursuit criminal.
Data Recovery Techniques Florida State University CIS 4360 – Computer Security Fall 2006 December 6, 2006 Matthew Alberti Horacesio Carmichael.
Computer Forensics Principles and Practices
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #8 Computer Forensics Data Recovery and Evidence Collection September.
System Security Chapter no 16. Computer Security Computer security is concerned with taking care of hardware, Software and data The cost of creating data.
Computer Security Fundamentals by Chuck Easttom Chapter 13 Cyber Detective.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
Chapter 18 Technology in the Workplace Section 18.2 Internet Basics.
COEN 252 Computer Forensics Introduction to Computer Forensics  Thomas Schwarz, S.J
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.
Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.
Understanding Computer Viruses: What They Can Do, Why People Write Them and How to Defend Against Them Computer Hardware and Software Maintenance.
An Introduction to Computer Forensics Jim Lindsey Western Kentucky University September 28, 2007.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
Backups. What is a backup. A backup is when someone copies some data (like you may copy and paste your schoolwork!) and sends it to another workstation.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Identify Your System The best way to protect you against computer attack Irvan
© 2010 Pearson Education, Inc. | Publishing as Prentice Hall1 Computer Literacy for IC 3 Unit 2: Using Productivity Software Chapter 1: Starting with Microsoft.
 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
IT1001 – Personal Computer Hardware & system Operations Week7- Introduction to backup & restore tools Introduction to user account with access rights.
Presented by Kofi Appiah Nuamah NTFS Forensics with Disk Explorer Project 3.1.
Copyright © 2007 Heathkit Company, Inc. All Rights Reserved PC Fundamentals Presentation 14 – Windows Security.
© 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke Slide 1 Chapter Extension 24 Computer Crime and Forensics.
1 Introduction to Forensic Science and the Law Fourth amendment protects citizens against “unreasonable search and seizures” Police and crime scene investigators.
COMPUTER VIRUSES By James Robins. THE IMPACT OF VIRUSES By James 2.
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Investigations 2016 First semester [ 12 week ]-Forensic Analysis of the Windows 7 Registry.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Alicia A. Coon COSC 480 October 27, 2006
Computer Security Fundamentals
1D0-570 CIW CIW v5 Security Professional
Computer Security Fundamentals
CYBER FORENSICS | Kiran Bettadapur S. | 5/8/2018.
Criminal Prosecutors with Computer Forensics
Computer Viruses Latifah alabdulkarim
Guide to Computer Forensics and Investigations Fifth Edition
INVESTIGATION PROCESS AND TECHNIQUE
Introduction to Digital Forensics
1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.
Presentation transcript:

Computer Security Fundamentals by Chuck Easttom Chapter 14 Introduction to Forensics

© 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 2 Chapter 14 Objectives Understand basic forensics principles Make a forensic copy of a drive Use basic forensics tools

© 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 3 Don’t Touch the Suspect Drive The first, and perhaps most important, is to touch the system as little as possible. You do not want to make changes to the system in the process of examining it. Look at one possible way to make a forensically valid copy of a drive. Some of this depends on Linux commands, which you may or may not be familiar with. If you are not, students with no Linux experience can use these same commands and accomplish the task tomake a forensic copy of a drive.

© 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 4 Document Trail Beyond not touching the actual drive, the next issue is documentation. If you have never worked in any investigative capacity, the level of documentation may seem onerous to you. But the rule is simple: Document everything.

© 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 5 Secure the Evidence First and foremost, the computer must be taken offline to prevent further tampering. There are some limited circumstances in which a machine would be left online to trace down an active, ongoing attack. But the general rule is to take it offline immediately.

© 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 6 Document Losses Labor cost spent in response and recovery. (Multiply the number of participating staff by their hourly rates.) If equipment were damaged, the cost of that equipment. If data were lost or stolen, what was the value of that data? How much did it cost to obtain that data and how much will it cost to reconstruct it? Any lost revenue, including losses due to down time, having to give customers credit due to inconvenience, or any other way in which revenue was lost.

© 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 7 Finding Evidence in the Browser The browser can be a source of both direct evidence and circumstantial or supporting evidence. Obviously in cases of child pornography, the browser might contain direct evidence of the specific crime. You may also find direct evidence in the case of cyber stalking. However, if you suspect someone of creating a virus that infected a network, you would probably find only indirect evidence such as the person having searched virus creation/programming-related topics.

© 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 8 Finding Evidence in System Logs Application logs Security logs System logs logs Printer logs

© 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 9 Windows Utilities Net sessions Openfiles fc netstat Windows Registry

© 2012 Pearson, Inc. Chapter 14 Introduction to Forensics 10 Summary The most important things you have learned are to first make a forensics copy to work with, and second, to document everything. You simply cannot over-document. You have also learned how to retrieve browser information and recover deleted files, and you have learned some commands that may be useful forensically.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.