COMPUTER FORENSICS By Jason Ford and Anthony Kniffin.

Slides:



Advertisements
Similar presentations
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Advertisements

Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Computer Crime The Internet has opened the door to new kinds of crime and new ways of carrying out traditional crimes. Computer crime is any act that violates.
Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Computer Forensics and Digital Investigation – a brief introduction Ulf Larson/Erland Jonsson.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Prepared by: Nahed Al-Salah
Security, Privacy, and Ethics Online Computer Crimes.
FIT3105 Security and Identity Management Lecture 1.
Handling Security Incidents
H-1 Management Information Systems for the Information Age Copyright 2004 The McGraw-Hill Companies, Inc. All rights reserved Extended Learning Module.
Computer Forensics What is Computer Forensics? What is the importance of Computer Forensics? What do Computer Forensics specialists do? Applications of.
Fraud Examination Evidence I: Physical, Documentary, and Observational Evidence McGraw-Hill/Irwin Copyright © 2012 by The McGraw-Hill Companies,
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Role of Technology in Combating Crime Against Woman and Children Presented by Detective Constable Janelle Blackadar Child Exploitation Section Toronto.
Guide to Computer Forensics and Investigations Third Edition
Department of Mathematics Computer and Information Science1 Basics of Cyber Security and Computer Forensics Christopher I. G. Lanclos.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 12 Investigations.
Copyright © 2014 Pearson Education, Inc. 1 IS Security is a critical aspect of managing in the digital world Chapter 10 - Securing Information Systems.
Chapter 11 Security and Privacy: Computers and the Internet.
Cyber Crimes.
Viruses.
 Computer Hacking is the practice of modifying computer hardware and software to accomplish a goal outside of the creator’s original purpose.  the act.
Prepared and presented by Group 5: 1. NGABOYERA Valens 2. TWAGIRAMUNGU Serge 3. KAYIRANGA Augustin 4. BAYINGANA Aimable 5. SAMVURA Jean de Dieu 6. RUKUNDO.
Security Awareness: Applying Practical Security in Your World Chapter 1: Introduction to Security.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.
Computer Forensics Iram Qureshi, Prajakta Lokhande.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
Forensic and Investigative Accounting Chapter 14 Digital Forensics Analysis © 2011 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL
CYBER CRIME.
Guide to Computer Forensics and Investigations Fourth Edition Chapter 1 Computer Forensics and Investigations as a Profession.
Eng. Hector M Lugo-Cordero, MS CIS4361 Department of Electrical Engineering and Computer Science February, 2012 University of Central Florida.
Computer Security Management: Assessment and Forensics Session 8.
G061 - Network Security. Learning Objective: explain methods for combating ICT crime and protecting ICT systems.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
Laws and Resources. Understanding Case Law  Technology is evolving at an exponential pace  Existing laws and statutes can’t keep up change  Case law.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
1 Computer Crime Often defies detection Amount stolen or diverted can be substantial Crime is “clean” and nonviolent Number of IT-related security incidents.
 It is a branch of FORENSIC SCIENCE for legal evidence found in computer  It refers to detail investigation of the computers to carry out required tasks.
What is risk online operation:  massive movement of operation to the internet has attracted hackers who try to interrupt such operation daily.  To unauthorized.
Computer Forensics Law & Privacy © Joe Cleetus Concurrent Engineering Research Center, Lane Dept of Computer Science and Engineering, WVU.
Computer security By Isabelle Cooper.
By: Megan Guild and Lauren Moore. Concept Map Mountain Stream Co. OS Active wear Computer Security Their Questions Details Examples Computer Forensics.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
Types of Cybercrime (FBI, 2000) 1.Unauthorized access by insiders (such as employees) 2.System penetration by outsiders (such as hackers) 3.Theft of proprietary.
Cooperating with Internet Service Providers OSCE, Vienna, 24 th October 2008.
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
Analysing s Michael Jones. Overview How works Types of crimes associated with Mitigations Countermeasures Michael Jones2Analsysing s.
Digital Forensics Ryan Lord. Road Map - What is Digital Forensics? - Types of computer crimes - Tools - Procedures - Cases - Problems.
Computer Forensics and Cyber Crimes. Computer Forensics The systematic identification, preservation, extraction, documentation, and analysis of electronic.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
Phishing and Internet Scams. Definitions and recent statistics Why is it dangerous? Phishing techniques and identifiers Examples of phishing and scam.
Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
Technical Implementation: Security Risks
Criminal Prosecutors with Computer Forensics
IT Security  .
Information Security and Privacy Pertaining to Phishing and Internet Scams Brian Corl COSC 316 Information Security and Privacy.
Computer Forensics 1 1.
Introduction to Computer Forensics
Introduction to Computer Forensics
Introduction to Digital Forensics
Presentation transcript:

COMPUTER FORENSICS By Jason Ford and Anthony Kniffin

Overview What is Computer Forensics? What is Computer Forensics? The need for Computer Forensics. The need for Computer Forensics. Examples of Crimes. Examples of Crimes. Methods Attackers use. Methods Attackers use. What an Investigator must know and do. What an Investigator must know and do.

What is Computer Forensics? By Definition: Computer Forensics is considered to be the use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded. By Definition: Computer Forensics is considered to be the use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded. The objective of Computer Forensics is usually to provide digital evidence of a specific or general activity. The objective of Computer Forensics is usually to provide digital evidence of a specific or general activity.

Computer Forensics Computer Forensics Experts: Computer Forensics Experts: 1. Identify sources of documentary or other digital evidence. 2. Preserve the evidence. 3. Analyze the evidence. 4. Present the findings. 4. Present the findings.

Computer Forensics Many types of criminal and civil proceedings can and do make use of evidence revealed by computer forensics specialists: Many types of criminal and civil proceedings can and do make use of evidence revealed by computer forensics specialists: –Criminal Prosecutors use computer evidence in a variety of crimes where incriminating documents can be found: homicides, financial fraud, drug and embezzlement record-keeping, and child pornography. –Civil litigations can readily make use of personal and business records found on computer systems that bear on: fraud, divorce, discrimination, and harassment cases. –Insurance Companies may be able to mitigate costs by using discovered computer evidence of possible fraud in accident, arson, and workman's compensation cases. –Corporations often hire computer forensics specialists to ascertain evidence relating to: sexual harassment, embezzlement, theft or misappropriation of trade secrets and other internal/confidential information. –Law Enforcement Officials frequently require assistance in pre-search warrant preparations and post-seizure handling of the computer equipment. –Individuals sometimes hire computer forensics specialists in support of possible claims of: wrongful termination, sexual harassment, or age discrimination.

What is Digital Evidence? Definition: Digital data that can establish that a crime has been committed or can provide a link between a crime and its victim or a crime and its perpetrator. Definition: Digital data that can establish that a crime has been committed or can provide a link between a crime and its victim or a crime and its perpetrator. Categories: Categories: –Text files –Audio files –Video files –Image files

Why is Computer Forensics needed? Employee internet abuse (common, but decreasing) Employee internet abuse (common, but decreasing) Unauthorized disclosure of corporate information and data (accidental and intentional) Unauthorized disclosure of corporate information and data (accidental and intentional) Industrial espionage Industrial espionage Damage assessment (following an incident) Damage assessment (following an incident) Criminal fraud and deception cases Criminal fraud and deception cases More general criminal cases (many criminals simply store information on computers, intentionally or unwittingly) More general criminal cases (many criminals simply store information on computers, intentionally or unwittingly)

Some Examples: Former Chief Computer Program Designer Arraigned for Alleged $10 Million Computer Software Bomb: Former Chief Computer Program Designer Arraigned for Alleged $10 Million Computer Software Bomb: –Timothy Lloyd sentenced to 41 months in prison. –Launched a programming bomb on Omega Engineering Corp.’s network that resulted in $10 million in damages. –Lost all design and production software used by the U.S. Navy and NASA, and led to 80 jobs lost. –The Evidence: The logic bomb itself The logic bomb itself Date and time the file was created Date and time the file was created Username of the file creator Username of the file creator

Another Example: Hacker pleads guilty to illegally accessing New York Time computer network Hacker pleads guilty to illegally accessing New York Time computer network –Adrian Lamo hacked into the New York Times and accessed over 3,000 contributors accounts, including Rush Limbaugh and former President Jimmy Carters. –Investigators found he added an entry for himself too and listed his phone number as 505-HACK. –He also created five fake accounts and ran up a $300,000 bill from the New York Times. –He now faces a maximum of 15 years in prison and $500,000 fine.

Methods Attackers use Some things that an attacker might do to enter your system or cover his tracks: Some things that an attacker might do to enter your system or cover his tracks: –Key Loggers ( –Cracking your password –Hide incriminating files. –And more…

Key Loggers Key loggers can either be a program or piece of hardware Key loggers can either be a program or piece of hardware Designed to log every keystroke made by the user. Including, s, Usernames, and Passwords. Designed to log every keystroke made by the user. Including, s, Usernames, and Passwords. Can store up to 4mb of data and include data and time stamps. Can store up to 4mb of data and include data and time stamps. If a user does not realize that a key logger is attached to his system, the attacker can get any information the user types. If a user does not realize that a key logger is attached to his system, the attacker can get any information the user types.

Cracking Passwords An attacker can use a variety of password cracking techniques: An attacker can use a variety of password cracking techniques: –Password Guessing If you know a lot about the user then this could be easier then you would think. If you know a lot about the user then this could be easier then you would think. –Dictionary-Based Attacks –Brute-Force Attacks –Default Passwords How many people have changed the BIOS password on your computer? How many people have changed the BIOS password on your computer?

Hiding Files If an attacker has incriminating files on his computer and wants to hid them, it can be pretty simple. If an attacker has incriminating files on his computer and wants to hid them, it can be pretty simple. File Signatures: File Signatures: –A file signature is a sequence of characters located within the first 20 bytes of a file. –Files has signatures corresponding to what type of file it is. –If you are hiding a picture file, change the files signature to a text file.

Methods the Computer Forensic Analyst could use Again, Key Loggers Again, Key Loggers Methods of finding hidden files. Methods of finding hidden files. Tracking attackers through Tracking attackers through Preserving Evidence Preserving Evidence

Key Loggers Key Loggers can also be used to help find attackers Key Loggers can also be used to help find attackers Corporations use them to help keep track of what their employees are typing on their computers Corporations use them to help keep track of what their employees are typing on their computers They can also use them as a monitoring device for detecting unauthorized access. They can also use them as a monitoring device for detecting unauthorized access. Computer Forensic Analyst can use these loggers as evidence if the attacker used a machine with one on it. Computer Forensic Analyst can use these loggers as evidence if the attacker used a machine with one on it.

Finding hidden files To find a file that has been hidden by the attacker changing it signature, a investigator might run a Perl Script that will compare the files signature with a list of correct signatures. To find a file that has been hidden by the attacker changing it signature, a investigator might run a Perl Script that will compare the files signature with a list of correct signatures. If the attacker changed the name of the file and the extension of the file, trying to hide it, but forgot to change the signature to the corresponding extension, the script will find the file and let you know something is not right about it. If the attacker changed the name of the file and the extension of the file, trying to hide it, but forgot to change the signature to the corresponding extension, the script will find the file and let you know something is not right about it.

Tracking attackers through s How can you find out who is sending that could be blackmailing you or incriminating you or your business. How can you find out who is sending that could be blackmailing you or incriminating you or your business. You can use a program (like NeoTrace), which will visually show you were the originated from. You can use a program (like NeoTrace), which will visually show you were the originated from. Headers: Headers: –Investigators can examine headers to determine who sent the and where the was sent from. –Can also find out where the has travel in order to get to its destination

Header Example Return-path: Received: from mx.ankit.com ([ ]) by pop.ankit.com (iPlanet Messaging Server 5.2) Received: from [ ] by web14525.mail.isp.com via HTTP Message-id: What can you determine from this header: What can you determine from this header: –Recipients IP address –Senders IP address –Reference Number of the –Date and time the was sent. May 6 th, 2004 at 11:54:12 May 6 th, 2004 at 11:54:12

Preserving Evidence Things Investigators must follow in order to collect legal evidence: Things Investigators must follow in order to collect legal evidence: –They must have warrant to collect information from a suspects computer. –Must keep all evidence as if it was never touched by them. –Must know what is admissible in court –They also must collect and record all vital information about the computer itself and its disk drives. –If they contaminate any evidence, all of may become unsuitable to testify with.

Sources Windows Forensics and Incident Recovery by Harlan Carvey, 2005 Windows Forensics and Incident Recovery by Harlan Carvey, 2005 Computer Forensics by Michael G. Solomon and Diane Barrett, 2005 Computer Forensics by Michael G. Solomon and Diane Barrett, 2005 The unofficial Guide to Ethical Hacking by Ankit Fadia, 2006 The unofficial Guide to Ethical Hacking by Ankit Fadia, 2006 Casey, Eoghan, Digital Evidence and Computer Crime: Forensic Science, Computer and the Internet, Academic Press, 2000 Casey, Eoghan, Digital Evidence and Computer Crime: Forensic Science, Computer and the Internet, Academic Press,

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.