Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Forensics Chris Rozic.

Published by Modified over 5 years ago

Similar presentations

Presentation on theme: "Digital Forensics Chris Rozic."— Presentation transcript:

1 Digital Forensics Chris Rozic

2 Direction Definition of digital forensics Areas of required expertise
Collection of digital evidence Actual investigation Examples of forensic software Digital Forensics example

3 Definition A scientific, systematic inspection of a computer system and its contents for evidence or supportive evidence of a crime or other illegitimate computer use. Must be techno-legal in nature

4 General Process

5 Must knows of Forensics Investigator
Must be highly knowledgeable in many areas Computer forensics protocols Network infrastructures Evidence control E-discovery tools

6 Collection of evidence
Done in three parts Workstation of the offender Server accessed by offender The connecting network Must take extreme caution while handling the captured information Consider the organization

7 Actual Investigation Analyze the surrounding Photograph
Power down machine and inspect Documentation

8 Duplicate Hard Drive Duplicate entire hard drive at sector level
Use hardware to write block Create image Completeness Accuracy Create MD5 hash

9 Forensics tools Encase nGenius Flow Recorder Guidance software
Allows for a digital snapshot of the storage medium under investigation nGenius Flow Recorder Security-hardened, Linux-based appliance that continuously captures, stores, and analyzes large volumes of network traffic

10 Encase Most popular Specifically designed for law enforcement
Creates mirrored images User friendly interface

11 Creation of MD5 with Encase
File Integrity: Completely Verified, 0 Errors. Acquisition Hash: 340C8B5EF96DCCEE4B552CE084CCF941 Verification Hash: 340C8B5EF96DCCEE4B552CE084CCF941

12 nGenius Flow Recorder Available in two appliances
Enterprise appliance platform Workgroup appliance platform Allows for 24x7 recording and diagnosis

13 Advantages of nGenius Deep traffic stream capture
Provide packet-level visibility Application reconstruction/playback Complete post-event analysis Automatic notification Network forensics analysis

14 Digital Forensics Example
Chandra Levy Missing April 30, 2001 Used and the internet prior to disappearance Ultimately led to her whereabouts a year later

15 Conclusion There are many areas where digital forensics is applicable
One of the largest growing fields requiring knowledge across different spectrums Allows for numerous job opportunities in specialized areas

16 Questions ?

17 References www.protiviti.com www.nGeniusflowrecorder.com
Personal notes

Download ppt "Digital Forensics Chris Rozic."

Similar presentations

Chapter 13: Advanced Security and Beyond Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 13: Advanced Security and Beyond Security+ Guide to Network Security Fundamentals Second Edition.
Chapter 13: Advanced Security and Beyond

Chapter 13: Advanced Security and Beyond
Gathering digital evidence by the EU Commission in inspections

Gathering digital evidence by the EU Commission in inspections
Effective Discovery Techniques In Computer Crime Cases.

Effective Discovery Techniques In Computer Crime Cases.
Data Collection, Analysis and Preservation Computer Forensics: Data Collection, Analysis and Preservation Kikunda Eric Kajangu, Cher Vue, and John Mottola.

Data Collection, Analysis and Preservation Computer Forensics: Data Collection, Analysis and Preservation Kikunda Eric Kajangu, Cher Vue, and John Mottola.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Mgt 240 Lecture Exam Review February 1, 2005. Homework Three Due Friday 2/4 at 5pm Due Friday 2/4 at 5pm Any questions? Any questions? Posted on course.

Mgt 240 Lecture Exam Review February 1, Homework Three Due Friday 2/4 at 5pm Due Friday 2/4 at 5pm Any questions? Any questions? Posted on course.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.

COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.
Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,

Copyright © 2006 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill Technology Education Copyright © 2006 by The McGraw-Hill Companies,
OPERATING SYSTEMS AND SYSTEMS SOFTWARE. SYSTEMS SOFTWARE Systems software consists of the programs that control the operations of the computer and its.

OPERATING SYSTEMS AND SYSTEMS SOFTWARE. SYSTEMS SOFTWARE Systems software consists of the programs that control the operations of the computer and its.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
COEN 252 Computer Forensics Forensic Duplication of Hard Drives.

COEN 252 Computer Forensics Forensic Duplication of Hard Drives.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
NIST CFTT: Testing Disk Imaging Tools James R. Lyle National Institute of Standards and Technology Gaithersburg Md.

NIST CFTT: Testing Disk Imaging Tools James R. Lyle National Institute of Standards and Technology Gaithersburg Md.
Figure 1-2: Simple peer-to-peer network

Figure 1-2: Simple peer-to-peer network
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

Net Optics Confidential and Proprietary Net Optics appTap Intelligent Access and Monitoring Architecture Solutions.

Similar presentations

Ads by Google