Download presentation
Presentation is loading. Please wait.
1
Introduction to Digital Forensics
“You can have data without information, but you cannot have information without data.” -Daniel Keys Moran
2
Overview Syllabus Value of Cybersecurity Job Statistics and Titles
Interesting Problems Nortel Case Study Intro. To Digital Forensics What is Digital Forensics? Goals of Digital Forensics Overview of the Digital Forensics Process Course Project Scenarios
3
Syllabus
4
Cybersecurity Job Outlook
3.5 million unfilled job openings by 2021 (worldwide) Cybercrime is predicted to cost 6 trillion dollars annually by (worldwide) Currently a 0% unemployment rate Average salary for a “Cybersecurity Professional” is $116,000 a year In 2017, 750,000+ people employed in cybersecurity within the U.S. In 2017, 350,000+ unfilled cybersecurity job within the U.S.
5
Cybersecurity Job Outlook
3.5 million unfilled job openings by 2021 Cybercrime is predicted to cost 6 trillion dollars annually by 2021
6
Job Titles Related to this Course
Chief Information Security Officer Computer Forensics Analyst Computer Forensics Examiner Cyber Investigator Digital Forensics Analyst Digital Forensics Examiner Digital Forensic Engineer Information Security Analyst
7
Case Studies BTK Serial Killer ( /2010/04/14/how-computer-forensics-solved-the-btk- killer-case/) Nortel ( digital-develop-cybersecurity-strategy-your-organization- existence-depends-it.aspx & hacked-to-pieces) The Computer that got Lost ( real-cases-from-burgess-forensics-12-the-case-of-the- computer-that-got-lost/) Mergers & Acquisitions ( of-cybersecurity-due-diligence-in-ma-transactions/)
8
Introduction to Digital Forensics
What is Digital Forensics? As decided by the first Digital Forensics Research Workshop in 2001, digital forensics is defined as “The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions show to be disruptive to planned operations.”
9
Introduction to Digital Forensics
What is Digital Forensics? Forensics can be considered an art and a science. The science of forensics combined with the art of investigation. Applying scientific method and deductive reasoning to data is the science, and interpreting the data to reconstruct events is an art.
10
Introduction to Digital Forensics
Digital Forensics Examiner? In Forensic Discovery, Venema and Farmer argue an examiner acts more like a digital archaeologist and geologist than a traditional forensic examiner. “Digital archeology is about the direct effects from user activity, such as file contents, file access stamps, information from deleted files, and network flow logs. … Digital geology is about autonomous processes that users have no direct control over, such as the allocation and recycling of disk blocks, file ID numbers, memory pages or process ID numbers.
11
Introduction to Digital Forensics
Goals of Digital Forensics: Find facts From these facts recreate the truth of an event
12
Introduction to Digital Forensics
How do we figure out the truth? The truth of an event is established by discovering and exposing the remnants of the event which have been left on the system. These remnants are known as artifacts. Some artifacts may be evidence. Evidence is something used during a legal proceeding. Artifacts are traces left behind by activities and events. Artifacts may or may not be innocuous. Artifacts may or may not be material - able to be considered by the judge or jury to establish the truth or falsity of a fact or claim.
13
Introduction to Digital Forensics
How do we figure out the truth? Every investigation has a hypothesis, “The user copied files to a USB”, “An unauthorized user gained root access”, etc. An examiner searches for artifacts which will indicate whether or not the hypothesis is valid. If it is a legal matter these artifacts are respectively called inculpatory and exculpatory evidence. Furthermore, since digital evidence is so easily manipulated, part of an examiner’s job is determining if the evidence is consistent with the processes and systems which purportedly generated it. This is called the evidence’s consistency and in some investigations assessing consistency is the examiner’s sole task.
14
Introduction to Digital Forensics
Digital Forensics Process: Acquisition: collection of digital media to be examined. Analysis: the actual examination of the media Presentation: The process by which the examiner shares the results of this analysis. *Note: These steps are cyclical and many cycles may be necessary to complete a long running legal or incident response investigation.
15
Course Projects You will be tasked with the acquisition, analysis and presentation of information regarding the following scenarios: Attacker infiltrating a corporate network Employee exfiltrating sensitive data Computer user is suspected of performing illegal activities and potentially storing illegal data.
16
Suggested Supplemental Reading
ebook/dp/B00JUUZSQC/ref=sr_1_1?s=digital-text&ie=UTF8&qid= &sr=1- 1&keywords=art+of+memory+forensics Polstra/dp/ /ref=pd_bxgy_14_img_2?_encoding=UTF8&pd_rd_i= &pd_rd_r=RAMCJF V6WDTPXAWGPA3K&pd_rd_w=MilBL&pd_rd_wg=v3Gyv&psc=1&refRID=RAMCJFV6WDTPXAWGPA3K ebook/dp/B004W7DO78/ref=sr_1_1?s=digital-text&ie=UTF8&qid= &sr=1- 1&keywords=forensics+open+source ebook/dp/B01M0TQZRY/ref=sr_1_1?s=digital-text&ie=UTF8&qid= &sr=1- 1&keywords=forensics+linux+tools
17
Questions?
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.