Presentation is loading. Please wait.

Presentation is loading. Please wait.

Exam Information CSI5107 Network Security.

Published byFlorence Davis Modified over 5 years ago

Similar presentations

Presentation on theme: "Exam Information CSI5107 Network Security."— Presentation transcript:

1 Exam Information CSI5107 Network Security

2 The following slides are designed to prompt your thinking with regards to the content covered in this unit The exam is not just about describing or defining concepts. The exam is about the application of your knowledge of digital forensic concepts towards different issues.

3 To pass the unit you must obtain at least 50% of the available marks in the exam AND obtain at least 50 marks in the unit in total

4 Module 1 What is computer forensics?
Civil versus criminal case requirements Incuplatory versus exculpatory evidence Computer forensics versus data recovery? Why is planning important in computer forensics? Consideration when preparing for an investigation? Why is planning important?

5 Module 2 What is a computer forensics plan?
Why is it important? What does it contain? Digital forensic reports – purpose? What is the purpose of segregating a report into issues (chapters)? What is the purpose of a running sheet? You should be able to communicate the findings of an investigation

6 Module 3 Acquisition formats Static versus live acquisitions
Raw Proprietary Advanced Forensics Format (AFF) Definitions, examples, pros and cons of each Static versus live acquisitions Logical versus physical acquisitions Focus on process, procedure, tools/software commands, benefits, issues and constraints

7 Module 3 Security requirements before acquisitions
Media preparation, policies, procedures etc. Forensic tool benefits and their limitations Validation techniques MD5 vs SHA1 vs etc. Issues with acquiring a RAID Network and remote acquisitions

8 Module 4 Understand binary/hex conversions etc.
Little vs big endian – OS dependency What does the ‘endian’ mean when interpreting data with a hex editor? Why should we care in what order data is stored? Sectors vs clusters File slack Partitions Boot code Rules of evidence: Admissible – Conform to legal rules for admissibility in court Authentic – Possible to tie evidentiary material to the incident Complete – Must tell the whole story not just a perspective Reliable – Nothing from the time the evidence is collected and handled should be able to cast doubt on its authenticity and reliability Believable – It must be readily believable and understandable by a court

9 Module 5 What is a file system? Explain how a FAT FS works?
Directory entry structure Reading/deleting files Explain how an NTFS FS works? MFT, records, record structure Windows registry benefits in forensics Structure, data, offline acquisition

10 Module 6 Graphic file types – contemporary formats
EXIF metadata and its use in forensics File signature – purpose, benefits, limitations Fragmented vs continuous file carving Issues related to fragmented files Software strategies to carve fragmented files Scalpel carving processes and procedures Smart carving benefits and limitations

11 Module 6 Web browser forensics analysis
Potential digital artefacts from web browsers How can web browser history be used to show intent? What files do we look for with browsers such as...Internet Explorer, Firefox, Chrome The effects of anti-web browser forensic tools on digital forensics

12 Module 7 How do we evaluate digital forensic tools?
Standards? Models? Methods? Hardware vs software forensic tools Define, explain, provide specific examples Acquisition Validation and discrimination Extraction Reconstruction Reporting

13 Module 8 How to determine what data to collect and analyse?
NSRL RDS databases – pros/cons? limitations? How to implement/use a RDS? Validation techniques of collected data Locating/analysing hidden data Tools for detecting encryption, breaking passwords, detecting concealment

14 Module 9 Email investigations Email headers as a source of evidence
Structure of headers Interpreting data in headers forensic tools their functionality/limitations/benefits Issues/challenges with cloud forensics

15 Module 10 Order of Volatility – impact on the collection of evidence – what should you prioritize? The impact of virtual machines on computer investigations? Tools for live acquisitions Network forensics – purpose/benefits/tools

16 Module 11 Types of evidence from smartphones?
Issues with gathering evidence from phones Types of tools their limitations and purpose Physical vs logical vs manual acquisition Flash file systems issues for forensics Bypassing FTL benefits? JTAG/Flasher tools processes

17 CSG2305 exam 2 hour exam 1 section 10 questions @ 5 marks each
Each question will require up to ½ a page to be answered sufficiently Questions cover entire unit Lecture notes, workshops, text book, tools, procedures, additional readings

18 CSG5126 exam 3 hour exam 2 sections Section A - 1 question @ 20 marks
Scenario based question focusing on correctly undertaking a forensic investigation Tools, procedures, best practices etc. Section B – 6 5 marks each Each question will require up to ½ a page to be answered sufficiently

19 Study Notes Read all lecture notes
Complete all tutorial/workshop activities Read appropriate chapters in text book Read additional readings found on Blackboard Some questions are based on theory others are based on application of commands and processed within tools/software

20 No notes or calculators are permitted in the exam
The text book or other supportive material is not permitted within the exam Write legibly If we can’t read your writing, we cannot award you marks for your answer!

Download ppt "Exam Information CSI5107 Network Security."

Similar presentations

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.

Computer Forensic Analysis By Aaron Cheeseman Excerpt from Investigating Computer-Related Crime By Peter Stephenson (2000) CRC Press LLC - Computer Crimes.
E-Discovery for System Administrators Russell M. Shumway.

E-Discovery for System Administrators Russell M. Shumway.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.

Mod H-1 Examples of Computer Crimes. Mod H-2 Stuxnet.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
1 PROJECT Web-based Database Applications Lecture 1: Basic Internet Concepts & Databases - the History.

1 PROJECT Web-based Database Applications Lecture 1: Basic Internet Concepts & Databases - the History.
Guide to Computer Forensics and Investigations Fourth Edition

Guide to Computer Forensics and Investigations Fourth Edition
MS DB Proposal Scott Canaan B. Thomas Golisano College of Computing & Information Sciences.

MS DB Proposal Scott Canaan B. Thomas Golisano College of Computing & Information Sciences.
COS 413 Day 13. Agenda Questions? Assignment 4 Due Assignment 5 posted –Due Oct 21 Capstone proposal Due Oct 17 Lab 5 on Oct 15 in N105 –Hands-on Projects.

COS 413 Day 13. Agenda Questions? Assignment 4 Due Assignment 5 posted –Due Oct 21 Capstone proposal Due Oct 17 Lab 5 on Oct 15 in N105 –Hands-on Projects.
Guide to Computer Forensics and Investigations Third Edition

Guide to Computer Forensics and Investigations Third Edition
COS/PSA 413 Day 16. Agenda Lab 7 Corrected –2 A’s, 1 B and 2 F’s –Some of you need to start putting more effort into these labs –I also expect to be equal.

COS/PSA 413 Day 16. Agenda Lab 7 Corrected –2 A’s, 1 B and 2 F’s –Some of you need to start putting more effort into these labs –I also expect to be equal.
COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.

COS/PSA 413 Day 15. Agenda Assignment 3 corrected –5 A’s, 4 B’s and 1 C Lab 5 corrected –4 A’s and 1 B Lab 6 corrected –A, 2 B’s, 1 C and 1 D Lab 7 write-up.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #12 Computer Forensics Analysis/Validation and Recovering Graphic.
Capturing Computer Evidence Extracting Information.

Capturing Computer Evidence Extracting Information.
Introduction to Database Systems 1.  Assignments – 3 – 9%  Marked Lab – 5 – 10% + 2% (Bonus)  Marked Quiz – 3 – 6%  Mid term exams – 2 – (30%) 15%

Introduction to Database Systems 1.  Assignments – 3 – 9%  Marked Lab – 5 – 10% + 2% (Bonus)  Marked Quiz – 3 – 6%  Mid term exams – 2 – (30%) 15%
Guide to Computer Forensics and Investigations, Second Edition Chapter 9 Data Acquisition.

Guide to Computer Forensics and Investigations, Second Edition Chapter 9 Data Acquisition.
July 9, 2004 www.nsrl.nist.gov 1 National Software Reference Library Douglas White Information Technology Laboratory July 2004.

July 9, National Software Reference Library Douglas White Information Technology Laboratory July 2004.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Chapter 9 Computer Forensics Analysis and Validation Guide to Computer Forensics and Investigations Fourth Edition.

Chapter 9 Computer Forensics Analysis and Validation Guide to Computer Forensics and Investigations Fourth Edition.

Similar presentations

Ads by Google