1. Computer Forensics An introduction Jessie Dunbar, Jr. Lynn Johnston Andrew Preece Kathy Spaulding September 18, 2007

4. Here you are getting ready to work hard on that major project… Then….

5. Shit Happens!!!

6. This is gonna cost…..

7. This is reaaaly gonna cost…

8. Not an option

9. Blame it on the kid!!!

10. How about the Dog?

11. BACKGROUND Computer forensics, also called cyberforensics, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law.Computer forensics, also called cyberforensics, is the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it.The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computer and who was responsible for it. Computer specialists can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. A sample of this will be provided.Computer specialists can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. A sample of this will be provided. Any or all of this information may help during discovery, depositions, settlements, or actual litigation.Any or all of this information may help during discovery, depositions, settlements, or actual litigation.

12. Attacks happen - at any time

13. Let’s meet the characters… You gotta love these guys….

14. Hacker Meet Handsome Harry – Hackers Incorporated.

15. CyberterroristCyberterrorist The real Filthy McNasty

16. Cracker

17. Spies

18. Employees

19. Lets Go Home

20. “Script kiddies” Sweetie Scottie

21. Forensic tools tend to fall into four categories: Data imaging & validation toolsData imaging & validation tools Forensic suitesForensic suites Miscellaneous toolsMiscellaneous tools Hardware considerationsHardware considerations Forensic Tools

22. Data imaging & validation tools ByteBack, Tech Assist, Inc. full suite is $1700. DOS http://www.toolsthatwork.com/byteback.htm DriveSpy, Digital Intelligence, Inc. $200-$250 DOS http://www.digitalintelligence.com/software/disoftware/drivespy is only 110KB in size, therefore easily transportable. Forensics Replicator, Paraben Forensic Tools for $189 Windows http://www.paraben-forensics.com/replicatorfaq.html

23. Analysis tools. Generally packaged as suites offering a variety functionality Encase, Guidance Software Windows http://www.encase.com Forensic Toolkit(FTK), AccessData Windows http://www.accessdata.com The Sleuth Kit Open Source Unix Mac. http://www.sleuthkit.org/

24. Special tools and utilities DiskJockey File Viewer from Clear and Simple Drivespy by Digital Intelligence dtSearch from dtSearch Corporation Quick View Plus File View by Avanstar Text Search Plus from New Technologies Inc ThumbsPlus File Viewer from Cerious Software Inc

25. Hardware Forensic Recovery of Evidence Device (F.R.E.D.) Digital Intelligence Stand Alone workstations Write Blockers Password Cracking Hardware Shadow devices

26. Andrew and his forensic tool kit

27. The Quandary

28. No one is immune…

29. Sabotage Theft of service Property crime Computer Crime Classifications

30. Electronic Crime Referrals Received by the Federal Police 1991-2003

31. Categories of Cyber Crime Theft of Software Copyright infringement and counterfeiting Espionage Transmitting child pornography Computer Fraud

33. The only way out isn’t nice

34. ‘piece of cake