The Use of Digital Forensic Case Studies for Teaching and Assessment
|
|
- Marsha Chase
- 8 years ago
- Views:
Transcription
1 The Use of Digital Forensic Case Studies for Teaching and Assessment Harjinder Singh Lallie School of Computing, University of Derby, Kedleston Road, Derby DE22 1GB Abstract This study analyses the use and development of Digital Forensic case studies for the purpose of teaching and assessing Digital Forensics students and practitioners. Within this study, case studies are categorised and a number of available case studies are explored. The importance of evidentiary and non-evidentiary artefacts within the case study are examined. Mechanisms for integrating case study development and/or investigation with student assessment are proposed, the benefits and the challenges of this approach are examined. Practical and technical issues involved in the development of case studies are examined. The study concludes by proposing guidelines for the development of Digital Forensic case studies. 1 Introduction Digital Forensic (DF) case studies can be used for: the teaching and assessment of digital forensic students and practitioners; testing and validating digital investigations software/tools; research and development. This study focuses on the use of DF case studies for teaching and assessing DF students and practitioners. DF case studies are enacted on a computer system and represent a particular scenario that requires analysis and/or investigation. The computer storage system(s) on which the case studies have been enacted are subsequently converted to DF images which can then be analysed and investigated using the appropriate tools. The DF Image is a bitstream copy of an original hard disk. The image structure begins with a vendor specific header, is then interspersed with vendor specific control information (such as CRCs) and superceded with a footer. Images
2 conforming to standardised formats (such as.e01 or.dd) are readable by popular disk investigation tools and are therefore popular destination image formats. 1.1 Specific Skill and Holistic Skill Case Studies that are used to teach/assess a particular and specific skill are referred to herein as Skill Specific Case Studies whilst those that are used to develop and assess a range of skills are referred to as Holistic Skill Case Studies. Specific skill case studies serve a valid but limited purpose and are easier and faster to develop than holistic skill case studies. Specific Skill case studies can be used to teach/assess particular concepts such as file system analysis, partition Analysis, Metadata analysis or E- mail investigation. Holistic skill case studies are based around specific scenarios which require a more detailed and thorough investigation. These are designed to teach/assess a collective range of specific skills including the overall investigation of a case possibly through to the production of a case report. Holistic Skill case studies are more difficult to construct and require careful planning. However if used for assessment purposes can encourage more enthusiasm and motivation amongst students. 1.2 User behaviour patterns The use of a computer system generates a User Behavioural Pattern (UBP) which is subsequently 'captured' within the case study. The UBP is the system state that is generated after the operating system has been installed/configured and when the user begins to use the system. The UBP is a continually evolving pattern which reflects the installation of applications, the creation and use of accounts, access of web sites, the downloading of data etc. For students to properly understand the context of a particular case, they should develop some knowledge of UBPs. There are two types of UBP - those that reflect 'normal usage' and those that reflect the usage of a computer system for the planning or perpetration of an incident or crime. The former can be referred to as a normal UBP and the latter as an incident related UBP. An incident related UBP will deposit items of evidence in specific locations of the computer hard disk system as a natural course of the users actions, it is these particular artefacts that then form the basis of the investigation. Case studies that reflect a normal UBP are easy to construct and serve a useful purpose for teaching specific skills whilst having a limited use for teaching/assessing holistic skills. A typical windows installation followed by two months of normal usage might be sufficient to construct such a case study. Whilst there is good academic and practical rationale behind developing case studies which demonstrate a normal UBP, there are two challenges:
3 The developer must ensure that he/she does not leave personal data behind through this 'normal' usage. This is almost a contradiction in terms as it is not actually 'normal' usage. The motivation levels behind students who are subsequently required to 'investigate' these may be quite low. A normal UBP is important for the generation of 'noise'. 1.3 Evidentiary and Non-Evidentiary Artefacts A case study based around an incident related UBP will contain evidentiary or nonevidentiary artefacts. There are two types of non-evidentiary artefact: System files and folders generated by the operating system or software application installation. These are artefacts that have not been created or altered by computer usage and can largely be ignored during the investigation. A new operating system installation will result in such nonevidentiary artefacts. The normal usage of a computer system generates non-evidentiary artefacts which are referred to as noise. Noise refers specifically to artefacts that have no evidentiary value, i.e. they do not form part of the evidence supporting the case but have been created/modified/accessed by users of the computer system and not the operating system or software applications. A small degree of noise can be generated through normal system usage. Typical windows installation followed by around four to eight weeks of normal usage might be sufficient for this purpose. The investigation will often involve the analysis of some of the noise, but ultimately the noise may be ignored. Without the noise, the eventual investigation would be simplistic and superficial and the evidentiary element of the case study would be easily distinguishable. Evidentiary and non-evidentiary (particularly noise) artefacts of the case study must be generated in parallel and therefore require careful planning. It is important to understand that the proportion of noise to evidentiary value within the case study might be very high as it is unlikely (but not impossible) that a computer system might be used primarily for the planning and perpetration of a crime. 2 Existing case studies There are a growing number of publicly available DF case studies. For legal reasons, realistic DF images (i.e. those images that reflect real cases) are not available for use in academia or for professional training. For related reasons, images that have formed part of a civil case are also generally unavailable. Therefore, most if not all of the available images are artificially created.
4 A set of particularly useful DF images (mostly in.e01 format) are provided by NIST through the CFReDS (Computer Forensic Reference Data Sets) Project [1]. The images include: a set of Skill specific images, one Holistic skill specific image (the Greg Schardt image) and a set of images that can be used for mobile phone investigation. The Greg Schardt image is based around a suspected hacker who is alleged to have intercepted credit card numbers, usernames and passwords. A series of questions are posted by CFReDS which can be used as a set of 'ready made' tutorials or even an assessment for students. Sample solutions are available on the website. Brian Carrier [2] has published a series of skill specific DF images (all in.dd format), these were previously posted to the Computer Forensic Tool Testing group (CFTT) at NIST [3]. These images are useful for teaching\assessing specific skills such as: FAT keyword searches, FAT un-deletions and JPEG searches. A number of useful holistic skill images have been posted by Lance Mueller [4]. Each of these images is supported by a task definition statement, some are accompanied by sample answers. One of the images involves the investigation of suspected network attacks on a machine with a Windows XP home installation. The image is accompanied by a TCPdump of network traffic and therefore acts as a useful exercise in testing network forensics related skills. Another image in the Lance Mueller collection involves a potential IPT claim. The third image is a particularly interesting challenge involving the recovery of a file from an 'unreadable drive'. A lightweight holistic skill case study is available from The International Society of Forensic Computer Examiners (ISFCE) [5]. This image must be extracted to a floppy diskette and the case study revolves around an IPT case, sample answers are provided. Digital Corpora [6] provides a series of particularly useful DF images. One of these is a skill specific image which involves file recovery and carving on an SD card from which certain JPEG images (taken by a Canon camera) were deleted. One of the particularly useful and interesting images is of a USB stick image which contains an Ubuntu 8.10 installation through which the user had browsed a number of US Government websites. The practice of publishing solutions is followed by many of the DF image publishers, this potentially limits the viability of using these images for investigating within an assessment. Academics can address this problem by: Students can be tasked to demonstrate their understanding of the techniques and methodology applied to solving the problem rather than presenting the solution in isolation. Requiring a practical demonstration of the answer so as to indicate that students understand the process and methodology in finding that answer.
5 Developing further questions in addition to those posed by the publisher. 3 Approaches to Developing Case Studies Student or self generated case studies can serve many useful purposes. Such case studies have to represent fictional civil cases as opposed to criminal cases as the latter might attract police scrutiny and give rise to negative institutional publicity. Furthermore, there may be serious ethical issues involved in the development of a case study relating to a criminal act. 3.1 Student Generated Case Studies Student generated case studies can be developed through an assessment which involves a student (or group of students) developing and proposing a case study scenario and then enacting it on live computer systems. This is not a unique approach and others have tried it in the past [Carlin et al., 2005]. Student case study development must be guided by a tight remit which is clearly defined through the assessment specification or through milestone based interaction. This is so that: Ethical and legal issues relating to the context of the case study are carefully managed. The tight remit results in a case study that can actually be used. Student generated case studies have a number of benefits: If handled and enacted effectively, this approach has the potential to generate case studies that can be used for subsequent teaching and training. Assignment remits can be developed such that all students in the cohort do not develop a case study focusing on the same civil case. Each group could be required to develop a different case study thereby resulting in numerous potentially usable case studies. If this approach is adopted, students might be required to develop initial ideas which are approved by the academic prior to the full development of the case study, this is to avoid duplicate scenarios. If students are organised as groups, the scope of the resulting case study can be larger than if the case study had been generated by the academic. This approach has a number of learning benefits. By participating in this process, students engage in the thought process of the criminal/guilty party. Students must understand the 'evidentiary consequences' of their case study, i.e. they must ensure that certain evidence appears in certain locations on the destination hard disk.
6 There are however some distinct challenges with this approach: The process is nevertheless a time consuming one and may not be easily achievable in smaller (15-20 credit) single semester modules. The approach is hardware intensive, particularly so for large cohorts. This could be subverted by developing the case study within a VME platform. This proposal was suggested by Kessler and Schirling [2006], however little further development in terms of exploring this approach seems to have been done. The approach taken by Carling et al., [2005] is one whereby students are given an external hard disk and required to generate the case study on a partition on the hard disk, the windows installation is on a laboratory machine. This approach is interesting in that it does not involve investigating the operating system derivatives of the case study and might have little scope for the generation of noise. Whilst the secondary aim of the assessment might be to generate a usable case study, one must consider that although students are an excellent academic resource they may not always yield a usable case study. Therefore, academics may have to resort to the self-generation of case studies. 3.2 Academic Developed Case Studies At this juncture it is useful to refer to a case study developed at the University of Derby by the author and a member of the faculty technical team. The aim was to develop a case study that could be used to teach and assess holistic digital investigation skills. The remit of the case study was agreed in advance and a limited degree of planning took place. The planning included an agreement of general case study actions but not finite instances of interaction with the desktop system (referred to herein simply as an event). Case study development took place over two months and involved two dedicated networked Windows XP desktop machines each administered by the author and the technician respectively. The case study centred around the director of engineering in a car manufacturing company who having met a senior design engineer (SDE) in another car manufacturing company sought to encourage the SDE to join his company. During the course of their communications, the SDE is alleged to have supplied current engineering design plans. The case subsequently involves an internal investigation by the respective organisations and involve an IPT claim by the SDE's company. The majority of evidentiary artefacts within the case study were based on communications. A number of web-sites were accessed in parallel to the communication, this access was designed to correlate information and communication within the s.
7 A number of problems were found during the enactment of the case study plan: Clearly the case study had to be realistic, there had to be a series of sporadic communications which needed to take place throughout the day. Due to work commitments by the author and the technician, this proved difficult to maintain over the two month period and as the development of the case study progressed, communication between the two fictional characters tended to be confined within certain hours of the day. In the context of the case study this was unrealistic and limited it's investigative potential. The OS installations were new and there was no noise in the case study, the lack of noise would limit the investigative potential of the case study. Often it became difficult to 'think and behave' in the manner of the two suspects. This was difficult but essential. Whilst regular backups of the case study were maintained, there was always potential for particular actions not to be easily reverted. For instance it was not easy to revert incorrect events (in the context of the case study) which took place after the previous backups had been made - particularly if there had been a large gap (in terms of events) between the backup and the event. If the previous backups were reinstated on one machine, they also had to be reinstated on the second machine. All subsequent events up to the point of the 'mistake' had to be re-enacted. Whilst the original aim of the case study was to yield two images that could be used to train and assess holistic skills, the resulting DF Images were restricted to being useful for training and assessing specific skills (namely investigation). For this purpose they have proven reasonably useful. 4 Guidelines to Developing a case study The experience at Derby directly gives an important lesson which can be used for both the self development and student development of case studies. The activity built into case studies is likely to be conducted within certain time periods determined by when the participants can spare time to work on the case study, the interaction can therefore lack spontaneity. Furthermore, if the development of the case study is improperly planned it can become overly time consuming. Some of the questions to be asked during the planning phase are: What is the case study remit, i.e. what is it that the suspects will be accused of? What is the skill level of the suspects? This will help to determine the depth of the case study, for instance is it necessary to implement antiforensics techniques within the case study?
8 What kind of UBP would the combination of suspects and the incident (realistically) generate? This will influence the particular events that need to be generated. Story-boards have been used for many years in the planning of film/video production. The nature of case study planning lends itself to being better managed through a story-board approach. Key issues pertinent to the case are recorded within the story-board which can be developed as a series of two way communicational dialogues clearly outlining the sequence of events that must take place within the case study. These events have to be recorded to finite detail without necessarily defining the precise detail of each communication. Further to this, a series of technical issues need to be addressed: What hardware platform will the case study operate under? Will it for instance involve mobile phones and external storage devices? What applications will be installed, if so are these readily available? Will the case study involve a fresh operating system install? How will backups be managed? How will noise be generated? Will accounts need to be configured? 5 Further Study This research has led to a number of areas for further research: Using VME as a platform for the development of case studies. A VME can provide an easily manageable and controlled environment within which the case study could be developed. This has numerous benefits, in particular less reliance on a dedicated hardware platform and flexibility in the design of a software/hardware platform within which the case study operates. Methods for rapid noise-generation. Are there methods or techniques that can be adopted to develop noise rapidly? Further to this, there is scope for the academic community to develop and contribute towards a repository of case studies. References 1. NIST: website, (visited 26th March 2010) 2. Brian Carrier, website, (visited 13th April 2010) 3. CFTT, website, (visited 13th April 2010) 4. Lance Mueller, website, (visited 13th April 2010)
9 5. The International Society of Forensic Computer Examiners, website, (visited 13th April 2010) 6. Digital Corpora, website, (visited 13th April 2010) 7. Kessler, G.C., & Schirling, M.E. (2006). The Design of an Undergraduate Degree Program in Computer & Digital Forensics. Journal of Digital Forensics, Security and Law, 1(3), Carlin, A., Curl, S., and Manson, D. (2005). To catch a thief: Computer forensics in the classroom. In Proceedings of the 22nd Annual Information Systems Educators Conference (Columbus, OH, Oct.), Association of Information Technology Professionals, Chicago, IL. Acknowledgments Jamie Morris ( Sam Salt (University of Derby); Philip Anderson (University of Northumbria).
Forensics on the Windows Platform, Part Two
1 of 5 9/27/2006 3:52 PM Forensics on the Windows Platform, Part Two Jamie Morris 2003-02-11 Introduction This is the second of a two-part series of articles discussing the use of computer forensics in
More informationTo Catch a Thief: Computer Forensics in the Classroom
To Catch a Thief: Computer Forensics in the Classroom Anna Carlin acarlin@csupomona.edu Steven S. Curl scurl@csupomona.edu Daniel Manson dmanson@csupomona.edu Computer Information Systems Department California
More informationAn Overview of the Jumplist Configuration File in Windows 7
An Overview of the Jumplist Configuration File in Windows 7 Harjinder Singh Lalli University of Warwick, International Digital Laboratory (WMG), University of Warwick, Coventry, CV4 7AL, UK; h.s.lallie@warwick.ac.uk
More informationMSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1
MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:
More informationCOMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)
COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching
More informationSTUDYING FIRST YEAR FORENSIC COMPUTING: MANAGING THE STUDENT EXPERIENCE
STUDYING FIRST YEAR FORENSIC COMPUTING: MANAGING THE STUDENT EXPERIENCE David W Salt University of Derby School of Computing Derby d.w.salt@derby.ac.uk Harjinder Singh Lallie University of Derby School
More informationTechnical Procedure for Evidence Search
Technical Procedure for Evidence Search 1.0 Purpose - The purpose of this procedure is to provide a systematic means of searching digital evidence in order to find data sought by the search authorization.
More informationDigital Forensics, ediscovery and Electronic Evidence
Digital Forensics, ediscovery and Electronic Evidence By Digital Forensics What Is It? Forensics is the use of science and technology to investigate and establish facts in a court of law. Digital forensics
More informationDigital Forensics at the National Institute of Standards and Technology
NISTIR 7490 Digital Forensics at the National Institute of Standards and Technology James R. Lyle Douglas R. White Richard P. Ayers NISTIR 7490 Digital Forensics at the National Institute of Standards
More informationRECOVERING FROM SHAMOON
Executive Summary Fidelis Threat Advisory #1007 RECOVERING FROM SHAMOON November 1, 2012 Document Status: FINAL Last Revised: 2012-11-01 The Shamoon malware has received considerable coverage in the past
More informationTable of Contents. TPM Configuration Procedure... 2. 1. Configuring the System BIOS... 2
Table of Contents TPM Configuration Procedure... 2 1. Configuring the System BIOS... 2 2. Installing the Infineon TPM Driver and the GIGABYTE Ultra TPM Utility... 3 3. Initializing the TPM Chip... 4 3.1.
More informationHands-On How-To Computer Forensics Training
j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE
More informationThe Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices
The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations
More informationMicrosoft Vista: Serious Challenges for Digital Investigations
Proceedings of Student-Faculty Research Day, CSIS, Pace University, May 2 nd, 2008 Microsoft Vista: Serious Challenges for Digital Investigations Darren R. Hayes and Shareq Qureshi Seidenberg School of
More informationYou can protect your computer against attacks from the Internet with Windows Vista integrated Firewall.
1. Step: Firewall Activation You can protect your computer against attacks from the Internet with Windows Vista integrated Firewall. Click on Start > Control Panel > System and Security> Windows Firewall
More informationDigital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic
I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis
More informationGuide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 4 Current Computer Forensics Tools Objectives Understand how to identify needs for computer forensics tools Evaluate the requirements
More informationSAS Data Set Encryption Options
Technical Paper SAS Data Set Encryption Options SAS product interaction with encrypted data storage Table of Contents Introduction: What Is Encryption?... 1 Test Configuration... 1 Data... 1 Code... 2
More informationOverview of Computer Forensics
Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National
More informationLive View. A New View On Forensic Imaging. Matthiew Morin Champlain College
Live View A New View On Forensic Imaging Matthiew Morin Champlain College Morin 1 Executive Summary The main purpose of this paper is to provide an analysis of the forensic imaging tool known as Live View.
More informationDigital Forensics Tutorials Acquiring an Image with FTK Imager
Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,
More informationDigital Forensics. Tom Pigg Executive Director Tennessee CSEC
Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze
More informationBACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT
TADCASTER GRAMMAR SCHOOL Toulston, Tadcaster, North Yorkshire. LS24 9NB BACKUP STRATEGY AND DISASTER RECOVERY POLICY STATEMENT Written by Steve South November 2003 Discussed with ICT Strategy Group January
More informationUsing Digital Logs to Reduce Academic Misdemeanour by Students in Digital Forensic Assessments. Executive Summary. Introduction
Journal of Information Technology Education: Volume 10, 2011 Innovations in Practice Using Digital Logs to Reduce Academic Misdemeanour by Students in Digital Forensic Assessments Harjinder Singh Lallie
More informationDefining Digital Forensic Examination and Analysis Tools Using Abstraction Layers
Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers Brian Carrier Research Scientist @stake Abstract This paper uses the theory of abstraction layers to describe the purpose
More informationTARRANT COUNTY PURCHASING DEPARTMENT
JACK BEACHAM, C.P.M., A.P.P. PURCHASING AGENT TARRANT COUNTY PURCHASING DEPARTMENT AUGUST 4, 2010 RFP NO. 2010-103 ROB COX, C.P.M., A.P.P. ASSISTANT PURCHASING AGENT RFP FOR DIGITAL ASSET MANAGEMENT SYSTEM
More informationDigital Evidence Search Kit
Digital Evidence Search Kit K.P. Chow, C.F. Chong, K.Y. Lai, L.C.K. Hui, K. H. Pun, W.W. Tsang, H.W. Chan Center for Information Security and Cryptography Department of Computer Science The University
More informationEnCase 7 - Basic + Intermediate Topics
EnCase 7 - Basic + Intermediate Topics Course Objectives This 4 day class is designed to familiarize the student with the many artifacts left behind on Windows based media and how to conduct a forensic
More informationDocument Number: SOP/RAD/SEHSCT/007 Page 1 of 17 Version 2.0
Standard Operating Procedures (SOPs) Research and Development Office Title of SOP: Computerised Systems for Clinical Trials SOP Number: 7 Version Number: 2.0 Supercedes: 1.0 Effective date: August 2013
More informationResearch Data Storage Facility Terms of Use
Research Data Storage Facility Terms of Use By signing up to these Terms of Use, you are agreeing to abide by the terms of the University Policy for the use of the Research Data Storage Facility. 1. Definition
More informationGuidelines on use of encryption to protect person identifiable and sensitive information
Guidelines on use of encryption to protect person identifiable and sensitive information 1. Introduction David Nicholson, NHS Chief Executive, has directed that there should be no transfers of unencrypted
More informationDigital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC
Digital Forensics: The aftermath of hacking attacks AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Topics Digital Forensics: Brief introduction Case Studies Case I:
More informationDigital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics
Digital Forensics Lecture 3 Hard Disk Drive (HDD) Media Forensics Current, Relevant Topics defendants should not use disk-cleaning utilities to wipe portions of their hard drives before turning them over
More informationDiscovery of Electronically Stored Information ECBA conference Tallinn October 2012
Discovery of Electronically Stored Information ECBA conference Tallinn October 2012 Jan Balatka, Deloitte Czech Republic, Analytic & Forensic Technology unit Agenda Introduction ediscovery investigation
More informationWA2192 Introduction to Big Data and NoSQL. Classroom Setup Guide. Web Age Solutions Inc. Copyright Web Age Solutions Inc. 1
WA2192 Introduction to Big Data and NoSQL Classroom Setup Guide Web Age Solutions Inc. Copyright Web Age Solutions Inc. 1 Table of Contents Part 1 - Minimum Hardware Requirements...3 Part 2 - Minimum Software
More informationWhere is computer forensics used?
What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic
More informationInformation Technology Cyber Security Policy
Information Technology Cyber Security Policy (Insert Name of Organization) SAMPLE TEMPLATE Organizations are encouraged to develop their own policy and procedures from the information enclosed. Please
More informationComputer Forensic Capabilities
Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,
More informationHow to Encrypt your Windows 7 SDS Machine with Bitlocker
How to Encrypt your Windows 7 SDS Machine with Bitlocker ************************************ IMPORTANT ******************************************* Before encrypting your SDS Windows 7 Machine it is highly
More informationFileCruiser Backup & Restoring Guide
FileCruiser Backup & Restoring Guide Version: 0.3 FileCruiser Model: VA2600/VR2600 with SR1 Date: JAN 27, 2015 1 Index Index... 2 Introduction... 3 Backup Requirements... 6 Backup Set up... 7 Backup the
More informationITIL Intermediate Capability Stream:
ITIL Intermediate Capability Stream: PLANNING, PROTECTION AND OPTIMIZATION (PPO) CERTIFICATE Sample Paper 1, version 5.1 Gradient Style, Complex Multiple Choice ANSWERS AND RATIONALES The Swirl logo is
More informationIntroduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014
Introduction to Data Forensics Jeff Flaig, Security Consultant January 15, 2014 WHAT IS COMPUTER FORENSICS Computer forensics is the process of methodically examining computer media (hard disks, diskettes,
More informationComputer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065
Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation
More informationIntegrated Library Systems (ILS) Glossary
Integrated Library Systems (ILS) Glossary Acquisitions Selecting, ordering and receiving new materials and maintaining accurate records. Authority files Lists of preferred headings in a library catalogue,
More informationPC Angel. Recovery. Page 1
PC Angel Recovery Page 1 Table of Contents Introduction... 3 What is the purpose of PC Angel Recovery?... 3 What can you find in this manual?... 4 What should I do to get back my system?... 5 What should
More information(b) slack file space.
Hidden Files A Computer Forensics Case Study Question Paper 1. Outline the meaning of the following terms: (a) cookie, [2 marks] A cookie is data stored locally that is used by some websites for data that
More informationNAZARETH CATHOLIC COLLEGE 1-1 LAPTOP PROGRAM Policies & Procedures. (March 2012)
NAZARETH CATHOLIC COLLEGE 1-1 LAPTOP PROGRAM Policies & Procedures (March 2012) Contents Ownership... 3 Privately-owned devices... 4 Optional peripherals... 4 Warranty & Insurance... 4 Stolen or Lost Laptops...
More informationVMware Virtualization and Software Development
VMware Virtualization and Software Development 1 VMware Virtualization and Software Development Mark Cloutier Undergraduate Student, Applied Math and Computer Science Keywords: Virtualization, VMware,
More informationWindows Data Recovery Home 6.0
Installation Guide Stellar Phoenix Windows Data Recovery Home 6.0 Overview Stellar Phoenix Windows Data Recovery - Home edition is a complete solution to recover lost data from your hard disks and removable
More informationHow do you test to determine which backup and restore technology best suits your business needs?
KEY CRITERIA WHEN SELECTING BACKUP AND RESTORE TECHNOLOGY FOR WINDOWS SYSTEMS How do you test to determine which backup and restore technology best suits your business needs? Real-Time Recovery delivers
More informationAcronis True Image 2015 REVIEWERS GUIDE
Acronis True Image 2015 REVIEWERS GUIDE Table of Contents INTRODUCTION... 3 What is Acronis True Image 2015?... 3 System Requirements... 4 INSTALLATION... 5 Downloading and Installing Acronis True Image
More informationMapping the Technical Dependencies of Information Assets
Mapping the Technical Dependencies of Information Assets This guidance relates to: Stage 1: Plan for action Stage 2: Define your digital continuity requirements Stage 3: Assess and manage risks to digital
More informationAcronis Backup & Recovery 11
Acronis Backup & Recovery 11 Quick Start Guide Applies to the following editions: Advanced Server Virtual Edition Advanced Server SBS Edition Advanced Workstation Server for Linux Server for Windows Workstation
More informationNIST CFTT: Testing Disk Imaging Tools
NIST CFTT: Testing Disk Imaging Tools James R. Lyle, Ph.D. Computer Scientist National Institute of Standards and Technology 1. Introduction There is a critical need in the law enforcement community to
More informationOpen Source Digital Forensics Tools
The Legal Argument 1 carrier@cerias.purdue.edu Abstract This paper addresses digital forensic analysis tools and their use in a legal setting. To enter scientific evidence into a United States court, a
More informationFirmware security features in HP Compaq business notebooks
HP ProtectTools Firmware security features in HP Compaq business notebooks Embedded security overview... 2 Basics of protection... 2 Protecting against unauthorized access user authentication... 3 Pre-boot
More informationPreparing Your Computer for LFS101x. July 11, 2014 A Linux Foundation Training Publication www.linuxfoundation.org
Preparing Your Computer for LFS101x July 11, 2014 A Linux Foundation Training Publication www.linuxfoundation.org This class is intended to be very hands-on: in order to learn about Linux you must use
More informationBlackBerry 10.3 Work and Personal Corporate
GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network
More informationDocument Storage Tips: Inside the Email Vault
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Document Storage Tips: Inside the Email Vault Law360,
More informationIntegrated Accounting System for Mac OS X and Windows
Integrated Accounting System for Mac OS X and Windows Program version: 6.2 110111 2011 HansaWorld Ireland Limited, Dublin, Ireland Preface Books by HansaWorld is a powerful accounting system for the Mac
More informationAcronis Backup & Recovery Online Stand-alone. User Guide
Acronis Backup & Recovery Online Stand-alone User Guide Table of contents 1 Introduction to Acronis Backup & Recovery Online... 4 1.1 What is Acronis Backup & Recovery Online?... 4 1.2 What data can I
More informationUSB Flash Memory TransMemory-EX II TM
USB Flash Memory TransMemory-EX II TM Security Software User Manual TOSHIBA Corporation Semiconductor & Storage Products Company Contents Chapter 1: Introduction... 2 Chapter 2: System Requirements...
More informationImaging Computing Server User Guide
Imaging Computing Server User Guide PerkinElmer, Viscount Centre II, University of Warwick Science Park, Millburn Hill Road, Coventry, CV4 7HS T +44 (0) 24 7669 2229 F +44 (0) 24 7669 0091 E cellularimaging@perkinelmer.com
More informationWDL RemoteBunker Online Backup For Client Name
WDL RemoteBunker Online Backup For Client Name November, 2011 Contact Phone: +234 802 698 7025 Email: commercials@webdatalinks.com remotebunker@webdatalinks.com http://remotebunker.webdatalinks.com INTRODUCTION
More informationCase study on asset tracing
Recovering Stolen Assets: A Practitioner s Handbook ARNO THUERIG * Case study on asset tracing I. Case study background The client adviser of a Swiss private bank transferred approximately USD 1 million
More informationThe Enhanced Digital Investigation Process Model
The Enhanced Digital Investigation Process Model Venansius Baryamureeba and Florence Tushabe barya@ics.mak.ac.ug, tushabe@ics.mak.ac.ug Institute of Computer Science, Makerere University P.O.Box 7062,
More informationImaging License Server User Guide
IMAGING LICENSE SERVER USER GUIDE Imaging License Server User Guide PerkinElmer Viscount Centre II, University of Warwick Science Park, Millburn Hill Road, Coventry, CV4 7HS T +44 (0) 24 7669 2229 F +44
More informationTECHNOLOGY ACCEPTABLE USE POLICY
Policy Statement TECHNOLOGY ACCEPTABLE USE POLICY Reason for Policy/Purpose The purpose of this policy is to provide guidelines to the acceptable and ethical behavior that guides use of information and
More informationHow To Use Gfi Mailarchiver On A Pc Or Macbook With Gfi Email From A Windows 7.5 (Windows 7) On A Microsoft Mail Server On A Gfi Server On An Ipod Or Gfi.Org (
GFI MailArchiver for Exchange 4 Manual By GFI Software http://www.gfi.com Email: info@gfi.com Information in this document is subject to change without notice. Companies, names, and data used in examples
More informationCloudFTP: A free Storage Cloud
CloudFTP: A free Storage Cloud ABSTRACT: The cloud computing is growing rapidly for it offers on-demand computing power and capacity. The power of cloud enables dynamic scalability of applications facing
More informationThe Virtual Digital Forensics Lab: Expanding Law Enforcement Capabilities
Briefing Paper The Virtual Digital Forensics Lab: Expanding Law Enforcement Capabilities Sean A. Ensz University of Oklahoma 200 Felgar Street, Norman, Oklahoma 73019 405.325.3954 Office 405.325.1633 Fax
More informationHitachi Content Platform (HCP)
Copyright 2014 A*STAR Version 1.0 Hitachi Content Platform (HCP) HCP and HCP Anywhere Features Evaluation THIS DOCUMENT AND THE INFORMATION CONTAINED HEREIN IS PROVIDED ON AN "AS IS" BASIS WITHOUT ANY
More informationCentral and Eastern European Data Theft Survey 2012
FORENSIC Central and Eastern European Data Theft Survey 2012 kpmg.com/cee KPMG in Central and Eastern Europe Ever had the feeling that your competitors seem to be in the know about your strategic plans
More informationRecover My Files v5.2.1. Test Results for Video File Carving Tool
Recover My Files v5.2.1 Test Results for Video File Carving Tool October 22, 2014 This report w as prepared for the Department of Homeland Security Science and Technology Directorate Cyber Security Division
More informationTen Deadly Sins of Computer Forensics
Ten Deadly Sins of Computer Forensics Cyber criminals take advantage of the anonymity of the Internet to escape punishment. Computer Forensics has emerged as a new discipline to counter cyber crime. This
More informationA+ Guide to Software: Managing, Maintaining, and Troubleshooting, 5e. Chapter 3 Installing Windows
: Managing, Maintaining, and Troubleshooting, 5e Chapter 3 Installing Windows Objectives How to plan a Windows installation How to install Windows Vista How to install Windows XP How to install Windows
More informationMSc Forensic Computing Project Proposal from Richard Howley
Suggested title: MSc Forensic Computing Project Proposal from Richard Howley Forensic Tools and Techniques: A critical review of current and future professional practice. Digital forensics (DF) is a new
More informationPromoting Digital Forensics Awareness through the University of Alaska Fairbanks ASSERT Center
Promoting Digital Forensics Awareness through the University of Alaska Fairbanks ASSERT Center Kara Nance, Brian Hay, Christopher Hecker ASSERT Center, University of Alaska Fairbanks ffkln@uaf.edu, brian.hay@uaf.edu,
More informationAcronis Backup & Recovery Online Stand-alone. User Guide
Acronis Backup & Recovery Online Stand-alone User Guide Table of contents 1 Introduction to Acronis Backup & Recovery Online...4 1.1 What is Acronis Backup & Recovery Online?... 4 1.2 What data can I back
More informationE-mail Management: A Guide For Harvard Administrators
E-mail Management: A Guide For Harvard Administrators E-mail is information transmitted or exchanged between a sender and a recipient by way of a system of connected computers. Although e-mail is considered
More informationExchange Mailbox Protection Whitepaper
Exchange Mailbox Protection Contents 1. Introduction... 2 Documentation... 2 Licensing... 2 Exchange add-on comparison... 2 Advantages and disadvantages of the different PST formats... 3 2. How Exchange
More informationDeveloping A Successful Patch Management Process
Developing A Successful Patch Management Process White Paper FoxGuard Solutions, Inc. August 2014 Introduction Almost every day, new vulnerabilities are discovered and disclosed to software vendors, who
More informationComparing and Contrasting Windows and Linux Forensics. Zlatko Jovanovic. International Academy of Design and Technology
Comparing and Contrasting Windows and Linux Forensics Zlatko Jovanovic International Academy of Design and Technology Abstract Windows and Linux are the most common operating systems used on personal computers.
More informationComputer Forensics Processing Checklist. Pueblo High-Tech Crimes Unit
Computer Forensics Processing Checklist Pueblo High-Tech Crimes Unit Cmdr. Dave Pettinari Pueblo County Sheriff's Office davepet@cops.org The purpose of this document is to provide computer forensic technicians
More informationAns.: You can find your activation key for a Recover My Files by logging on to your account.
Faqs > Recover Q1. I lost my activation key Ans.: You can find your activation key for a Recover My Files by logging on to your account. Q2. I purchased on-line, when will my activation key be sent to
More informationLuth Research Whitepaper 7/24/2014
Luth Research Whitepaper Are You Seeing The Full Digital Picture? Find out how monitoring your customers entire online journey, not just the last click, can change your ad effectiveness measurement. This
More informationInstaFile. Complete Document management System
InstaFile Complete Document management System Index : About InstaFile 1.1 What is InstaFile 1.2 How does it work 1.3 Where you can use InstaFile 1.4 Why only InstaFile InstaFile features and benefits Start
More informationFile System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1
File System Forensics FAT and NTFS 1 FAT File Systems 2 File Allocation Table (FAT) File Systems Simple and common Primary file system for DOS and Windows 9x Can be used with Windows NT, 2000, and XP New
More informationUSB flash drive (128MB,256MB,512MB,1GB,2GB,4GB)
USB flash drive (128MB,256MB,512MB,1GB,2GB,4GB) Despite the different brands and names you've heard for USB flash drives JumpDrives, Pocket drives, Pen drives, and Thumb drives they all pretty much operate
More informationHow to Use Windows Firewall With User Account Control (UAC)
Keeping Windows 8.1 safe and secure 14 IN THIS CHAPTER, YOU WILL LEARN HOW TO Work with the User Account Control. Use Windows Firewall. Use Windows Defender. Enhance the security of your passwords. Security
More informationBOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February 2006. Title: Information Security Policy
BOARD OF DIRECTORS PAPER COVER SHEET Meeting date: 22 February 2006 Agenda item:7 Title: Purpose: The Trust Board to approve the updated Summary: The Trust is required to have and update each year a policy
More information2.6.1 Creating an Acronis account... 11 2.6.2 Subscription to Acronis Cloud... 11. 3 Creating bootable rescue media... 12
USER'S GUIDE Table of contents 1 Introduction...3 1.1 What is Acronis True Image 2015?... 3 1.2 New in this version... 3 1.3 System requirements... 4 1.4 Install, update or remove Acronis True Image 2015...
More informationScoMIS Encryption Service
Introduction This guide explains how to install the ScoMIS Encryption Service Software onto a laptop computer. There are three stages to the installation which should be completed in order. The installation
More informationSecureDoc Disk Encryption Cryptographic Engine
SecureDoc Disk Encryption Cryptographic Engine FIPS 140-2 Non-Proprietary Security Policy Abstract: This document specifies Security Policy enforced by SecureDoc Cryptographic Engine compliant with the
More informationHP RDX Continuous Data Protection Software Quickstart Guide
HP RDX Continuous Data Protection Software Quickstart Guide *5697-3351* HP Part Number: 5697-3351 Published: May 2014 Edition: Fourth Copyright 2008 2014 Hewlett-Packard Development Company, L.P. Microsoft,
More informationDacorum U3A Apple Mac Users Group Agenda TUESDAY 7th July 2015 Time Machine Backups for your MAC & ipad?
Agenda TUESDAY 7th July 2015 Time Machine Backups for your MAC & ipad? 1 Overview Time Machine Backups Mac Basics: Time Machine backs up your Mac Time Machine is the built-in backup feature of OS X. It
More informationTRACING VNC AND RDP PROTOCOL ARTEFACTS ON WINDOWS MOBILE AND WINDOWS SMARTPHONE FOR FORENSIC PURPOSE
TRACING VNC AND RDP PROTOCOL ARTEFACTS ON WINDOWS MOBILE AND WINDOWS SMARTPHONE FOR FORENSIC PURPOSE Abstract Paresh Kerai School of Computer and Security Science Edith Cowan University Perth, Western
More informationEdinburg Napier University. Cloud-based Digital Forensics Evaluation Test (D-FET) Platform
Edinburg Napier University Cloud-based Digital Forensics Evaluation Test (D-FET) Platform Flavien Flandrin 6/10/2011 Executive Summary Digital forensics is nowadays commonly used to provide evidence in
More informationPREREQUISITE(S): CTS 1131, CTS 1133 and CTS 1120
Form 2A, Page 1 FLORIDA STATE COLLEGE AT JACKSONVILLE COLLEGE CREDIT COURSE OUTLINE COURSE NUMBER: CAP 2140 COURSE TITLE: Data Forensics I PREREQUISITE(S): CTS 1131, CTS 1133 and CTS 1120 COREQUISITE(S):
More information