THE NATIONAL JUDICIAL COLLEGE
|
|
- Edwin Richard
- 8 years ago
- Views:
Transcription
1 THE NATIONAL JUDICIAL COLLEGE E DUCATION I NNOVATION A DVANCING J USTICE TYPES OF DIGITAL EVIDENCE & INTRODUCTION TO FORENSICS DIVIDER 2 Professor Thomas K. Clancy OBJECTIVES: After this session, you will be able to: 1. Define cyber crime ; 2. Define and describe digital evidence ; 3. Identify devices and locations where digital evidence may be found; 4. Define basic computer and digital forensics; and 5. Identify and describe the basic practices, principles, and tools used in digital forensics. REQUIRED READING: PAGE Thomas K. Clancy, Types of Digital Evidence & Introduction to Forensics (May 2011) [NCJRL PowerPoint]...1 SI: TECHNOLOGY ASSISTED CRIMES AGAINST CHILDREN: INVESTIGATIVE TECHNIQUES AND PRETRIAL MOTIONS MAY 19-20, 2011 RENO, NV WB/KZ
2 types of digital evidence and introduction to forensics Thomas K. Clancy Director copyright, National Center for Justice and the Rule of Law & Thomas K. Clancy, all rights reserved, the good old days Data Generated in billion gigabytes 12 stacks of books reaching to the Sun 3 million times all the books ever written need 2+ billion ipods to hold it 1
3 Data Generated in trillion gigabytes (1.2 zettabytes) 89 stacks of books each reaching from Earth to Sun 22 million times all books ever written need more than 750 million ipods to hold it 90 trillion s sent in 2009 Projections! In 2020: 35 zettabytes will be produced All words ever spoken, written 7 times the crime scene 2
4 Cyber Crime Computer crime Network crime Computer-related crime Computer-facilitated crime High tech crime Internet crime or Online crime Information age crime Any crime in which a computer or other digital device plays a role, and thus involves digital evidence. new crimes & new techniques computer as Target unauthorized access, damage, theft spam, viruses, worms denial of service attacks computer as Tool fraud threats, harassment child pornography computer as Container from drug dealer records to how to commit murder just a murder! studied currents researched bodies of water including San Fran Bay how to make cement anchors tide charts had 5 home computers 3
5 Digital Evidence Information of probative value that is stored or transmitted in binary form and may be relied upon in court. two types: 1. user created 2. computer created Digital Evidence User-created Text (documents, , chats, instant messages) Address books Bookmarks Databases Images (photos, drawings, diagrams) Video and sound (films, voice mail,.wav files) Web pages Hidden files Computer-created Digital Evidence headers Metadata Activity logs Browser cache, history, cookies Backup and registry files Configuration files Printer spool files Swap files and other transient data Surveillance tapes, recordings 4
6 X-Default-Received-SPF: pass (skip=forwardok (res=pass)) x-ip-name= ; Received: from umavas4.olemiss.edu (unverified [ ]) by olemiss.edu (Surg 4.3k) with ESMTP id for Sat, 21 Aug :25: Return-Path: Received: from umavas4.olemiss.edu (localhost [ ]) by localhost (Postfix) with SMTP id 962DC56129 for Sat, 21 Aug :10: (CDT) Received: from dotcexc01.dotcomm.org (citygov2.ci.omaha.ne.us [ ]) by umavas4.olemiss.edu (Postfix) with SMTP id 519ED56122 for Sat, 21 Aug :10: (CDT) Received: from doucntyexc01.dc.dotcomm.org ([ ]) by dotcexc01.dotcomm.org with Microsoft SMTPSVC( ); Sat, 21 Aug :25: X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_nextpart_001_01cb417f.cf72fbcd" Subject: U.S. v. Pineda-Moreno - 9th Circuit Date: Sat, 21 Aug :25: Message-ID: <4B3D977BB7B6F44C913EF0C991CBC0BF026772@doucntyexc01.DC.dotcomm.org> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: U.S. v. Pineda-Moreno - 9th Circuit Thread-Index: ActBf89ds1yLF+k+TDamy5/xDZKq4Q== From: "Gleason, James \(DC Court\)" <James.Gleason@dc4dc.com> To: <tclancy@olemiss.edu> Return-Path: James.Gleason@dc4dc.com X-OriginalArrivalTime: 21 Aug :25: (UTC) FILETIME=[CFA8F680:01CB417F] X-PMX-Version: , Antispam-Engine: , Antispam-Data: X-Rcpt-To: <tclancy@olemiss.edu> X-LangGuess: English X-myrbl: Color=White Age=22 Spam=0 Notspam=0 ip= X-IP-stats: Incoming Last 0, First 22, in=643654, out=0, spam=0 ip= Status: U X-UIDL: 8923 meta data Information about the Data 5
7 track changes function reviewer comments digital camera images -- metadata date, time taken exposure information (lens, focal length, flash, F-stop, shutter speed) serial number description of photograph location where taken 6
8 metadata! State v. Carroll, 778 N.W.2d 1 (Wis. 2010) possession of firearm by felon pic of self holding semiautomatic weapon expert: metadata: date and time image created date and time automatically updated by cell phone towers Forms of digital files Present / Active Documents, spreadsheets, images, , etc. Archive Backups Deleted eeted Files left in slack and unallocated space Temporary Cache, print records, Internet usage records, etc. Encrypted or otherwise hidden Compressed or corrupted 7
9 sources of digital evidence phones, PDAs Motorola Droid Bionic vs. Apple iphone 4 vs. HTC Thunderbolt 8
10 cameras transformer camera mp3 player Digital devices 9
11 games Digital storage devices Digital devices 10
12 Digital picture frames wallets Digital devices 11
13 wireless networks & devices More Digital device 12
14 GPS fax machine check out the video 2009 dodge ram with wi fi 13
15 Vehicle black boxes - Event data recorders Digital surveillance 14
16 GPS devices RFID implants how they work: benefits? 15
17 Computer Forensics An Introductory Overview What It s NOT It is Not quick, easy, or sexy. 16
18 Crime Scene Crime Scene Computers Are Digital Devices A computer is like a light switch Switch Computer Binary Symbol ON signal present 1 OFF no signal present 0 Each 0 or 1 is a BIT (for BINARY DIGIT) = = 2 (2+0) = 3 (2+1) An 8-bit sequence = 1 byte = a keystroke 17
19 Forensics Application of scientific techniques to: finding preserving exploiting evidence to establish evidentiary basis to argue about facts in court cases Computer Forensics Involves preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis pre-defined procedures usually followed -- but flexibility is needed because the unusual will be encountered Essentially post-mortem -- but evolving Computer Forensics steps Seizing computer evidence Imaging seized materials Examining image for evidence Presenting digital evidence in court 18
20 Basic goals 3 A s Acquire evidence without altering original Authenticate that acquired evidence is same as data originally seized Analyze evidence without modifying it Acquiring evidence Seizing computer: Bag and Tag Handling computer evidence carefully Chain of custody Evidence collection Evidence identification Transportation Storage Making at least two images of each evidence container Perhaps 3 in criminal cases one for discovery Documenting, Documenting, Documenting Write Blockers Hard drives are imaged using hardware write blockers 19
21 Preserving Digital Evidence Forensic Image or Duplicate Clone of entire drive Every bit & byte Erased & reformatted data Data in slack & unallocated space Virtual memory data Authenticating Evidence Proving evidence is exactly same as on seized digital device Calculating l hash h values for original i evidence and duplicates SHA (Secure Hash Algorithm) (NSA/NIST) MD5 (Message-Digest algorithm 5) MD5 Hash 128-bit (16-byte) message digest sequence of 32 hexadecimal digits The quick brown fox jumps over the lazy dog 9e107d9d372bb6826bd81d3542a419d6 The quick brown fox jumps over the lazy dog. e4d909c290d0fb1ca068ffaddf22cbd0 20
22 Accurate? Acquisition Hash: 3FDSJO90U43JIVJU904FRBEWH Verification Hash: 3FDSJO90U43JIVJU904FRBEWH Chances two different inputs producing same MD5 Hash is greater than: 1 in 340 Unidecillion = 1 in 340,000,000,000,000,000,000,000,000,000,000,000,000 Hashing an Image MD c96bc7a6a e78e7a371 SHA1 77fe03b07c0063cf35dc268b19f5a449e5a97386 (single pixel changed using Paint program) MD5 ea8450e5e8cf1a1c17c6effccd95b484 SHA1 01f57f330fb06c16d5872f5c1decdfeb88b69cbc Analyzing evidence never work on original! Prevents damage to original evidence Two backups of evidence One to work on One to copy from if working copy is altered Analyze everything clues may be in areas or files seemingly unrelated 21
23 Popular Automated Tools ILook Investigator Rights owned by IRS Encase Guidance Software Forensic Tool Kit (FTK) Access Data locations to Analyze Existing Files Mislabeled Hidden Deleted Files Trash Bin Show up in directory listing with in place of first letter taxes.xls appears as axes.xls Free Space Slack Space Swap Space 22
24 Free Space Currently unoccupied, or unallocated space May have held information before Valuable source of data Deleted files Files moved during defragmentation Old virtual memory Slack Space Space not occupied by active file but not available for use by operating system Every file in computer fills minimum amount of space size of files old computers: one kilobyte, or 1,024 bytes. new computers: 32 kilobytes, or 32,768 bytes So... If file is 2,000 bytes long, everything after 2000 th byte is slack space Swap Space Virtual Memory How much depends on operating system and user s desires Virtual memory is volatile memory When computer tuned off, virtual memory is still there, but now is free space. When computer turned back on, virtual memory is erased. 23
25 Inside a Hard Drive Hard Drives Hard drives have multiple platters Photos from Hard drives have multiple platters Spindle (reads platter head) Photos from 24
26 Hard Drives Each platter has various components Hard Drives Platters have TRACKS Hard Drives Platters also have CLUSTERS 25
27 Hard Drives x xxxx Files are written clusters x xx x x x x x One file may write to non-contiguous clusters One file may take more or less than one cluster Slack Space Unallocated space (unused) File 1 stored in active file space. Slack space (end of cluster) File 2 stored in active file space. How Slack Is Generated File B (Draft in RAM) File B (Saved to disk) File A ( Erased, on disk) Remains of File A (Slack) Slack space: area between end of file and end of storage unit 26
28 A file is written to hard drive cluster(s) Annual Report.xls Section: 325 Cluster: 294 computer uses pointers to track where each file is located Deleted Files A deleted file remains in the place it was originally. XXXXX XXXX X Annual Report.xls Only the computer pointers are removed. The actual file is still in place the system just can t find it. The original space is now known as UNALLOCATED space. Important Sources of Digital Evidence Internet History Temp Files (cache, cookies etc ) Slack/Unallocated space Buddy Lists, chat room records, personal profiles, etc News Groups, club listings, i postings Settings, file names, storage dates Metadata ( header information) Software/Hardware added File Sharing ability 27
29 Countermeasures Ways to hide data Encryption Password protection schemes Steganography Steganography example StenographyOriginal.png ( pixels, file size: 88 KB) StenographyRecovered.png ( pixels, file size: 19 KB) 28
Digital Evidence and Computer Forensics
Digital Evidence and Computer Forensics Don Mason Associate Director Copyright 2012 National Center for Justice and the Rule of Law All Rights Reserved Objectives After this session, you will be able to:
More informationOverview of Computer Forensics
Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National
More informationMSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1
MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:
More informationTHE NATIONAL JUDICIAL COLLEGE
E DUCATION I NNOVATION A DVANCING J USTICE THE NATIONAL JUDICIAL COLLEGE OUTSIDE THE BOX: INTERNET & NETWORK TECHNOLOGY DIVIDER 7 Professor Donald R. Mason OBJECTIVES: After this session, you will be able
More informationHands-On How-To Computer Forensics Training
j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE
More informationDigital Forensics for Attorneys Overview of Digital Forensics
Lars Daniel,, EnCE, ACE, CTNS Digital Forensic Examiner Digital Forensics for Attorneys Overview of Digital Forensics Digital Forensics For Attorneys Overview of Digital Forensics Types of Digital Evidence
More informationComputer Forensics as an Integral Component of the Information Security Enterprise
Computer Forensics as an Integral Component of the Information Security Enterprise By John Patzakis 10/28/03 I. EXECUTIVE SUMMARY In addition to fending off network intrusions and denial of service attacks,
More informationThe Internet and Network Technologies
The Internet and Network Technologies Don Mason Associate Director Copyright 2013 National Center for Justice and the Rule of Law All Rights Reserved Inside vs. Outside Inside the Box What the computer
More informationEC-Council Ethical Hacking and Countermeasures
EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.
More informationAn overview of IT Security Forensics
An overview of IT Security Forensics Manu Malek, Ph.D. Stevens Institute of Technology mmalek@ieee.org www.cs.stevens.edu/~mmalek April 2008 IEEE Calif. 1 Outline Growing Threats/Attacks Need for Security
More informationAbout Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics
Larry E. Daniel, EnCE, DFCP, BCE Digital Forensic Examiner Digital Forensics for Attorneys An Overview of Digital Forensics About Your Presenter EnCase Certified Examiner (EnCE) Digital Forensics Certified
More informationInformation Technology Audit & Forensic Techniques. CMA Amit Kumar
Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques
More informationIncident Response and Computer Forensics
Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident
More informationThe Dimensions of Cyber Crime
The Dimensions of Cyber Crime Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials appear as 2, CYBER CRIME AND ITS DIMENSIONS,
More informationThe Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices
The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations
More informationNational District Attorneys Association National Center for Prosecution of Child Abuse. Computer Forensics for Prosecutors
National District Attorneys Association National Center for Prosecution of Child Abuse Computer Forensics for Prosecutors February 18-19, 2013 Portland, Oregon Detective Michael Smith Computer Crimes &
More informationIAPE STANDARDS SECTION 16 DIGITAL EVIDENCE
IAPE STANDARDS SECTION 16 DIGITAL EVIDENCE IAPE STANDARD SECTION 16.1 DIGITAL EVIDENCE Standard: Digital evidence is a critical element of modern criminal investigation that should be maintained in strict
More informationDigital Evidence Search Kit
Digital Evidence Search Kit K.P. Chow, C.F. Chong, K.Y. Lai, L.C.K. Hui, K. H. Pun, W.W. Tsang, H.W. Chan Center for Information Security and Cryptography Department of Computer Science The University
More informationDigital Forensics. Tom Pigg Executive Director Tennessee CSEC
Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze
More informationDigital Forensic Techniques
Digital Forensic Techniques Namrata Choudhury, Sr. Principal Information Security Analyst, Symantec Corporation Professional Techniques T23 CRISC CGEIT CISM CISA AGENDA Computer Forensics vs. Digital Forensics
More informationIntroduction. IMF Conference September 2008
Live Forensic Acquisition as Alternative to Traditional Forensic Processes Marthie Lessing* Basie von Solms Introduction The Internet and technology developments introduced a sharp increase in computer
More informationComputer Forensics. Securing and Analysing Digital Information
Computer Forensics Securing and Analysing Digital Information Aims What is a computer? Where is the evidence? Why is digital forensics important? Seizing evidence Encryption Hidden files and folders Live
More informationElectronically Stored Information
Electronically Stored Information Robert Avery Chief, Laboratory Services MI Dept. Natural Resources and Environment E S Electronically I Stored Information On December 1, 2006, new amendments to the Federal
More informationElectronic Crime Scene Investigation: A Guide for First Responders, Second Edition
APR. 08 Electronic Crime Scene Investigation: A Guide for First Responders, Second Edition Cover photographs copyright 2001 PhotoDisc, Inc. NCJ 219941 Chapter 1. Electronic Devices: Types, Description,
More informationCOMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)
COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching
More informationWhere is computer forensics used?
What is computer forensics? The preservation, recovery, analysis and reporting of digital artifacts including information stored on computers, storage media (such as a hard disk or CD-ROM), an electronic
More information"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure
ICPAK ANNUAL FORENSIC AUDIT CONFERENCE Digital Forensics in Fraud & Corruption Investigations 9 October 2014 Leisure Lodge Hotel, Diani Kenya Faith Basiye, CFE Head Group Forensic Services KCB Banking
More informationITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT
ITU Session Four: Device Imaging And Analysis Mounir Kamal Q-CERT 2 Applying Forensic Science to Computer Systems Like a Detective, the archaeologist searches for clues in order to discover and reconstruct
More informationIntroduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014
Introduction to Data Forensics Jeff Flaig, Security Consultant January 15, 2014 WHAT IS COMPUTER FORENSICS Computer forensics is the process of methodically examining computer media (hard disks, diskettes,
More informationLecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation
Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene
More informationDigital Forensics Tutorials Acquiring an Image with FTK Imager
Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,
More informationGetting Physical with the Digital Investigation Process
Getting Physical with the Digital Investigation Process Brian Carrier Eugene H. Spafford Center for Education and Research in Information Assurance and Security CERIAS Purdue University Abstract In this
More informationCYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad.
CYBER FORENSICS KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad. 11 DIGITAL EVIDENCE? Cyber crimes Digital evidence Digital evidence is any information of
More informationChapter 7 Securing Information Systems
1 Chapter 7 Securing Information Systems LEARNING TRACK 3: COMPUTER FORENSICS For thirty years, a serial murderer known as the BTK killer (standing for bind, torture, and kill) remained at large in Wichita,
More informationComputer Forensics Processing Checklist. Pueblo High-Tech Crimes Unit
Computer Forensics Processing Checklist Pueblo High-Tech Crimes Unit Cmdr. Dave Pettinari Pueblo County Sheriff's Office davepet@cops.org The purpose of this document is to provide computer forensic technicians
More informationForensics on the Windows Platform, Part Two
1 of 5 9/27/2006 3:52 PM Forensics on the Windows Platform, Part Two Jamie Morris 2003-02-11 Introduction This is the second of a two-part series of articles discussing the use of computer forensics in
More informationScientific Working Group on Digital Evidence
Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE requests notification by e-mail before or contemporaneous to the introduction of this document, or
More informationBreakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements
Breakfast Meeting: Securing your Secured Data Digital Forensics, Fraud and Forensic Advancements 9 April 2013 Facilitator: Dr. Sheau-Dong Lang, Coordinator Master of Science in Digital Forensics University
More informationBest Practices for Incident Responders Collecting Electronic Evidence
Best Practices for Incident Responders Collecting Electronic Evidence rev. April 2013 Prepared by: Rick Clyde Forensic Examiner rick.clyde@cwcsecurity.com M: (402) 709-6064 Chris Hoke Principal and Owner
More informationComputer Forensics. Part 1: An Introduction to Computer Forensics. Information Security and Forensics Society (ISFS) http://www.isfs.org.
Computer Forensics Part 1: An Introduction to Computer Forensics (ISFS) http://www.isfs.org.hk April 2004 2 Overview This document is designed to give non-technical readers an overview of computer forensics.
More informationIntroduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics
Introduction to Network Security Comptia Security+ Exam Domain 5 Computer Forensics Computer Forensics Forensics relates to the application of scientific knowledge and method to legal problems Investigating
More informationCERIAS Tech Report 2003-29 GETTING PHYSICAL WITH THE DIGITAL INVESTIGATION PROCESS. Brian Carrier & Eugene H. Spafford
CERIAS Tech Report 2003-29 GETTING PHYSICAL WITH THE DIGITAL INVESTIGATION PROCESS Brian Carrier & Eugene H. Spafford Center for Education and Research in Information Assurance and Security, Purdue University,
More informationInformation Technologies and Fraud
Information Technologies and Fraud Florin Gogoasa CISA, CFE, CGEIT, CRISC ACFE Romania - Founder and Board member Managing Partner Blue Lab Consulting Information Technologies for Fraud investigation A.
More informationComputer Forensic Capabilities
Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,
More information2. From a control perspective, the PRIMARY objective of classifying information assets is to:
MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected
More informationWhat is Digital Forensics?
DEVELOPING AN UNDERGRADUATE COURSE IN DIGITAL FORENSICS Warren Harrison PSU Center for Information Assurance Portland State University Portland, Oregon 97207 warren@cs.pdx.edu What is Digital Forensics?
More information(b) slack file space.
Hidden Files A Computer Forensics Case Study Question Paper 1. Outline the meaning of the following terms: (a) cookie, [2 marks] A cookie is data stored locally that is used by some websites for data that
More informationModern Digital Forensics!!
ISA 785 Research in Digital Forensics Modern Digital Forensics!! ISA 785! Angelos Stavrou, George Mason University! Modern Digital Forensics What s New 2! New Intellectual property concerns! IP/Brand related
More informationLectures 9 Advanced Operating Systems Fundamental Security. Computer Systems Administration TE2003
Lectures 9 Advanced Operating Systems Fundamental Security Computer Systems Administration TE2003 Lecture overview At the end of lecture 9 students can identify, describe and discuss: Main factors while
More informationState of the art of Digital Forensic Techniques
State of the art of Digital Forensic Techniques Enos K. Mabuto 1, H. S Venter 2 Department of Computer Science University of Pretoria, Pretoria, 0002, South Africa Tel: +27 12 420 3654 Email: nasbutos@yahoo.co.uk
More informationComputer Hacking Forensic Investigator v8
CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer
More informationDigital Forensics. Larry Daniel
Digital Forensics Larry Daniel Introduction A recent research report from The Yankee Group found that 67.6 percent of US households in 2002 contained at least one PC The investigators foresee three-quarters
More informationIncident Response and Forensics
Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer
More informationDigital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic
I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis
More informationDetection of Data Hiding in Computer Forensics. About Your Presenter
Detection of Data Hiding in Computer Forensics NEbraskaCERT Conference August 22nd, 2008 James E. Martin CISSP, JD About Your Presenter 2008-Present: Security Engineer, West Corporation 2004-2008: Senior
More information10/11/2012. Digital Forensics for Attorneys - Part 2. Digital Forensics For Attorneys. Experts. Larry E. Daniel, EnCE, DFCP, BCE
Larry E. Daniel, EnCE, DFCP, BCE Digital Forensics for Attorneys - Part 2 Experts, Analysis, Challenging Evidence Digital Forensics For Attorneys Part I Overview of Digital Forensics Types of Digital Evidence
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationEE 7376: Introduction to Computer Networks. Homework #3: Network Security, Email, Web, DNS, and Network Management. Maximum Points: 60
EE 7376: Introduction to Computer Networks Homework #3: Network Security, Email, Web, DNS, and Network Management Maximum Points: 60 1. Network security attacks that have to do with eavesdropping on, or
More informationPresentation Title Presentation Subtitle. The Unique Alternative to the Big Four
Presentation Title Presentation Subtitle The Unique Alternative to the Big Four Speaker Biography Tim L. Bryan, CPA/CFF/CITP, CISA, EnCE Senior Manager, Crowe Horwath LLP Forensic Technology Services Leader
More informationComputer Forensics Principles and Practices
Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 7: Investigating Windows, Linux, and Graphics Files Objectives Conduct efficient and effective investigations of Windows
More informationSignificance of Hash Value Generation in Digital Forensic: A Case Study
International Journal of Engineering Research and Development e-issn : 2278-067X, p-issn : 2278-800X, www.ijerd.com Volume 2, Issue 5 (July 2012), PP. 64-70 Significance of Hash Value Generation in Digital
More informationDigital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC
Digital Forensics: The aftermath of hacking attacks AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC Topics Digital Forensics: Brief introduction Case Studies Case I:
More informationFORENSIC ANALYSIS OF USB MEDIA EVIDENCE. Jesús Alexander García. Luis Alejandro Franco. Juan David Urrea. Carlos Alfonso Torres
FORENSIC ANALYSIS OF USB MEDIA EVIDENCE Jesús Alexander García Luis Alejandro Franco Juan David Urrea Carlos Alfonso Torres Manuel Fernando Gutiérrez UPB 2012 Content INTRODUCTION... 3 OBJECTIVE 4 EVIDENCE
More informationEnCase 7 - Basic + Intermediate Topics
EnCase 7 - Basic + Intermediate Topics Course Objectives This 4 day class is designed to familiarize the student with the many artifacts left behind on Windows based media and how to conduct a forensic
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student
More informationData storage devices that may be examined for data recovery. Clockwise from top left: External 60 GB data store; Opened internal hard drive; Server
Data storage devices that may be examined for data recovery. Clockwise from top left: External 60 GB data store; Opened internal hard drive; Server rack; Floppy disk; 60 GB data store original by author;
More informationComputer Forensics. Liu Qian, Fredrik Höglin, Patricia Alonso Diaz. Uppsala University 2007-10-08
Computer Forensics Liu Qian, Fredrik Höglin, Patricia Alonso Diaz Uppsala University 2007-10-08 Outline This PM will give a brief overview of the field of computer forensics, including background, definitions,
More informationScene of the Cybercrime Second Edition. Michael Cross
Scene of the Cybercrime Second Edition Michael Cross Chapter 1 Facing the Cybercrime Problem Head-On 1 Introduction 2 Defining Cybercrime 2 Understanding the Importance of Jurisdictional Issues 3 Quantifying
More informationCertified Digital Forensics Examiner
Cyber Security Training & Consulting Certified Digital COURSE OVERVIEW 5 Days 40 CPE Credits $3,000 Digital is the investigation and recovery of data contained in digital devices. This data is often the
More information2013 Boston Ediscovery Summit. Computer Forensics for the Legal Issue-Spotter
2013 Boston Ediscovery Summit Computer Forensics for the Legal Issue-Spotter 2006-2013 James Berriman CEO, Evidox Corporation A Preliminary Comment Issue spotting applies to the practice of ediscovery
More informationComputer Forensics Today
L A W, I N V E S T I G A T I O N S, A N D E T H I C S Computer Forensics Today Kelly J. (KJ) Kuchta When people hear the word forensics, it often generates a mental image of the movie series with Jack
More informationCOMPUTER FORENSICS IN THE BUSINESS ENVIRONMENT
COMPUTER FORENSICS IN THE BUSINESS ENVIRONMENT Neven Bratranek, Boris Bereček Teched Consulting Services Radnička cesta 80/VII, 10000 Zagreb, Croatia {nevenb, borisb}@teched.hr Robert Kopal Visoka poslovna
More informationTo Catch a Thief: Computer Forensics in the Classroom
To Catch a Thief: Computer Forensics in the Classroom Anna Carlin acarlin@csupomona.edu Steven S. Curl scurl@csupomona.edu Daniel Manson dmanson@csupomona.edu Computer Information Systems Department California
More informationFile System Forensics FAT and NTFS. Copyright Priscilla Oppenheimer 1
File System Forensics FAT and NTFS 1 FAT File Systems 2 File Allocation Table (FAT) File Systems Simple and common Primary file system for DOS and Windows 9x Can be used with Windows NT, 2000, and XP New
More informationLive View. A New View On Forensic Imaging. Matthiew Morin Champlain College
Live View A New View On Forensic Imaging Matthiew Morin Champlain College Morin 1 Executive Summary The main purpose of this paper is to provide an analysis of the forensic imaging tool known as Live View.
More informationAN INVESTIGATION INTO COMPUTER FORENSIC TOOLS
AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS K.K. Arthur 1 H.S. Venter 2 Information and Computer Security Architectures (ICSA) Research Group University of Pretoria Pretoria Department of Computer Science
More information716 West Ave Austin, TX 78701-2727 USA
Investigating by Computer Second edition GLOBAL Headquarters the gregor building 716 West Ave Austin, TX 78701-2727 USA VI. INVESTIGATING WITH DIGITAL FORENSICS The increasing usage of the Internet and
More informationChapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography
Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography What Is Steganography? Steganography Process of hiding the existence of the data within another file Example:
More information[DESCRIPTION OF CLAIM, INCLUDING RELEVANT ACTORS, EVENTS, DATES, LOCATIONS, PRODUCTS, ETC.]
What follows isn t the perfect preservation letter for your case, so don t simply treat it as a form. Use it as a drafting aid that flags issues unique to EDD, but tailor your preservation demand to the
More informationCONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS
Chapter 22 CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS April Tanner and David Dampier Abstract Research in digital forensics has yet to focus on modeling case domain information involved in investigations.
More informationBattling Current Technological Trends
Law Enforcement Incident Response to Cybercrimes & Battling Current Technological Trends Corey J. Bourgeois, Computer Forensic Examiner & David Ferris, Investigator Louisiana Department of Justice HTCU
More informationAdmissibility of Digital Photographs in Criminal Trials
Admissibility of Digital Photographs in Criminal Trials Keith Hodges, Senior Instructor, Keith.Hodges@dhs.gov Federal Law Enforcement Training Center Glynco, GA 1 What we will discuss Digital photos captured
More informationForensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)
s Unix Definition of : Computer Coherent application of a methodical investigatory techniques to solve crime cases. Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM) s Unix
More informationComputer Forensics CHAPTER
Computer Forensics 17 CHAPTER In this chapter, you will Learn the rules and types of evidence Review the collection of evidence Study the preservation of evidence Discover the importance of a viable chain
More informationCertified Secure Computer User
Certified Secure Computer User Course Outline Module 01: Foundations of Security Essential Terminologies Computer Security Why Security? Potential Losses Due to Security Attacks Elements of Security The
More informationComputer Forensics Basics, First Responder, Collection of Evidence
May 7, 2008 1 Computer Forensics Basics, First Responder, Collection of Evidence Omveer Singh Joint Director / Scientist D omveer@cert-in.org.in Indian Computer Emergency Response Team (CERT-In) Department
More informationComputer Forensics and What Is, and Is Not, There on Your Client s Computer. Rick Lavaty, Computer Systems Administrator, District of Arizona
Computer Forensics and What Is, and Is Not, There on Your Client s Computer Rick Lavaty, Computer Systems Administrator, District of Arizona Eddy Archibeque, Computer Systems Administrator, District of
More informationCyber Security Response to Physical Security Breaches
Cyber Security Response to Physical Security Breaches INTRODUCTION Physical break-ins and other unauthorized entries into critical infrastructure locations, such as electrical power substations, have historically
More informationCertified Information Systems Auditor (CISA)
Certified Information Systems Auditor (CISA) Course Introduction Course Introduction Module 01 - The Process of Auditing Information Systems Lesson 1: Management of the Audit Function Organization of the
More informationSmithsonian Institution Archives Guidance Update SIA. ELECTRONIC RECORDS Responsible Recordkeeping: Email Records. March 2007 SIA_EREC_03_07
SIA Smithsonian Institution Archives Guidance Update March 2007 ELECTRONIC RECORDS Responsible Recordkeeping: Email Records SIA_EREC_03_07 Highlights SIA_EREC_03_07 supersedes previous guidance Responsible
More informationSecurity Recommendations for Multifunction Printers Will Urbanski, Virginia Tech IT Security Office and Lab
Security Recommendations for Multifunction Printers Will Urbanski, Virginia Tech IT Security Office and Lab September, 2010 Security Recommendations for Multifunction Printers 2 Overview With the rise
More informationOperating Systems Forensics
Operating Systems Forensics Section II. Basic Forensic Techniques and Tools CSF: Forensics Cyber-Security MSIDC, Spring 2015 Nuno Santos Summary! Windows boot sequence! Relevant Windows data structures!
More informationCase Study: Mobile Device Forensics in Texting and Driving Cases
Case Study: Mobile Device Forensics in Texting and Driving Cases Company Profile McCann Investigations is a full service private investigation firm providing complete case solutions by employing cutting-edge
More informationJust EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012
Just EnCase Presented By Larry Russell CalCPA State Technology Committee May 18, 2012 What is e-discovery Electronically Stored Information (ESI) Discover or Monitor for Fraudulent Activity Tools used
More informationFile System Management
Lecture 7: Storage Management File System Management Contents Non volatile memory Tape, HDD, SSD Files & File System Interface Directories & their Organization File System Implementation Disk Space Allocation
More informationComputer Forensics. An Introduction. Seamus E. Byrne Director, Forensics, KordaMentha. For Bond University. 29 March 2011
1 Computer Forensics An Introduction Seamus E. Byrne Director, Forensics, KordaMentha For Bond University 29 March 2011 2 Disclaimer This presentation is made available by Seamus E. Byrne, an Australian
More informationUsing Computer Forensics in your Investigations
Deloitte Financial Advisory Services LLP Using Computer Forensics in your Investigations Presented to: ISACA Los Angeles Chapter Dave Nardoni January 12 th, 2010 Agenda Introduction Analytic & Forensic
More informationDigital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government
Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government Briefing W. Frisch 1 Outline Digital Identity Management Identity Theft Management
More informatione-discovery Forensics Incident Response
e-discovery Forensics Incident Response NetSecurity Corporation 21351 Gentry Drive Suite 230 Dulles, VA 20166 VA DCJS # 11-5605 Phone: 703.444.9009 Toll Free: 1.866.664.6986 Web: www.netsecurity.com Email:
More information