Computer Forensics introduction part A



Similar documents
Tuskegee University Department of Computer Science Course No: CSCI 390 (Computer Forensics) Fall MWF 1:00-2:300, BRIM 301

CTC 328: Computer Forensics

CYBER FORENSICS (W/LAB) Course Syllabus

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York

DIGITAL FORENSICS SPECIALIZATION IN BACHELOR OF SCIENCE IN COMPUTING SCIENCE PROGRAM

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

Kaspersky Lab s Full Disk Encryption Technology

COS/PSA 412 Computer Forensics and Investigations

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)

CDFE Certified Digital Forensics Examiner (CFED Replacement)

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

Developing Computer Forensics Solutions for Terabyte Investigations

CCE Certification Competencies

EnCase 7 - Basic + Intermediate Topics

information security and its Describe what drives the need for information security.

RE: School of Computer Forensic Investigation, Class 7, Eastern Michigan University

Course Title: Computer Forensic Specialist: Data and Image Files

COWLEY COLLEGE & Area Vocational Technical School

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Open Source and Incident Response

MSc Computer Security and Forensics. Examinations for / Semester 1

What is Digital Forensics?

CSN08101 Digital Forensics. Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak

Understanding Backup and Recovery Methods. Lesson 8

ANNE ARUNDEL COMMUNITY COLLEGE ARNOLD, MARYLAND COURSE OUTLINE CATALOG DESCRIPTION

Computer Forensics (3 credit hours)

Computer Forensic Tools. Stefan Hager

CSI Crime Scene Investigations

The Role of Digital Forensics within a Corporate Organization

Master of Science in Information Systems & Security Management. Courses Descriptions

(Instructor-led; 3 Days)

TECHNICAL OPERATIONS DIVISION LESSON PLAN

Guide to Computer Forensics and Investigations, Second Edition

IS 6363 Computer Forensics Spring 2006

Computer Forensics Principles and Practices

Introduction to Computer Forensics Course Syllabus Spring 2012

Where is computer forensics used?

CompTIA Security+ In this course, you will implement, monitor, and troubleshoot infrastructure, application, information, and operational security.

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Monfort College of Business Semester Course Syllabus ( )

CST 244 Computer Forensics and Investigation Spring, 2010

CYBER SECURITY SPECIALIZATION. Dr. Andreas Peter Services, Cyber Security, and Safety Group

Computer Security Courses/Programs

I. PREREQUISITES For information regarding prerequisites for this course, please refer to the Academic Course Catalog.

FedVTE Training Catalog SUMMER advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

EC-Council Ethical Hacking and Countermeasures

LINUX / INFORMATION SECURITY

e-discovery Forensics Incident Response

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

Criminal Justice: Law Enforcement Technology

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

FedVTE Training Catalog SPRING advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov

REGULATIONS ON STUDENT EVALUATION AND ASSESSMENT AT THE FACULTY OF CIVIL ENGINEERING, UNIVERSITY OF RIJEKA CONSOLIDATED TEXT


Digital Forensics Lecture 3. Hard Disk Drive (HDD) Media Forensics

Days at Location: TUWTH

Reading Materials: Required Text Book: Marjie T. Britz (2009). COMPUTER FORENSICS AND CYBER CRIME; ISBN-13: ; 2 nd

Case Study: Hiring a licensed Security Provider

Managing Applications, Services, Folders, and Libraries

2013 Boston Ediscovery Summit. Computer Forensics for the Legal Issue-Spotter

Overview of Computer Forensics

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

MSc Studies in Computing

Incident Response and Computer Forensics

Quick Start Guide. Version R91. English

Certified Cyber Security Analyst VS-1160

Acer erecovery Management

COMPUTER FORENSICS (EFFECTIVE ) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE CATE STUDENT REPORTING PROCEDURES MANUAL)

CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS

Affordable Excellence! School of Health Sciences Psychology.

Criminal Justice Courses

A Practical Approach for Evidence Gathering in Windows Environment

Digital Forensic Tool for Decision Making in Computer Security Domain

Course overview. CompTIA A+ Certification (Exam ) Official Study Guide (G188eng verdraft)

Certified Cyber Security Analyst VS-1160

Digital Forensics. Larry Daniel

Impact of Digital Forensics Training on Computer Incident Response Techniques

Spring Department of Marketing & Information Systems Richard J. Wehle School of Business Canisius College

Hands-On How-To Computer Forensics Training

Computer Forensics and Security Management (MSCFSM)

Design and Implementation of Digital Forensics Labs:

Security+ P a g e 1 of 5. 5-Day Instructor Led Course

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers

QUICK RECOVERY FOR RAID

Course outline. Code: ENG706 Title: Planning for Project Management

Computer Hacking Forensic Investigator v8

Digital Forensics, ediscovery and Electronic Evidence

ISO IEC ( ) TRANSLATED INTO PLAIN ENGLISH

Criminal Justice - Law Enforcement

Information Security Specialist Training on the Basis of ISO/IEC 27002

Computer Forensics US-CERT

CSSIA CompTIA Security+ Domain. Network Security. Network Security. Network Security. Network Security. Network Security

Table of Contents. Introduction. Audience. At Course Completion

User Manual. Copyright Rogev LTD

Open Source Security Tools for Information Technology Professionals

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Community College of Philadelphia Department of Biology Forensic Biology Syllabus

Security and Computer Forensics ITP 477 (4 Units)

Transcription:

Computer Forensics introduction part A Dr. Magdalena Szeżyńska, CISA Institute of Electronic Systems WUT m.szezynska@elka.pw.edu.pl Summer 2016

Digital Forensic Investigation Concepts A digital investigation is a process to answer questions about digital states and events. A digital forensic investigation is a special case of a digital investigation where the procedures and techniques that are used will allow the results to be entered into a court of law. Brian Carrier http://www.digital-evidence.org/di_basics.html 2

Computer Forensics Forensics Computing Computer forensics is the process of identifying, preserving, analysing and presenting digital evidence in a manner that is legally acceptable. R. McKemmish 'What is Forensic Computing?' (Australian Institute of Criminology, 1999) 3

Course Objective To deliver baselines (practical, bottom-oriented knowledge) of sound computer forensics practices enabling information technology and information security professionals to ensure the overall integrity and survivability of their IT infrastructure. Actually one needs many years of training and practice to become a computer forensics specialist. You are going to get here an introduction to CF and some guidance about what to study next. 4

Course Description - Lectures Introduction to baselines of computer forensics definitions, needs, requirements, legal and ethical aspects; investigation phases preparations and start of an investigation, case study, analysis of evidence, documentation. Computer forensics as a part of information (systems) security controls information security incident response, legal and regulatory aspects, successful investigations, forensic analysis. The discovery, recovery, preservation, analysis and control of electronic evidence, presentation standards. 5

Course Description - Lectures Tools of trade (TCT, Sleuthkit, Autopsy, CF-oriented Linux distributions, solutions for other platforms, commercial tools, ediscovery). Virtualization and computer forensics. Booting processes, start disks, boot sectors and partitions, system loaders and managers, preparing and using bootable CD/DVD and USB images. File systems specifications, data structures, investigation techniques. 6

Course Description - Lectures Identifying data types, reconstruction and analysis of files and data areas in search of evidence, interpretation of system and application logs, proving break-ins. Mobile device forensics. Investigation of live systems and network data flows, searching for evidence on the Internet. Case studies. 7

Course Description - Labs Tutorial: getting familiar with the lab environment, recovering files from a formatted and/or reused thumb drive image emphasis on documentation. Making and analyzing an image of a FAT file system partition and recovering hidden data from it questions and answers. Analyzing an image of an NTFS file system partition and recovering hidden data from it, using Linux- and Windowsbased tools reconstructing timelines. 8

Course Description - Labs Two of four: Performing post-intrusion analysis of a Linux system (based on known source images and solutions). Analyzing a feature mobile phone (based on known source images and solutions). Analyzing Windows 7 everything is in the Registry. Searching for sources of evidence regarding Internet-based criminal activities, e.g. an operation of an Internet investment service (HYIP type). 9

Assessment Method Lectures: Two closed notes tests in the middle and at the end of the semester (25 points each). 3 extra points for attendance at lectures (roll-call at random 3 times during the semester). Labs: Five 3-hour labs starting with 10-minute short test, then strictly individual work with emphasis put on documentation. 5 x 10 points to earn. 10

Assessment Method No retakes. No requirement to pass lecture tests and labs separately. Final score: Points earned for tests and labs sum up, more than 50 points required to pass, linear grade scale (up to 60 points for 3, up to 70 points for 3,5 etc.) 11

ECTS Credits Contact hours 45 h: lectures 30 h labs 15 h Private learning: labs 20 h Office hours 2 h Private learning: studying literature 15 h Private learning: preparation for tests/exams 20 h Total: 102 h == 4 ECTS credits. Informatyka śledcza - w01a - informacje wstępne 12

Course Page Learning materials, announcements etc. will be published at the CF course page: http://staff.elka.pw.edu.pl/~mszezyns/cf/index.html Recommended software: http://staff.elka.pw.edu.pl/~mszezyns/cf/tools.html Books and guides: http://staff.elka.pw.edu.pl/~mszezyns/cf/books.html Access to learning materials will require authentication. Individual user names and passwords will be issued to each student after they send an introductory e-mail to m.szezynska@elka.pw.edu.pl from their official address (@mini). 13

Who s Who Magdalena Szeżyńska, PhD, CISA specialization: electronics and computer engineering, cryptography, information security, information systems audit and control, computer forensics, course coordination, lectures, office hours: Tue. 12:30-1:30 p.m. or by appointment, room 249GE, e-mail: m.szezynska@elka.pw.edu.pl 14

Who s Who Krzysztof Gołofit, PhD (Eng), MSc specialization: electronics and computer engineering, cryptography, information security, information systems audit, computer forensics, work and organizational psychology, labs, support, office hours: by appointment, room 249GE, e-mail: k.golofit@elka.pw.edu.pl 15

Communication Please write to the official e-mail addresses of the teachers m.szezynska@elka.pw.edu.pl and k.golofit@elka.pw.edu.pl (no alternatives shall be read and/or answered). E-mails coming from addresses in the pw.edu.pl domain will be answered as soon as possible. E-mails coming from elsewhere will be answered sporadically (if ever). 16

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information