Design and Implementation of Digital Forensics Labs:

Similar documents
EC-Council Ethical Hacking and Countermeasures

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Hands-On How-To Computer Forensics Training

Minnesota State Community and Technical College Detroit Lakes Campus

Computer Forensics and Investigations Duration: 5 Days Courseware: CT

To Catch a Thief: Computer Forensics in the Classroom

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Information Technologies and Fraud

Chapter 7 Securing Information Systems

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Computer Hacking Forensic Investigator v8

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

Scene of the Cybercrime Second Edition. Michael Cross

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner

InfoSec Academy Forensics Track

Certified Digital Forensics Examiner

How To Get A Computer Hacking Program

CYBER FORENSICS (W/LAB) Course Syllabus

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

CERTIFIED DIGITAL FORENSICS EXAMINER

TEACHING COMPUTER SECURITY WITH A HANDS-ON COMPONENT

To Catch a Thief II: Computer Forensics in the Classroom

information security and its Describe what drives the need for information security.

Digital evidence obfuscation: recovery techniques

COMPUTER FORENSICS (EFFECTIVE ) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE CATE STUDENT REPORTING PROCEDURES MANUAL)

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)

MASTER OF SCIENCE IN INFORMATION ASSURANCE PROGRAM DEPARTMENT OF COMPUTER SCIENCE HAMPTON UNIVERSITY

Legal Framework to Combat Cyber Crimes in the Region: Qatar as a Model. Judge Dr. Ehab Elsonbaty Cyber Crime expert ehabelsonbaty@hotmail.

MSc Computer Security and Forensics. Examinations for / Semester 1

Course Title: Computer Forensic Specialist: Data and Image Files

Computer Forensic Tools. Stefan Hager

CYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad.

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Computer and Information Science

Impact of Digital Forensics Training on Computer Incident Response Techniques

Where is computer forensics used?

ITU Session Four: Device Imaging And Analysis. Mounir Kamal Q-CERT

The Role of Digital Forensics within a Corporate Organization

Computer Information Technology

CTC 328: Computer Forensics

Forensics Book 2: Investigating Hard Disk and File and Operating Systems. Chapter 5: Windows Forensics II

What is Digital Forensics?

RE: School of Computer Forensic Investigation, Class 7, Eastern Michigan University

Digital Forensic Techniques

NORTH CAROLINA COMMUNITY COLLEGE SYSTEM H. Martin Lancaster, President

Table of Contents. Introduction. Audience. At Course Completion

Implementing a Microsoft SQL Server 2005 Database

Computer Forensics introduction part A

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Authority: State Trooper - Pennsylvania State Police United States Marshall Special Deputy

Information Systems Security Certificate Program

Open Source Security Tools for Information Technology Professionals

Forensically Determining the Presence and Use of Virtual Machines in Windows 7

Analyzing Huge Data Sets in Forensic Investigations

Cloud Forensics. 175 Lakeside Ave, Room 300A Phone: 802/ Fax: 802/

Course Syllabus. Maintaining a Microsoft SQL Server 2005 Database. At Course Completion

50331D Windows 7, Enterprise Desktop Support Technician (Windows 10 Curriculum)

Promoting Digital Forensics Awareness through the University of Alaska Fairbanks ASSERT Center

Large Scale Cloud Forensics

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

Getting Physical with the Digital Investigation Process

Certified Digital Forensics Examiner (CDFE)

A Practical Approach for Evidence Gathering in Windows Environment

Master of Science in Information Systems & Security Management. Courses Descriptions

Comparing and Contrasting Windows and Linux Forensics. Zlatko Jovanovic. International Academy of Design and Technology

MS Configure and Troubleshoot Identity Access Solutions with Windows Server 2008 Active Directory

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Modern Digital Forensics!!

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

TRACING VNC AND RDP PROTOCOL ARTEFACTS ON WINDOWS MOBILE AND WINDOWS SMARTPHONE FOR FORENSIC PURPOSE

CRIMINAL JUSTICE CERTIFICATE

ITM 642: Digital Forensics Sanjay Goel School of Business University at Albany, State University of New York

A White Paper from AccessData Group. Cerberus. Malware Triage and Analysis

Certified Cyber Security Analyst VS-1160

State of the art of Digital Forensic Techniques

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

How To Read Memory Chips From A Cell Phone Or Memory Chip

Computer Security Courses/Programs

Digital Identity & Authentication Directions Biometric Applications Who is doing what? Academia, Industry, Government

TOPICS IN COMPUTER SECURITY

Incident Response and Computer Forensics

Transcription:

Design and Implementation of Digital Forensics Labs: A Case Study for Teaching Digital Forensics to Undergraduate Students Hongmei Chi, Christy Chatmon, Edward Jones, and Deidre Evans Computer and Information Sciences Department Florida Agricultural & Mechanical University 1

Overview IA at FAMU-CIS Our approach to teaching digital forensics Student responses Conclusions/Future Works Questions 2

Introduction 90% of current crimes involve computers in some way Computer criminals/violators leave a lot of clues & digital evidence An employee is suspected of violating a company s Internet-usage A hard disk is found in the house of a suspected terrorist Abnormal logs are observed on a server a security breach is suspected A person is suspected of a murder or kidnapping 3

Introduction What is Digital Forensics? The application of computer investigation and analysis techniques in the interests of determining potential legal evidence Capturing and Classifying digital evidence Increased need for computer forensics professionals and technicians growth in digital forensics education & training 4

Introduction FAMU: 13,000 students with 95% being African- American FAMU CIS: 300 undergrads and 30 graduate students enrolled in Department of Computer and Information Sciences 5

IA at FAMU-CIS Positive track record in Information Assurance Education (IAE) Three-course undergraduate IA curriculum track certified by NSA and CNSS training standards NSTISSI 4011 (INFOSEC Professional) [2005-11] NSTISSI 4014 (Information Systems Security Officer EL) [2005-08] NSTISSI 4012 (Senior Systems Manager) [Preparing for Review] 6

IA at FAMU-CIS FAMU s CIS positive track record in IAE IA Courses CIS 4360: Intro to Computer Security CNT 4406: Network Security & Cryptography CIS 4361: Applied Security CIS 4364: Digital Forensics Year 2004 2005 2006 2007 2008 2009 Total 30 24 44 30 18 27 173 17 22 31 11 16 11 108 N/A 38 21 40 17 15 131 N/A N/A N/A 12 16 17 45 Certificates Awarded N/A 5 10 29 7 6 57 7

IA at FAMU-CIS Stand-Alone Security Lab 8

Our Approach to teaching DF Skills needed for DF Professionals: Legal Procedures & Laws of Evidence Investigative Techniques Computer Technology Audience for our DF Course Computer Science majors Criminal Justice majors Local law enforcement 9

Our Approach to teaching DF Course accommodations for non-cis majors: (Lectures) introduce relevant computing concepts & terminology (Hands-on Labs) apply computing concepts directly to tasks related to digital forensics 10

Our Approach to teaching DF (2) types of hands-on lab assignments: Windows-based labs (Introductory) To prepare those students with less computing knowledge & experience Windows and Linux based labs (Advanced Topics) Blended lab student teams (CJ & CIS) To ensure that teams have subject matter expertise & technical knowledge To facilitate exchange of knowledge 11

Our Approach to teaching DF Labs are designed to expose students to: Evidence Identification Preservation Extraction Documentation Interpretation Labs cover four aspects of investigations: Email investigation Web activities investigation Window registry investigation Live and memory investigation 12

Our Approach to teaching DF Teaching DF: Challenge #1 Commercial DF tools are expensive Average cost - $3,000 to $5,000 per license Solution: Open source & freeware forensics tools 13

Our Approach to teaching DF Tool: Cain Abel SAMinside John The Ripper Camouflage Helix Sleuth Features: Password recovery for Windows Password recovery for Windows Password recovery for Windows and Linux Digital steganography Imager; Password recovery; Cookie viewer; Internet history viewer; Register viewer; File recovery; Protected storage viewer; Scan for pictures Create timeline of file activity; Sorts files based on file type; Performs extension checking and hash database lookups; Analyze image partition structures process data units at content location 14

Our Approach to teaching DF WinHex Log Parser Tool: Paraben Demo AccessData Forensic Toolkit (FTK) Features: Disk editor; Data recovery; Analyze and compare files; Disk cloning; Drive and file wiper; Encryption View event log; View the registry; Use queries to retrieve valuable information from data Cell phone forensics; Email investigation Imager; Registry viewer; Password recovery; Query searching; Data carving; Integrated viewers and media player to view any set of data 15

Our Approach to teaching DF Teaching DF: Challenge #2 Finding real data for students to practice their skills Solution: Honeynet project (http://www.honeynet.org/challenges) Deploy honeynets all around the world, capture attacks in the wild, analyze this information and share finings Three types of challenges offered: Scan of the Month Challenges The Reverse Challenge The Forensic Challenge New case studies posted often (no longer updated monthly) Useful to help security community develop forensic and analysis skills to decode real attacks 16

Our Approach to teaching DF Scan24 challenge case study: (example) Scenario: Joe Jacabs, 28, was arrested yesterday on charges of selling illegal drugs to high school students. Local police officer posed as a student at Smith Hill High School and was approached by Joe to purchase marijuana. Jacobs has denied selling drugs at any other school and refuses to provide police with the name of his supplier/producer. http://old.honeynet.org/scans/scan24/report.txt 17

Our Approach to teaching DF Scan24 challenge case study: (example) Student task: The police have imaged the suspect s disk and have provided you (the student) with a copy. Examine the disk and provide answers to the following questions: Who is Joe Jacob s supplier of marijuana, and what is the address listed for the supplier? What crucial data are available within the coverpage.jpg file, and why is this data crucial? What (if any) other high schools besides Smith Hill High School does Joe Jacobs frequent? For each file, what processes were taken by the suspect to mask them from others? What processes did you (the investigator) use to successfully examine the entire contents of each file? (Bonus Question): What Microsoft program was used to create the Cover Page file? What is your proof (Proof is the key to getting this question right, not just guessing). 18

Student Responses Overall very positive responses Feedback from a few students: The labs use real-world cases. Solving these real challenge cases inspired me to work in a digital forensics related field in the future. The hands-on labs using FTK, Helix, and Slueth Tools and being able to act as investigator is very interesting. I would like to work as a digital forensics professional in the future. Student term project: Design a lab assignment using one or two open source tools. 19

Future Works Expand the design variations of our labs using the most popular forensics tools Explore other design approaches to ensure that the labs are adaptable to different levels of student expertise (non-major service course for the university) Develop a set of hands-on labs playing games/competitions using such environments as CyberCIEGE 20

Conclusion Hands-on labs were most useful to help students grasp difficult concepts and procedures, especially the non-majors Utilizing open-source tools & available real data to analyze, gave the students a rich experience and increased excitement about potentially pursuing an information security related profession 21

Questions? 22

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information