COEN 152 Computer Forensics Introduction to Computer Forensics
- Slides: 13
COEN 152 Computer Forensics Introduction to Computer Forensics Thomas Schwarz, S. J. 2006
Computer Forensics n Digital Investigation n Focuses on a digital device n n n Computer Router Switch Cell-phone SIM-card …
Computer Forensics n Digital Investigation n Focuses on a digital device involved in an incident or crime n n Computer intrusion Generic criminal activity n n Perpetrator uses internet to gather information used in the perpetration of a crime. Digital device is an instrument of a crime n n Perpetrator uses cell-phone to set-off a bomb. n Details are sensitive to natural security. If you get clearance, I can tell you who to ask. Email scams Internet auction fraud Computer is used for intrusion of another system.
Computer Forensics n Digital Investigation n Has different goals n Prevention of further intrusions. n n Assessment of damage. n n Goal is to reconstruct modus operandi of intruder to prevent further intrusions. Goal is to certify system for safe use. Reconstruction of an incident. n n For criminal proceedings. For organization-internal proceedings.
Computer Forensics n Digital Investigation n Process where we develop and test hypotheses that answer questions about digital events. n We can use an adaptation of the scientific method where we establish hypotheses based on findings and then (if possible) test our hypotheses against findings resulting from additional investigations.
Computer Forensics n Evidence n Procedural notion n n That on what our findings are based. Legal notion n Defined by the “rules of evidence” n n Differ by legislation “Hear-say” is procedurally evidence, but excluded (under many circumstances) as legal evidence.
Computer Forensics n Used in the “forum”, especially for judicial proceedings. n Definition: legal
Computer Forensics n Digital Crime Scene Investigation Process n n n System Preservation Phase Evidence Searching Phase Event Reconstruction Phase n Note: n These phases are different activities that intermingle.
Computer Forensics n Who should know about Computer Forensics n Those involved in legal proceedings that might use digital evidence n n Judges, Prosecutors, Attorneys, Law Enforcement, Expert Witnesses Those involved in Systems Administration n Systems Administrators, Network Administrators, Security Officers Those writing procedures Managers
Computer Forensics n Computer Forensics presupposes skills in n Ethics Law, especially rules of evidence System and network administration n Digital data presentation n n Systems n n n OS, especially file systems. Hardware, especially disk drives, memory systems, computer architecture, … Networking n n Number and character representation Network protocols, Intrusion detection, … Information Systems Management
COEN 252 Prerequisites n Required: n n n Good moral character. Ability and willingness to respect ethical boundaries. Familiarity with at least one type of operating system. (Windows, Unix/Linux, DOS experience preferred. ) Some programming. Access to a computer with Hex editor. Desired: n n n Familiarity with OS Theory. Familiarity with Networking. Some Knowledge of U. S. Legal System.
COEN 252 Text Books n SKOUDIS, E. , Zeltser, L. : Malware: Fighting Malicious Code. . Prentice Hall Professional Technical Reference. 2004. n n Second edition about to appear. MANDIA, K. , PROSISE, C. , PEPE, M. Incident Response & Computer Forensics. 2 nd edition. Osbourne. Mc. Graw Hill, 2003.
COEN 252 Grading n n n Written Final (20%) (No collaboration. ) Practical Final (35%, due day of the final) (No collaboration. ) Ethics Case (5%, due day of the final) (No collaboration. ) Laboratories & Homeworks (30%) (Limited collaboration. ) Class Project (10%) Groups. This class is subject to the School of Engineering's Honor code. Disability Accommodation Policy: To request academic accommodations for a disability, students must contact Disability Resources located in the Drahmann Center in Benson, Room 214 (Tel. : 554 -4111, TTY 554 -5445). Students must provide documentation of a disability to Disability Resources prior to receiving accommodations. You should take the PERL courses offered by the Sun Academic Alliance. You can find instructions at ~tschwarz/ Homepage/ Sun. Academic. Alliance. Instructions. html