1 / 20

Intro to Cyber Crime and Computer Forensics CS 4273/6273 August 18, 2004

Intro to Cyber Crime and Computer Forensics CS 4273/6273 August 18, 2004. MISSISSIPPI STATE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE. Instructors. Dr. Dave Dampier, Butler 300, 325-8923, dampier@cs.msstate.edu , Ofc Hrs: By Appointment With Assistance from: Dr. Peter Wood

leone
Download Presentation

Intro to Cyber Crime and Computer Forensics CS 4273/6273 August 18, 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Intro to Cyber Crime and Computer Forensics CS 4273/6273 August 18, 2004 MISSISSIPPI STATE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

  2. Instructors Dr. Dave Dampier, Butler 300, 325-8923, dampier@cs.msstate.edu, Ofc Hrs: By Appointment With Assistance from: Dr. Peter Wood Dr. Kent Kerley Various other guest lecturers

  3. Textbook • Required: • Computer Forensics: Incident Response Essentials, by Warren Kruse and Jay Heiser • Vacca John R., Computer Forensics: Computer Crime Scene Investigation, Charles River Media, 2002 • Other material may be provided during the semester to read as well.

  4. Academic Honesty • You are expected to do your own work on any homework assignments and on examinations, unless otherwise instructed. The Department's academic honesty policy applies to this class and can be accessed on the computer science web page at http://www.cse.msstate.edu/academics/honesty.html.

  5. Course Requirements • Class Attendance and Participation • 10 % of grade • Assigned Readings – Required • Pop quizzes may be given at any time to check • Will impact participation grade. • Homework – Required almost weekly • Fridays • 20% of grade

  6. Course Requirements (cont.) • Quizzes (3) • Cover material not tested to date • 10% of grade • No makeups will be given • Excused absences will be made up using a method acceptable to the professor • Unexcused absences will result in 0 for that quiz. • Midterm – Comprehensive • 20% of grade • Final – Comprehensive • 20% of grade

  7. Course Requirements (cont.) • Undergraduate Term Paper • Assessment of some research area related to course work. • 3 to 5 pages • 20% of grade • Graduate Research Paper • Scholarly Work – Publication Quality • 7 to 10 pages • Evidence of independent research and understanding required. • 20% of grade

  8. What is Forensics? • Forensics is the application of scientific techniques of investigation to the problem of finding, preserving and exploiting evidence to establish an evidentiary basis for arguing about facts in court cases

  9. What is Computer Forensics? • Computer forensics is forensics applied to information stored or transported on computers • It “Involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis” • Procedures are followed, but flexibility is expected and encouraged, because the unusual will be encountered.

  10. What is Computer Crime? • Two categories of computer crime: • Computer used to conduct the crime • Child Pornography/Exploitation • Threatening letters • Fraud • Embezzlement • Theft of intellectual property • Computer is the target of the crime • Incident Response • Security Breach

  11. What is evidence? • Bytes • Files • Present • Deleted • Encrypted • Fragments of Files • Words • Sentences • Paragraphs

  12. Where do we find it? • Storage Media • Hard Disks • Floppy Disks • CDs, Zip disks, tapes, etc. • RAM • Log Files

  13. What do we do with it? • Acquire the evidence without altering or damaging the original. • Authenticate that your recovered evidence is the same as the originally seized data. • Analyze the data without modifying it.

  14. Acquire the evidence • How do we seize the computer? • How do we handle computer evidence? • What is chain of custody? • Evidence collection • Evidence Identification • Transportation • Storage • Documenting the Investigation

  15. Authenticate the Evidence • Prove that the evidence is indeed what the criminal left behind. • Readable text or pictures don’t magically appear at random. • Calculate a hash value for the data • CRC • MD5

  16. Analysis • Always work from an image of the evidence and never from the original. • Prevent damage to the evidence • Make two backups of the evidence in most cases. • Analyze everything, you may need clues from something seemingly unrelated.

  17. Analysis (cont.) • Existing Files • mislabeled • Deleted Files • Show up in directory listing with  in place of first letter • “Dave.txt” appears as “ ave.txt” • Free Space • Slack Space • Swap Space

  18. Schedule • Introduction to Cyber Crime and Forensics Kruse: Chapter 1 Vacca: Chapter 1 • Introduction to Cyber Crime and Forensics Kruse: Chapter 12 Vacca: Chapter 2 & 3 • Investigating Internet Clues Kruse: Chapter 2 Vacca: Chapter 11, 16, 17Quiz 1 • Structure of Storage Media Kruse: Chapter 3 Vacca: Chapter 4, 6 & 7 • Introduction to FAT File Systems Kruse: Chapter 8 • Data Recovery Kruse: Chapter 7 Vacca: Chapter 8, 9 & 10Quiz 2

  19. Schedule • Introduction to NTFS File Systems • Encryption/Decryption Kruse: Chapter 4 • Data Hiding/Steganography Kruse: Chapter 5 Midterm • Windows Based Investigative Software Kruse: Chapter 7 • Hostile Code Kruse: Chapter 6 • Introduction to Unix File Systems Kruse: Chapter 9Quiz 3 • Introduction to Network Forensics Kruse: Chapter 10Term Papers Due • Network Forensics Kruse: Chapter 11 • Criminal Justice Issues Vacca: Chapter 5 • Wrap up and Final Review

  20. ? ? ? ? ? Questions? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?

More Related