220 likes | 478 Views
IST 454 Computer and Cyber Forensics. Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides developed by Prof. Chao-Hsien Chu). Theory Practice. Learning by Doing.
E N D
IST 454 Computer and Cyber Forensics Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides developed by Prof. Chao-Hsien Chu) Theory Practice Learning by Doing
The Needs for Digital Forensics • Incident handling • Identifying policy violations. • Auditing. • Investigating crimes. • Reconstructing computer security incidents. • Troubleshooting operational problems. • Log monitoring. • Recovering from accidental system damage. • Acquiring and retaining data for future use. • Exercising due diligence / regulatory compliance. • …
Personnel Security Physical and Environmental Security Procurement Regulatory and Standards Risk Management Strategic Management System and Application Security Data Security Digital Forensics Enterprise Continuity Incident Management IT Security Training and Awareness IT Systems Operations and Maintenance Network Security and Telecommunications IT Security EBK: 14 Competency Areas
Knowledge and Skills Needed • Critical thinking and judgment. 69% • Communications (verbal and written). 68% • Technical knowledge. 66% • Teamwork and collaboration. 52% • Ability to lead change. 52% • Business knowledge/acumen. 40% • Cross functional influence. 35% • Influence. 33% • Facilitation. 24% • Mentoring and coaching. 19% • Strategic business planning. 22% • Industry participation. 13% SANS Institute 2005 Survey
IST 451: Network Security IST 452: Legal & Regulatory Issues IST 453: Computer Forensics Law IST 454: Computer & Cyber Forensics IST 456: Security & Risk Management SRA 111: Security & Risk Analysis SRA 211:Threats of Crime & Terrorism SRA 221: Overview of Information Security SRA 231: Decision Theory SRA 311: Risk Management SRA 472: Integration of Privacy & Security SRA 468: Visual Analytics for Intelligence & Security Defense In Depth of Security Feedback Prediction Prevention Detection Forensics Response • Qualitative models • Quantitative models • … • Policy/Regulation • Firewall/DMZ • Access Control/VPN • … • Scanner • IDS • Data mining • … • Computer crime • Economic crime • Policies violation • … • Plans • Risk analysis • … SRA 111 SRA 211 SRA 231 SRA 468 IST 452 SRA 221 IST 453 SRA 311 SRA 472 IST 451 IST 454 IST 456
SRA Core Curriculum Information, People & Technology 111 Intro Security & Risk Analysis 200 Statistics 110 221 Overview of Information Security 211 Threat of Terrorism & Crime 231 Decision Theory & Analysis (Vulnerabilities) (Techniques) (Modeling, Analysis) (Problem Solving) (Threats) Legal, Ethical, and Regulatory Issues Risk Management: Assessment & Mitigation 432 311 International Culture Foreign Language Emergency Planning Crisis Management Internship, Guest, & field Experience 440
Intro People, Information & Tech Intro Security & Risk Analysis Statistics Intro Overview of Information Security Threat of Terrorism & Crime Decision Theory & Analysis Core Core Junior Networking & Telecommunications Legal, Ethical, and Regulatory Issues Risk Management: Assessment & Mitigation Network Security Computer & Cyber Forensics Security & Risk Management Option (Elective) (Elective) (Elective) Support International Culture Foreign Language Emergency Planning Crisis Management Internship, Guest, & field Experience Capstone SRA Major - Cyber Security Option
IST 110: Intro People, Information & Tech SRA 111: Intro Security &Risk Analysis Stat 200: Statistics Intro SRA 221: Overview of Information Security SRA 211: Threat of Terrorism& Crime SRA 231: Decision Theory& Analysis Core Risk Management IST 452: Legal, Ethical, & Regulatory Issues SRA 311: Risk Mgmt: Assessment & Mitigation IST 220: Networking & Telecommunications IST 453: Cyber Forensics Laws IST 456: Security & Risk Management Cyber Security Digital Forensics Electives (6 cr.) IST 451: Network Security IST 454: Computer & Cyber Forensics IST 402: Wireless Design & Security SRA Minor (21 cr.)
Dr. Hank Foleys, Dean College of Information Sciences and Technology Dr. Chao H. Chu, Executive Director Center for Information Assurance Certificate of Accomplishment The Center for Information Assurance at the Pennsylvania State University, through its curricula, certify that Your Name Here has acquired the knowledge and skills that meet the National Training Standard NSTISSI-4011 for the Information Systems Security (INFOSEC) Professionals, established by the Committee on National Security Systems (CNSS) and the National Security Agency (NSA), on December 2005
IST 454 focuses on computer and cyber forensics. Students will learn different aspects of computer and cyber crime and ways in which to uncover, protect, exploit, and document digital evidence. Students will be exposed to different types of tools (both software and hardware), techniques and procedure, and be able to use them to perform rudimentary forensic investigations.
Course Objectives • Understand the different aspects of computer and cyber crime. • Understand the basic concepts and issues of computer forensics • Understand what tools and techniques to use in computer and cyber crime investigations • Perform basic computer and cyber forensic investigations • Understand the documentation need in performing forensic investigations
Terminology • Computer Forensics • Computer and Network Forensics • Computer and Cyber Forensics • Cyber Forensics • Digital Forensics • Digital Forensic Sciences • Forensic Sciences
Overview • Digital / Computer / Cyber Forensics • Context of Computer Forensics • Knowledge and Skills Needed 18 Readings Search, Seizure & Investigation • Data Acquisition – Imaging / Tools • Data Authentication / Tools • Data Search & Analysis / Tools • Forensic Policies and Procedures 11 Quizzes / Assignments Media & File Systems Analysis • Operating Systems / File Structure • Investigating Window Systems • Investigating Linux Systems • Data Hiding Techniques / Steganography 1-3 Guess Lectures Modules Web / Internet Forensics • Overview of Web Forensics • Spam, Phishing, E-mail Tracing • PDA Forensics 8 Hands-on Exercises Network & Malware Forensics • Intrusion Detection • Honeynet / Network Monitoring • Worm Forensics Term Project: Report & Presentation Legal & Criminal Justice Systems • Legal and Ethical Issues • Criminal Justice Systems • Expert Witness
Problem Solving Skills Interpersonal Skills Team Work Managerial Issues Programming Skills Information Technology Technical Issues Emerging Information Technologies Theory and Practice Practice Theory Hand-on Experience Learning By Doing
Learning By Doing I Hear and I Forget ! I see and I Remember ! I Do and I Understand ! Confucius (Kung Chiu) 5th - 6th Century, B. C. Chinese Philosopher
Albert Einstein Imagination is more important than Knowledge
? ? ? Learning Capability is more important than Knowledge
Teaching Philosophy and Principles • Bridging the gaps between theoryand practice • Learning by doing (hand-on experience) • Learning capability is more important than knowledge • Covering both technicaland managerial aspects