110 likes | 286 Views
Unit 4: Guide to Computer Forensics and Investigations CJ 317. Feed me , Seymour ! Little Shop of Horrors (1986) Dr. Joe Ciccone. Last Week – Questions – This week.
E N D
Unit 4: Guide to Computer Forensics and Investigations CJ 317 Feed me, Seymour! Little Shop of Horrors (1986) Dr. Joe Ciccone
Last Week – Questions – This week • How data is stored and managed on Microsoft operating systems (OSs). To become proficient in recovering data for computer investigations, you should understand file systems and their OSs, including legacy (MS-DOS, Windows 9x, and Windows Me, for example) and current OSs, such as Windows 2000, XP, and Vista. Virtual PC environment to further analyze Windows digital evidence.
Topics for the night • There are hardware and software forensics tools. There are forensic workstations, write blockers, and other devices that are needed. Since computer hardware is changing quickly as well, adapters are needed to access some drives. • In this seminar, we will discuss how one goes about selecting the hardware and software for a lab? How much do these items really cost?
Project – Review (due tomorrow) PART I • Case Project 6-2: • An employee suspects that his password has been compromised. He changed it two days ago, yet it seems that someone has used it again. Discuss what you think may be going on. • Develop a strategy to address the issue and provide the steps you would take to resolve the problem. • Use at least one outside research source including academic journals to support your view. • Don’t reinvent the wheel ? Meaning ?
Project Part II (COMBINE both) • Research two popular GUI tools: • Guidance Software EnCase • Access Data FTK • Compare their features to other products, such as: • ProDiscover www.techpathways.com Ontracks EasyRecover Professional www.ontrack.com/easyrecoveryprofessional Create a bar chart outlining each tool’s current capabilities. The chart should clearly indicate which software product you would recommend. • Discuss the features you would find most beneficial in creating your own lab. Use at least one outside research source including academic journals to support your view.
Video: Security Risks - Firewalls • Electronic forgery I.e. affixing of false digital signature, making false electronic record • Electronic forgery for the purpose of cheating • Electronic forgery for the purpose of harming reputation • Using a forged electronic record • Publication of digital signature certificate for fraudulent purpose • Offences and contravention by companies • Unauthorized access to protected system
Common Web Vulnerabilities • Password guessing • Proxies and man-in-the-middle attack • HTML comments • “Forgot password” implementations • Keystroke loggers • SQL injection • Command injection • URL manipulation
No Seminar Next Week – MIDTERM Project • Write a 3-5 page paper that addresses the following scenario: • For this project, you will play the role of a entrepreneur who is deciding what type of computer forensics company you will start or be the supervisor. • Based on what you have done so far, address the following concerns. • Describe the company • The type of work it does • What equipment is needed for the lab • What software you will need.
National Crime Information Center (NCIC)Codes • Enhanced Name Search: Uses the New York State Identification and Intelligence System (NYSIIS). Returns phonetically similar names (e.g. Marko, Marco or Knowles, Nowles or derivatives of names such as William,Willie, Bill). • Fingerprint Searches: Stores and searches the right index fingerprint. Search inquiries compare the print to all fingerprint data on file (wanted persons and missing persons). • Probation/Parole: Convicted Persons or Supervised Release File contains records of subjects under supervised release. • Online Manuals: State Control Terminal Agencies (CTAs) can download manuals and make them available to users on-line. • Improved Data Quality: Point-of-entry checks for errors; validates that data is entered correctly (e.g., VINs); checks that data is entered in all mandatory fields; links text and image information; and expands miscellaneous fields. • Information Linking: Connects two or more records so that an inquiry on one retrieves the other record(s). • Mugshots: One mugshot per person record may be entered in NCIC 2000. One fingerprint, one signature, and up to 10 other identifying images (scars, marks, tattoos) may also be entered. • Other Images: One identifying image for each entry in the following files: Article, Vehicle, Boat, Vehicle or Boat Part. A file of generic images (e.g., a picture of a 1989 Ford Mustang) is maintained in the system • Convicted Sex Offender Registry: Contains records of individuals who are convicted sexual offenders or violent sexual predators. • SENTRY File: An index of individuals incarcerated in the federal prison system. Response provides descriptive information and location of prison. • Delayed Inquiry: Every record entered or modified is checked against the inquiry log. Provides the entering and inquiring agency with a response if any other agency inquired on the subject in the last five days. • On-line Ad-hoc Inquiry: A flexible technique that allows users to search the active databases and access the system’s historical data.
Questions • Grade UPDATE - how are you doing now? • Your Concerns? - DARE Officer Ciccone