1 / 36

BACS 371 Computer Forensics

BACS 371 Computer Forensics. Jay M. Lightfoot, Ph.D., GCFA Spring 2014. Welcome!. Welcome to BACS 371—Computer Forensics. This course will likely be one of the most challenging (and interesting) courses of your degree program.

irene-leblanc
Download Presentation

BACS 371 Computer Forensics

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BACS 371 Computer Forensics Jay M. Lightfoot, Ph.D., GCFA Spring 2014

  2. Welcome! Welcome to BACS 371—Computer Forensics. This course will likely be one of the most challenging (and interesting) courses of your degree program. It is a mixture of law enforcement, technical computer science, and psychology.

  3. Computer Forensics… … involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and/or root cause analysis.1 1Kruse & Heiser, Computer Forensics: Incident Response Essentials, Lucent Technologies, 2002

  4. Computer Crime in Pop Culture

  5. Course Overview • Syllabus • Reading • Textbooks • Supplementary Articles • Grading • In-Class Assignments • Homework (papers, podcast write-ups, forensic problems, …) • Labs • Quizzes • Exams • Misc.

  6. In-Class work • Periodically I will assign relatively small projects that are intended to be done during class. • These will be due at the beginning of the next class period. • Often, you won’t finish the project during class, so despite the “in-class” name, you will sometimes need to work on them out of class also.

  7. Homework • Homework will periodically be assigned. • Homework problems are more elaborate than in-class work and generally take more time. • You will generally not be given class-time to work on homework. • It is due at the beginning of the period on the due date. • Most homework are “individual assignments.”

  8. Lab Projects • Lab projects are more elaborate than in-class work and normally take several days to complete. • Most lab projects will be “group projects”. • A group consists of 2 people. One project is turned in for the group and both members share the same grade. • It is up to you to make sure that each member understands the project well enough to answer questions on the test. • Off-hour lab access can be arranged via your Bear Card. • Some special hardware may be assigned to your group. You are responsible for keeping track of it and making sure that it is put up after use. • You will each need to have a USB flash drive (8GB or more). • Optionally, you may also want to purchase a 2.5 inch external drive (80 GB minimum).

  9. Quizzes • Quizzes are short, unannounced “tests” that are given over recently covered material. • They are normally given at the beginning of class. • If you arrive late, you do not have extra time to complete them. • There are no make-up quizzes (but I do drop the lowest quiz grade). • They are intended to help you know areas that you need to study prior to the tests.

  10. Examinations • There are 3 examinations in this course. • The first 2 are worth 15% of your grade and the 3rd (i.e., the “final”) is worth 25%. • The final is comprehensive. The first 2 examinations only cover the new material (to the extent possible). • There are rules that allow you to make up one of the first 2 examinations; but you cannot make up the final. (See syllabus for details).

  11. Course Expectations • This is a new field – help me create content for the semester! • Work hard, read all assignments, look for alternative sources of information • Ask Questions!!Be Curious! Be sure you understand as you go. • Fast pace! • Somewhat obscure material! (sorry, but it is) • Learn from your classmates • When you learn new things, Teach the rest of us!

  12. Create a Course Binder • Reading • Supplementary Articles • Notes distributed during class • Assignments • In-Class Activities • Labs • Homework Assignments • Presentation Slides • Class Notes • Document templates • Chain of custody • Evidence gathering notes • etc. • Other References

  13. Internet Crime Complaint Center2012 Internet Fraud Crime Report (latest available) • Internet Fraud Complaint Center (IFCC) began operation May 8, 2000 • Partnership between National White Collar Crime Center (NW3C) and the Federal Bureau of Investigation (FBI) • Vehicle to receive, develop, and refer criminal complaints in cyber crime • Renamed Internet Computer Crime Complaint Center (IC3) on December 1, 2003 http://www.ic3.gov • Data from January 1, 2011 – December 31, 2012 • 289,874 complaints received for $525,444,110 (8.3% $ increase over 2011) • 114,908 of these involved a monetary loss • Average dollar loss: $4,573 Top 5 reported loss categories (as of 2011 report): • FBI-Relates scams: 35,764 • Advanced fee fraud: 27,892 • Identity theft: 28,915 • Non-Auction, Non-delivery of merchandise: 22,404 • Overpayment fraud: 18,511

  14. Yearly Dollar Loss Trend

  15. FBI Computer Forensics Lab in Colorado http://www.rcfl.gov/ http://www.rmrcfl.org/ CENTENNIAL, COLO. (AP) _ A NEW FORENSIC LABORATORY WILL OPEN NEXT MONTH TO HELP LAW ENFORCEMENT AUTHORITIES IN COLORADO AND WYOMING INVESTIGATE CRIMES INVOLVING TECHNOLOGY. ANALYSTS AT THE ROCKY MOUNTAIN REGIONAL COMPUTER FORENSIC LABORATORY IN CENTENNIAL CAN WORK WITH SEIZED COMPUTERS TO DREDGE UP DELETED FILES, SEE WHAT WEB SITES HAVE BEEN DISPLAYED AND FIND E-MAIL MESSAGES. DENVER (AP) _ THE NUMBER OF INCIDENTS INVOLVING NURSES AND OTHER MEDICAL PROFESSIONALS STEALING DRUGS MEANT FOR PATIENTS IS GROWING -- DESPITE TECHNOLOGY IN NARCOTICS DISPENSERS THAT MAKES THAT INCREASINGLY DIFFICULT. STATE OFFICIALS SAYS THERE WERE 76 CASES OF ``DIVERTED DRUGS'' IN COLORADO'S HOSPITALS THIS FISCAL YEAR -- ALMOST TRIPLE THE 26 reported in FISCAL YEAR 2001.

  16. 16 Regional Forensic Labs

  17. RCFL Statistics - 2012

  18. http://www.rcfl.gov/

  19. http://www.rmrcfl.org/

  20. http://www.ic3.gov/default.aspx

  21. Famous Cases with Forensic Links • Enron • BTK Killer • Chandra Levy • Wikileaks • Times Square bomber • . . .

  22. Laws and Statues Coverage • Regarding Computer Crime • Regarding Collection of Digital Evidence • Regarding Handling of Digital Evidence • Regarding Disposition & Analysis of Digital Evidence • Regarding Privacy

  23. Computer Basics • Hardware • CPU/Motherboard • Hard Drive • Removable Drives • Networking (minimal coverage) • Software • Operating Systems (DOS/Windows/UNIX) • File Systems (FAT32/NTFS/EXT3) • Applications (MS Word, Adobe, Outlook, …)

  24. Computer Forensic Methods • Active Data • Data intentionally remaining on the computer • Data hidden in plain sight • Latent Data • Data unintentionally remaining on the computer • Data recoverable by forensic methods • Live vs. Dead analysis

  25. Forensic Tools - WinHex

  26. Forensic Tools – Directory Snoop

  27. Forensic Tools – FTK Imager

  28. BACS 371 Will Not Cover • Network Forensics • File Systems other than FAT/NTFS • E.g.: no Mac, DVD, CD • Malware • E.g.: Viruses, Trojan Horses, Spyware, … • Prevention • Advanced Data Hiding • Breaking Password Protection • Encrypted Files • Compressed Files • Steganography

  29. Computer Forensics Certifications

  30. Careers in Computer Forensics • Law Enforcement • Criminal Investigation • Corporate Computer Security • DoD/Military/Government • Information Technology • Consulting Firms • Expert Witness

  31. Computer Forensics Job Trends

  32. Computer Forensics Salary Average

  33. Characteristics of a Good Cyber Investigator1 • Excellent observation skills • Good memory • Organization skills • Documentation skills • Objectivity • Knowledge • Ability to think like a criminal • Intellectually controlled constructive imagination • Curiosity • Stamina • Patience • Love of learning 1Scene of the Cybercrime, Shinder & Tittel, p.136

  34. Plus1… • A basic knowledge of computer science • An understanding of computer networking protocols • Knowledge of computer jargon • An understanding of hacker culture • Knowledge of computer and networking security issues • Knowledge of computer file systems (FAT, FAT32, NTFS, Ext2, etc) 1Scene of the Cybercrime, Shinder & Tittel, p.136

  35. The Perfect Forensics Candidate1 • Strong Computer Skills • Investigative Background • Understanding of state and federal statutes relating to the collection and preservation of evidentiary data • Understanding of criminal statues • High ethical and moral standards 1The Perfect Forensics Candidate,Computerworld, January 14, 2002, http://www.computerworld/com/printthis/2002/0,4814,67228,00.html

More Related