200 likes | 421 Views
Teaching Computer Forensics Using Student Developed Evidence Files. Anna Carlin Cal Poly Pomona. Agenda. What is Computer Forensics Trends in Computer Forensics Structure of a Computer Forensics Course Investigative Mindset Criminal Mindset Legal Aspects of Computer Forensics Ethics
E N D
Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona
Agenda • What is Computer Forensics • Trends in Computer Forensics • Structure of a Computer Forensics Course • Investigative Mindset • Criminal Mindset • Legal Aspects of Computer Forensics • Ethics • Highlights • Questions & Answers
What is Computer Forensics? • Application of computer investigation and analysis in the interests of determining potential legal evidence • Involves the identification, preservation, extraction, documentation, and interpretation of this digital evidence
Trends in Computer Forensics • Computer Information System/Information Technology • 95% or world’s information is being generated and stored in a digital form • Only about one-third of documentary evidence is printed out
Structure Of Course • Prerequisites • Textbooks Used • Group and Individual Projects • Lab Environment/Facility
Quarter System Class • Prerequisites • Cal Poly – Junior/Senior level in a career track • Textbooks • Guide to Computer Forensics from Course Technology • Recommended: Hacking Exposed: Computer Forensics Secrets and Solutions
Topics Covered • Applicable Laws • Processing Crime and Incident Scenes • Collecting Evidence • Recovering Evidence • Computer Forensic Tools • Documenting the Investigation • Communicating the Results
Cal Poly’s Computer Forensics Lab • Allows hands-on experience • Evidence lockers • 3 separate hard drives • Software available: • EnCase Enterprise version 5 • FTK • Open source products • Virtual PC
HexWorkshop Irfanview Paraben PC-Encrypt WinHex BitPim Stegdetect Additional Software
Group Project • The goals are to: • Follow a documented forensics investigation process • Identify relevant electronic evidence associated with various violations of specific laws • Identify probable cause to obtain a search warrant • Recognize the limits of search warrants • Locate and recover relevant electronic evidence • Maintain a chain of custody
Group Project Parts • Create the evidence • Pick a crime and identify the elements • Generate evidence to support that crime • Write and execute a search warrant • Analyzing the evidence seized • Maintain chain of custody • Analyze the digital medium for evidence • Document the process and findings • Presentation of findings
Group Projects Created • Bioterrorism of 80% of the world’s coconut supply on a fictitious island • A Da Vinci Code takeoff where the curator interrupts the robbery of the Mona Lisa and is killed in the process • Murder of a faculty member and where they are buried • Counterfeit Anaheim Angel playoff tickets
Individual Projects (Labs) • Acquiring an image for analysis • Recovering deleted data • Password and encryption methods • Images and steganography • Tracing emails • Email analysis • Cell phones • PDA
Investigative Mindset • Handling the Crime Scene • Ears, Eyes, Hands • Computer Evidence • Digital Evidence • Crime Scene investigation and boundaries • Searching and Collecting evidence • Do’s and Don’ts
Criminal Mindset • Identify Theft • Pornography • Sexual Harassment • Embezzlement • Mail- Hate- Gambling across States- Drug Trafficking- Images • Understanding anti-forensic techniques to hide evidence
Legal Aspects of Computer Forensics • Don’t commit a crime when manufacturing evidence • Verify the tools • Document everything
Ethics • Do your job • Remove any personal agendas you may have about the case/investigation • Knowing it and proving it are 2 different things • State the facts as you see them • It is not your job to be Judge and/or Jury • Ethical Hacking
Highlights • Professor in class challenges: • Time available after class for lab work • Student Technical Experience is varied • Evidence created could be hit or miss • Student creativity • Training/Certifications • Computer Usage Policy • White Hacker Policy