1 / 11

Automatically Creating Realistic Targets for Digital Forensics Investigation

Frank Adelstein ATC-NY 33 Thornwood Drive, Suite 500 Ithaca, NY 14850 Contact: frank@atc-nycorp.com. Yun Gao Golden G. Richard III Department of Computer Science University of New Orleans New Orleans, LA 70148 Contact: golden@cs.uno.edu.

wynonna-romero
Download Presentation

Automatically Creating Realistic Targets for Digital Forensics Investigation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Frank Adelstein ATC-NY 33 Thornwood Drive, Suite 500 Ithaca, NY 14850 Contact: frank@atc-nycorp.com Yun Gao Golden G. Richard III Department of Computer Science University of New Orleans New Orleans, LA 70148 Contact: golden@cs.uno.edu Automatically Creating Realistic Targets for Digital Forensics Investigation August 17, 2005 2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA

  2. Abstract • The need for computer forensics education continues to grow. • An essential component of training is hands-on, realistic assignments. • Creating detailed, realistic lab is a difficult task. • FALCON (Framework for Laboratory exercises Conducted Over Networks) 2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA

  3. 1. Introduction • Keywords: computer forensics, computer security, education • Computer forensic training schools. • The weakness of the computer forensics education • FALCON cycle. 2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA

  4. Figure 1: FALCON and the lab development process 2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA

  5. 2. FALCON Architecture • 2.1 Lab Creation Tool(LCT) • To automatically configure a set of target machines • Allow an instructor to carefully specify the types of activity. 2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA

  6. 2.2 Lab Execution Environment • To provide an interactive environment. • Set up scenarios on virtual target machines for the students to investigate. • Support the forensic investigation itself. • Logging the activities of the students. • OnLine DFS 2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA

  7. 2.3 Lab Evaluation Tool • Use to evaluate a laboratory exercise. • Help evaluate performance. • Provide details on what actions students took. • Use to gather information to gauge the level of difficulty of the lab. (e.g. time spent) 2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA

  8. 3. Preliminary Results • All students complete the assignments. 2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA

  9. Figure 2: Network configuration in proof-of-concept experiment. 2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA

  10. 4. Conclusions and Future Work • To provide adequate training to students of digital forensics. • An architecture for the creation, deployment, and evaluation of laboratory exercises to support education. • Future -To improve the education in digital forensics. -To get feedback from the students. 2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA

  11. 5. References • [1] Sleuthkit and Autopsy, http://www.sleuthkit.org. • [2] Encase forensics software, http://www.encase.com. • [3] Forensics Toolkit (FTK), http://www.accessdata.com. • [4] iLook Investigator forensic software, http://www.ilook-forensics.org/. • [5] SMART forensics software, http://www.asrdata.com/SMART/. • [6] F. Adelstein, “MFP: The Mobile Forensics Platform,” Proceedings of the 2002 Digital Forensics Research Workshop, http://www.dfrws.org. • [7] F. Adelstein, “MFP: The Mobile Forensic Platform,” International Journal of Digital Evidence, 2(1), 2003. • [8] E. Casey, Digital Evidence and Computer Crime, Academic Press, 2nd Edition, March 2004. • [9] E. Casey, Handbook of Computer Crime Investigation: Forensic Tools & Technology, Academic Press, October 2001, pp. 2-3. • [10] E. Casey, “Network traffic as a source of evidence: tool strengths, weak- nesses, and future needs,” Digital Investiga- tion, 1(1), Elsevier, 2004, pp. 28-43. • [11] P. Sealey, “Remote forensics,” Digi- tal Investigation, 1(4), Elsevier, 2004, pp. 261-265. 2005 Digital Forensic Research Workshop (DFRWS) New Orleans, LA

More Related