1 / 17

COS/PSA 413

COS/PSA 413. Day 5. Agenda. Questions? Assignment 2 Redo Due September 26 @ 3:35 PM Assignment 3 posted Due September 26 @ 3:35 PM Quiz 1 on September 30 Chaps 1-5, Open book, Open notes 20 M/C and 5 essays Lab 1 corrected 2 B’s, 6 C’s and 1 F RTDQ! Lab 2 w rite-ups due

xena
Download Presentation

COS/PSA 413

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. COS/PSA 413 Day 5

  2. Agenda • Questions? • Assignment 2 Redo • Due September 26 @ 3:35 PM • Assignment 3 posted • Due September 26 @ 3:35 PM • Quiz 1 on September 30 • Chaps 1-5, Open book, Open notes • 20 M/C and 5 essays • Lab 1 corrected • 2 B’s, 6 C’s and 1 F • RTDQ! • Lab 2 write-ups due • Finish Discussion Processing Crime and incident Scenes • Lab 3 in N105 • Hands-on project 5-4 and 5-5 • Follow instructions in

  3. Lab 1 • 2-1 • File listing , contents & memo • Just the facts>>no bias and no conclusions • 2-2 • Memo – 25 clusters hits • 2-3 • Memo • 4 files, 30 clusters for BOOK • 1 image files name and where found • 2-4 • File listing • 2-5 • Prodiscover resport with “deleted and file type” • 2-6 • Prodiscover report with proper comments • 3 files with the 3 words (one file each) Guide to Computer Forensics and Investigations

  4. Reviewing Background Information for a Case • Company called Superior Bicycles • Specializes in creating new and inventive modes of human-driven transportation • Two employees, Chris Murphy and Nau Tjeriko, have been missing for several days • A USB thumb drive has been recovered from Chris’s office with evidence that he had been conducting a side business using company computers Guide to Computer Forensics and Investigations

  5. Identifying the Case Requirements • Identify requirements such as: • Nature of the case • Suspect’s name • Suspect’s activity • Suspect’s hardware and software specifications Guide to Computer Forensics and Investigations

  6. Planning Your Investigation • List what you can assume or know • Several incidents may or may not be related • Suspect’s computer can contain information about the case • If someone else has used suspect’s computer • Make an image of suspect’s computer disk drive • Analyze forensics copy • \\Wallagrass\Software for N105 lab\COS413 Software\Chap05\InChap05 Guide to Computer Forensics and Investigations

  7. Conducting the Investigation: Acquiring Evidence with AccessData FTK • Functions • Extract the image from a bit-stream image file • Analyze the image Guide to Computer Forensics and Investigations

  8. Guide to Computer Forensics and Investigations

  9. Conducting the Investigation: Acquiring Evidence with AccessData FTK (continued) Guide to Computer Forensics and Investigations

  10. Guide to Computer Forensics and Investigations

  11. Guide to Computer Forensics and Investigations

  12. Conducting the Investigation: Acquiring Evidence with AccessData FTK (continued) Guide to Computer Forensics and Investigations

  13. Guide to Computer Forensics and Investigations

  14. Conducting the Investigation: Acquiring Evidence with AccessData FTK (continued) Guide to Computer Forensics and Investigations

  15. Summary • Digital evidence is anything stored or transmitted on electronic or optical media • Private sector • Contained and controlled area • Publish right to inspect computer assets policy • Private and public sectors follow same computing investigation rules • Criminal cases • Require warrants Guide to Computer Forensics and Investigations

  16. Summary (continued) • Protect your safety and health as well as the integrity of the evidence • Follow guidelines when processing an incident or crime scene • Security perimeter • Video recording • As you collect digital evidence, guard against physically destroying or contaminating it • Forensic hash values verify that data or storage media have not been altered Guide to Computer Forensics and Investigations

  17. Summary (continued) • To analyze computer forensics data, learn to use more than one vendor tool • You must handle all evidence the same way every time you handle it • After you determine that an incident scene has digital evidence, identify the digital information or artifacts that can be used as evidence Guide to Computer Forensics and Investigations

More Related