COEN 152 Computer Forensics

advertisement
COEN 152 Computer Forensics
Introduction to Computer
Forensics
Computer Forensics

Digital Investigation

Focuses on a digital device






Computer
Router
Switch
Cell-phone
SIM-card
…
Computer Forensics

Digital Investigation

Focuses on a digital device involved in an incident
or crime


Computer intrusion
Generic criminal activity


Perpetrator uses internet to gather information used in the
perpetration of a crime.
Digital device is an instrument of a crime




Perpetrator uses cell-phone to set-off a bomb.
 Details are sensitive to natural security. If you get
clearance, I can tell you who to ask.
Email scams
Internet auction fraud
Computer is used for intrusion of another system.
Computer Forensics

Digital Investigation

Has different goals

Prevention of further intrusions.


Assessment of damage.


Goal is to reconstruct modus operandi of intruder to
prevent further intrusions.
Goal is to certify system for safe use.
Reconstruction of an incident.


For criminal proceedings.
For organization-internal proceedings.
Computer Forensics

Digital Investigation

Process where we develop and test
hypotheses that answer questions about
digital events.

We can use an adaptation of the scientific
method where we establish hypotheses based
on findings and then (if possible) test our
hypotheses against findings resulting from
additional investigations.
Computer Forensics

Evidence

Procedural notion


That on what our findings are based.
Legal notion

Defined by the “rules of evidence”


Differ by legislation
“Hear-say” is procedurally evidence, but
excluded (under many circumstances) as
legal evidence.
Computer Forensics

Forensics

Used in the “forum”, especially for judicial
proceedings.

Definition: legal
Computer Forensics

Digital Crime Scene Investigation
Process



System Preservation Phase
Evidence Searching Phase
Event Reconstruction Phase

Note:
 These phases are different activities that
intermingle.
Computer Forensics

Who should know about Computer Forensics

Those involved in legal proceedings that might use
digital evidence


Judges, Prosecutors, Attorneys, Law Enforcement,
Expert Witnesses
Those involved in Systems Administration



Systems Administrators, Network Administrators,
Security Officers
Those writing procedures
Managers
Computer Forensics

Computer Forensics presupposes skills in



Ethics
Law, especially rules of evidence
System and network administration

Digital data presentation


Systems



OS, especially file systems.
Hardware, especially disk drives, memory systems, computer
architecture, …
Networking


Number and character representation
Network protocols, Intrusion detection, …
Information Systems Management
COEN 152

Prerequisites:

Junior standing

Willingness to learn about Computer
Organization, OS (Processes, File Systems,)
Network Protocols.
COEN 152

Grading


Written final.
Practical final.

For your convenience, I will try to release it as the quarter
progresses.


Laboratory projects






You’ll need access to a computer with administrator privileges.
Ethics and legal cases.
Email tracing and forging.
Hard drive analysis.
Network traces.
…
Syllabus contains binding weights.
COEN 152

Labs:

I will move half of each lab (random selection if necessary)
to Friday lab.




Unless there is a documented conflict.
Maximum enrollment is 15 per lab (= number of computers).
You will have administrative privileges for the computers.
You are not allowed to connect to the internet other than
through the wireless.




You change the IP setting on your own and / or connect to the
internet other than through the firewall  Automatic F in lab 
Automatic F in class.
You delete an application we need, you get to reinstall it or you
receive an F in lab (and hence in class).
Clean up after using laptop. (Remove temporary files).
Feel free to save files on floppy / USB memory stick.
Download