Note-4

Note-4 - CSE 494/598 Forensic Computing: Computer and...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
CSE 494/598 Forensic Computing: Computer and Network Forensics Prof. Gail-Joon Ahn Cyber Gazette ! The role of the new federal CTO ! New NIJ Special Report ! Test Results for Mobile Device Acquisition Tool: Guidance Software Neutrino 1.4.14 ! This report was prepared by the Office of Law Enforcement Standards of the National Institute of Standards and Technology.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
IMPORTANT DATES ! First Day of Class: Jan 20, 2009 ! Group Formation Due: Jan 29, 2009 ! Exam #1: Feb 19, 2009 ! Spring Break: Mar 10 & 12, 2009 ! Exam #2: Mar 31, 2009 ! Class Project Due: Apr 23, 2009 ! Paper Report Due: Apr 28, 2009 ! Class Presentation: Apr 28/30, May 5, 2009 ! Exam #3 (Final): May 7, 2009 (12:10PM – 2:00PM) 3 4 Outline ! Computer Crime ! Computer Forensics ! Basic concept ! Brief history ! Other relevant disciplines ! Type of computer forensics ! Tools and resources ! Computer investigation ! Basic terms and process ! Systematic approach
Background image of page 2
! Disk Forensics ! Network Forensics ! E-mail Forensics ! Internet (Web) Forensics Types of Computer Forensics 5 6 Where is the evidence? ! types of data we work with. ! Archival : Data stored on backup tapes ! Active : Data that is currently seen by the operating system ! Forensic : Data that has been removed from the operating systems view, also known as unallocated space.
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
7 Rules of evidence ! Authenticity ! Reliability and Accuracy ! Admissibility ! Completeness 8 Chain of custody ! To show that the integrity of evidence/data was preserved and not open to random spoliation ! Time attributes (M-A-C) ! m time : modified time ! a time : accessed time ! c time : changed time
Background image of page 4
9 Forensics Process ! A cquisition/Preparation/Preservation ! Acquire the evidence/data without altering or damaging the original data or scene ! A uthentication/Identification ! Authenticate that the recovered evidence/data is the same as the
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 08/30/2009 for the course CSE 494 taught by Professor Rao during the Spring '08 term at ASU.

Page1 / 15

Note-4 - CSE 494/598 Forensic Computing: Computer and...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online