Note-9

Note-9 - CSE 494/598 Forensic Computing: Computer and...

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
CSE 494/598 Forensic Computing: Computer and Network Forensics Prof. Gail-Joon Ahn Cyber Gazette ! DShield Web Honeypot ! The SANS ISC is releasing an alpha version of the DShield Web Honeypot to extend DShield's visibility into web-based attack traffic. The intention of the web honeypot project is to harness multiple capture points run by volunteers for the collection of potentially harmful traffic on the web. ! The data collected through the sensors are fed to the Dshield web database where human volunteers as well as machines pour through the data looking for abnormal trends and behavior. In addition, they attempt to measure web attack prevelance and find objective metrics to recommend protective measures.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
IMPORTANT DATES ! Exam #1: Feb 19, 2009 ! Assignment #1: Mar 3, 2009 ! Spring Break: Mar 10 & 12, 2009 ! Exam #2: Mar 31, 2009 ! Class Project Due: Apr 23, 2009 ! Paper Report Due: Apr 28, 2009 ! Class Presentation: Apr 28 & 30, 2009 May 5, 2009 ! Exam #3 (Final): May 7, 2009 (12:10PM – 2:00PM) 3 4 Outline ! File Forensics ! Storage Media Analysis ! Volume Analysis ! File System Analysis ! Heuristic and Systematic ! Microsoft File Structures " FAT and NTFS
Background image of page 2
Storage Media Analysis ! Hard Disk Geometry ! Head – the device that reads and writes data to a drive ! Track – concentric circle on a disk platter ! Cylinder – a column of tracks on disk platters ! Sector – a section on a track 5 Volume Analysis ! Purpose of Volume Analysis ! Involves looking at the data structures that are involved with partitioning and assembling the bytes in storage devices ! Partitions ! Collection of consecutive sectors in a volume ! Each OS and hardware platform uses a different partitioning method Partition 1 Partition 2 Partition 3 Hard Disk Volume D: Volume C: Volume E: Volume
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
7 Volume Analysis (cont’d) !
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 15

Note-9 - CSE 494/598 Forensic Computing: Computer and...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online