Intro 2 Digital Forensics

Intro 2 Digital Forensics - Solving Computer Crime An...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Click to edit Master subtitle style Solving Computer Crime: An Introduction to Digital Golden G. Richard III, Ph.D. Dept. of Computer Science Gulf Coast Computer Forensics Laboratory (GCCFL) [email protected]
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Digital Forensics Definition: “Tools and techniques to recover, preserve, and examine digital evidence on or transmitted by digital devices.” Devices include computers, PDAs, cellular phones, videogame consoles…
Background image of page 2
Examples of Digital Evidence ü Computers increasingly involved in criminal and corporate investigations ü Digital evidence may play a supporting role or be the “smoking gun” ü Email Harassment or threats Blackmail Illegal transmission of internal corporate documents ü Meeting points/times for drug deals ü Suicide letters ü Technical data for bomb making ü Image or digital video files (esp., child pornography) ü Evidence of inappropriate use of computer resources or attacks Use of a machine as a spam email generator Use of a machine to distribute illegally copied software
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Major Issues ü Identification of potential digital evidence Where might the evidence be? Which devices did the suspect use? ü Preservation of evidence On the crime scene… First, stabilize evidence…prevent loss and contamination If possible, make identical copies of evidence for examination ü Careful extraction and examination of evidence ü Presentation “The FAT was fubared, but using a hex editor I changed the first byte of directory entry 13 from 0xEF to 0x08 to restore ‘HITLIST.DOC’…” “The suspect attempted to hide the Microsoft Word document ‘HITLIST.DOC’ but I was able to recover it without tampering with the file contents.” ü Legal: Investigatory needs meet privacy
Background image of page 4
Preservation of Evidence: Hardly trivial… Living room Basement/closet wireless connection “Dear Susan, It’s not your fault… Just pull the plug? Move the mouse for a quick peek? Tripwires tick…tick…tick… Volatile computi ng
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Preservation: Imaging ü When making copies of media to be investigated, must prevent accidental modification or destruction of evidence! ü Write blockers: Use them. Always. ü dd under Linux ü DOS boot floppies ü Proprietary imaging solutions Drivelock write blocker
Background image of page 6
Extraction and Examination ü Know where evidence can be found ü Understand techniques used to hide or “destroy” digital data ü Toolbox of techniques to discover hidden data and recover “destroyed” data ü Cope with HUGE quantities of digital data… ü Ignore the irrelevant and target the relevant
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Where ’s the evidence? ü
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 04/06/2011 for the course CS 6963 taught by Professor Walterbruehs during the Spring '10 term at NYU Poly.

Page1 / 30

Intro 2 Digital Forensics - Solving Computer Crime An...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online