Intro 2 Digital Forensics

Intro 2 Digital Forensics - Solving Computer Crime: An...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
Click to edit Master subtitle style Solving Computer Crime: An Introduction to Digital Golden G. Richard III, Ph.D. Dept. of Computer Science Gulf Coast Computer Forensics Laboratory (GCCFL) golden@cs.uno.edu
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Digital Forensics Definition: “Tools and techniques to recover, preserve, and examine digital evidence on or transmitted by digital devices.” Devices include computers, PDAs, cellular phones, videogame consoles…
Background image of page 2
Examples of Digital Evidence ü Computers increasingly involved in criminal and corporate investigations ü Digital evidence may play a supporting role or be the “smoking gun” ü Email Harassment or threats Blackmail Illegal transmission of internal corporate documents ü Meeting points/times for drug deals ü Suicide letters ü Technical data for bomb making ü Image or digital video files (esp., child pornography) ü Evidence of inappropriate use of computer resources or attacks Use of a machine as a spam email generator Use of a machine to distribute illegally copied software
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Major Issues ü Identification of potential digital evidence Where might the evidence be? Which devices did the suspect use? ü Preservation of evidence On the crime scene… First, stabilize evidence…prevent loss and contamination If possible, make identical copies of evidence for examination ü Careful extraction and examination of evidence ü Presentation “The FAT was fubared, but using a hex editor I changed the first byte of directory entry 13 from 0xEF to 0x08 to restore ‘HITLIST.DOC’…” “The suspect attempted to hide the Microsoft Word document ‘HITLIST.DOC’ but I was able to recover it without tampering with the file contents.” ü Legal: Investigatory needs meet privacy
Background image of page 4
Preservation of Evidence: Hardly trivial… Living room Basement/closet wireless connection “Dear Susan, It’s not your fault… Just pull the plug? Move the mouse for a quick peek? Tripwires tick…tick…tick… Volatile computi ng
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Preservation: Imaging ü When making copies of media to be investigated, must prevent accidental modification or destruction of evidence! ü Write blockers: Use them. Always. ü dd under Linux ü DOS boot floppies ü Proprietary imaging solutions Drivelock write blocker
Background image of page 6
Extraction and Examination ü Know where evidence can be found ü Understand techniques used to hide or “destroy” digital data ü Toolbox of techniques to discover hidden data and recover “destroyed” data ü Cope with HUGE quantities of digital data… ü Ignore the irrelevant and target the relevant
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Where ’s the evidence? ü
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 30

Intro 2 Digital Forensics - Solving Computer Crime: An...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online