{[ promptMessage ]}

Bookmark it

{[ promptMessage ]}

traditional-forensics

traditional-forensics - 1 Live Forensics Tutorial Part 1...

Info icon This preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
1 © Copyright 2007 by Frank Adelstein and Golden G. Richard. III USENIX Security 2007 Live Forensics Tutorial Part 1: Traditional Forensics Frank Adelstein, Ph.D. Technical Director, Computer Security, ATC-NY GIAC-certified Digital Forensics Investigator Golden G. Richard III, Ph.D. Professor, Dept. of Computer Science, University of New Orleans GIAC-certified Digital Forensics Investigator Co-Founder, Digital Forensics Solutions, LLC
Image of page 1

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
2 © Copyright 2007 by Frank Adelstein and Golden G. Richard. III USENIX Security 2007 Course Overview – The Big Picture Introduction Traditional Forensics/Background Simple Network Forensics Main Focus: Live Forensics Demo Wrap-up
Image of page 2
3 © Copyright 2007 by Frank Adelstein and Golden G. Richard. III USENIX Security 2007 Instructor Background Frank: Forensics researcher, Ph.D. in computer science (OSU), R&D, GCFA certification, vice-chair DFRWS Golden: Professor, Ph.D. in computer science (OSU), teaches forensic courses, GCFA, founder Digital Forensic Solutions, LLC, chair DFRWS
Image of page 3

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
4 © Copyright 2007 by Frank Adelstein and Golden G. Richard. III USENIX Security 2007 Course Goals and Disclaimer Goals Gain an understanding of what information live forensic analysis can provide as well as its limitations See how live forensics fits into the big picture of other analysis techniques Disclaimers This is not legal advice 6 hours doesn’t make you an expert
Image of page 4
5 © Copyright 2007 by Frank Adelstein and Golden G. Richard. III USENIX Security 2007 Technical Definition: Digital Forensics “Tools and techniques to recover, preserve, and examine digital evidence on or transmitted by digital devices.” PLUS data recovery
Image of page 5

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
6 © Copyright 2007 by Frank Adelstein and Golden G. Richard. III USENIX Security 2007 Definition for the Masses “Deleted” information, on almost any kind of digital storage media, is almost never completely “gone”… Digital Forensics is the set of tools and techniques to recover this information in a forensically valid way (i.e., acceptable by a court of law)
Image of page 6
7 © Copyright 2007 by Frank Adelstein and Golden G. Richard. III USENIX Security 2007 Motivation Deleted files aren’t securely deleted Recover deleted file + when it was deleted! Renaming files to avoid detection is pointless Formatting disks doesn’t delete much data Web-based email can be (partially) recovered directly from a computer Files transferred over a network can be reassembled and used as evidence
Image of page 7

Info icon This preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
8 © Copyright 2007 by Frank Adelstein and Golden G. Richard. III USENIX Security 2007 Motivation (2) Uninstalling applications is much more difficult than it might appear… “Volatile” data hangs around for a long time (even across reboots) Remnants from previously executed applications Using encryption properly is difficult, because data isn’t useful unless decrypted Anti-forensics (privacy-enhancing) software is mostly broken “Big” magnets (generally) don’t work Media mutilation (except in the extreme) doesn’t work Basic enabler: Data is very hard to kill
Image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern