Escolar Documentos
Profissional Documentos
Cultura Documentos
Lecture 1
The Context of
Computer Forensics
2
Learning Objectives
3
Computer Forensics
Fundamentals
Computer Forensics
Criminal Civil
Acquisition FRYE Federal Rules of Civil Procedure Expert Witness
Analysis FRE 702 Sedona Friend of the Court
Examination Daubert/Kumho Rowe Technical Expert
Report
4
Context/Domain
Legal
Technical
Data Hiding
6
Criminalistics
7
History & Development
9
Crime Lab
10
Crime Lab
Optional Services
– Toxicology Unit
– Latent Fingerprint Unit
– Polygraph Unit
– Voice Print Analysis Unit
– Evidence Collection Unit (Rather new)
11
Other Forensic Science Services
Forensic Pathology
– Sudden unnatural or violent deaths
Forensic Anthropology
– Identification of human skeletal remains
Forensic Entomology
– Insects
Forensic Psychiatry
Forensic Psychology
Forensic Odontology
– Dental
Forensic Engineering
***Digital Forensics***
12
Digital Forensic Science
Digital Forensic Science (DFS):
13
Communities
14
Digital Forensic Science
15
Community Objectives
16
The Process
17
Investigative Process
18
Subcategories of DFS
19
Media Analysis
20
Computer Forensics
21
Computer Forensic Activities
22
The 3 As
23
Computer Forensics - History
•Homeland Security
•Information Security
•Corporate Espionage
•White Collar Crime
•Child Pornography Digital Forensics
•Traditional Crime Computer Forensics
•Incident Response
•Employee Monitoring
•Privacy Issues
•????
25
Fit with Information Assurance
26
Incident Response Methodology
(PDCAERF)
Feed Back
27
(PDCAERF)
Preparation
– Being ready to respond
– Procedures & policies
– Resources & CSIRT creation
– Current vulnerabilities & counter-measures
Detection/Notification
– Determining if an incident or attempt has been made
– IDS
– Initial actions/reactions
– Determining the scope
– Reporting process
28
(PDCAERF)
Containment
– Limit the extent of an attack
– Mitigate the potential damage & loss
– Containment strategies
Analysis & Tracking
– How the incident occurred
– More in-depth analysis of the event
– Tracing the incident back to its source
29
(PDCAERF)
Eradication/ Repair-Recovery
– Recovering systems
– Getting rid of the causes of the incident,
vulnerabilities or the residue (rootkits, trojan
horses etc.)
– Hardening systems
– Dealing with patches
30
(PDCAERF)
Follow-up
– Review the incident and how it was handled
– Postmortem analysis
– Lessons learned
– Follow-up reporting
31
Challenges
32
Challenges
33
General Challenges
34
Legal Challenges
35
Specific Challenges
36
Specific Challenges
Perpetrator’s Victim’s
System System
Electronic Crime
Scene
38
Specific Challenges
39
Summary
40
Summary
41