* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project
COEN 252 Computer Forensics Introduction to Computer Forensics Thomas Schwarz, S.J. 2013 Computer Forensics Digital Investigation Focuses on a digital device Computer Router Switch Cell-phone SIM-card Kindle … Computer Forensics Digital Investigation Focuses on a digital device involved in an incident or crime Computer intrusion Generic criminal activity Perpetrator uses internet to gather information used in the perpetration of a crime. Digital device is an instrument of a crime Perpetrator uses cell-phone to set-off a bomb. Email scams Internet auction fraud Crimeware Computer is used for intrusion of another system Botnet Computer Forensics Digital Investigation Has different goals Prevention of further intrusions. Assessment of damage. Goal is to reconstruct modus operandi of intruder to prevent further intrusions. Goal is to certify system for safe use. Reconstruction of an incident. For criminal proceedings. For organization-internal proceedings. Computer Forensics Digital Investigation Process where we develop and test hypotheses that answer questions about digital events. We can use an adaptation of the scientific method where we establish hypotheses based on findings and then (if possible) test our hypotheses against findings resulting from additional investigations. Computer Forensics Evidence Procedural notion That on what our findings are based. Legal notion Defined by the “rules of evidence” Differ by legislation “Hear-say” is procedurally evidence, but excluded (under many circumstances) as legal evidence. Computer Forensics Forensics Used in the “forum”, especially for judicial proceedings. Definition: legal Computer Forensics Digital Crime Scene Investigation Process System Preservation Phase Evidence Searching Phase Event Reconstruction Phase Note: These phases are different activities that intermingle. Computer Forensics Who should know about Computer Forensics Those involved in legal proceedings that might use digital evidence Judges, Prosecutors, Attorneys, Law Enforcement, Expert Witnesses Those involved in Systems Administration Systems Administrators, Network Administrators, Security Officers Those writing procedures Managers Computer Forensics Computer Forensics presupposes skills in Ethics Law, especially rules of evidence System and network administration Digital data presentation Systems OS, especially file systems. Hardware, especially disk drives, memory systems, computer architecture, … Networking Number and character representation Network protocols, Intrusion detection, … Information Systems Management COEN 252 Prerequisites Required: Good moral character. Ability and willingness to respect ethical boundaries. Familiarity with at least one type of operating system. (Windows, Unix/Linux, DOS experience preferred.) Some programming. Access to a computer with Hex editor. Desired: Familiarity with OS Theory. Familiarity with Networking. Some Knowledge of U.S. Legal System.