Teaching Computer Forensics Using Student Developed Evidence Files

4,606 views

Published on

Teaching Computer Forensics Using Student Developed Evidence Files

Published in: Technology, Art & Photos
3 Comments
9 Likes
Statistics
Notes
  • very good info, thanks
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Impressive presentation of 'Teaching Computer Forensics Using Student Developed Evidence Files'. You've shown your credibility on presentation with this slideshow. This one deserves thumbs up. I'm John, owner of www.freeringtones.ws/ . Hope to see more quality slides from you.

    Best wishes.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Excellent presentation about the need to innovate company models; the way to represent them succinctly; as well as the desire to make development initiatives actionable. Superb use of photographs along with obvious to see illustrative examples.
    Anisa
    http://financejedi.com http://healthjedi.com
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
4,606
On SlideShare
0
From Embeds
0
Number of Embeds
77
Actions
Shares
0
Downloads
0
Comments
3
Likes
9
Embeds 0
No embeds

No notes for slide

Teaching Computer Forensics Using Student Developed Evidence Files

  1. 1. Teaching Computer Forensics Using Student Developed Evidence Files Anna Carlin Cal Poly Pomona
  2. 2. Agenda <ul><li>What is Computer Forensics </li></ul><ul><li>Trends in Computer Forensics </li></ul><ul><li>Structure of a Computer Forensics Course </li></ul><ul><li>Investigative Mindset </li></ul><ul><li>Criminal Mindset </li></ul><ul><li>Legal Aspects of Computer Forensics </li></ul><ul><li>Ethics </li></ul><ul><li>Highlights </li></ul><ul><li>Questions & Answers </li></ul>
  3. 3. What is Computer Forensics? <ul><li>Application of computer investigation and analysis in the interests of determining potential legal evidence </li></ul><ul><li>Involves the identification, preservation, extraction, documentation, and interpretation of this digital evidence </li></ul>
  4. 4. Trends in Computer Forensics <ul><li>Computer Information System/Information Technology </li></ul><ul><ul><li>95% or world’s information is being generated and stored in a digital form </li></ul></ul><ul><ul><li>Only about one-third of documentary evidence is printed out </li></ul></ul>
  5. 5. Structure Of Course <ul><li>Prerequisites </li></ul><ul><li>Textbooks Used </li></ul><ul><li>Group and Individual Projects </li></ul><ul><li>Lab Environment/Facility </li></ul>
  6. 6. Quarter System Class <ul><li>Prerequisites </li></ul><ul><ul><li>Cal Poly – Junior/Senior level in a career track </li></ul></ul><ul><li>Textbooks </li></ul><ul><ul><li>Guide to Computer Forensics </li></ul></ul><ul><ul><li>from Course Technology </li></ul></ul><ul><ul><li>Recommended: Hacking Exposed: Computer Forensics Secrets and Solutions </li></ul></ul>
  7. 7. Topics Covered <ul><li>Applicable Laws </li></ul><ul><li>Processing Crime and Incident Scenes </li></ul><ul><li>Collecting Evidence </li></ul><ul><li>Recovering Evidence </li></ul><ul><li>Computer Forensic Tools </li></ul><ul><li>Documenting the Investigation </li></ul><ul><li>Communicating the Results </li></ul>
  8. 8. Cal Poly’s Computer Forensics Lab <ul><li>Allows hands-on experience </li></ul><ul><li>Evidence lockers </li></ul><ul><li>3 separate hard drives </li></ul><ul><li>Software available: </li></ul><ul><ul><li>EnCase Enterprise version 5 </li></ul></ul><ul><ul><li>FTK </li></ul></ul><ul><ul><li>Open source products </li></ul></ul><ul><ul><li>Virtual PC </li></ul></ul>
  9. 9. Additional Software <ul><li>HexWorkshop </li></ul><ul><li>Irfanview </li></ul><ul><li>Paraben </li></ul><ul><li>PC-Encrypt </li></ul><ul><li>WinHex </li></ul><ul><li>BitPim </li></ul><ul><li>Stegdetect </li></ul>
  10. 10. Group Project <ul><li>The goals are to: </li></ul><ul><ul><li>Follow a documented forensics investigation process </li></ul></ul><ul><ul><li>Identify relevant electronic evidence associated with various violations of specific laws </li></ul></ul><ul><ul><li>Identify probable cause to obtain a search warrant </li></ul></ul><ul><ul><li>Recognize the limits of search warrants </li></ul></ul><ul><ul><li>Locate and recover relevant electronic evidence </li></ul></ul><ul><ul><li>Maintain a chain of custody </li></ul></ul>
  11. 11. Group Project Parts <ul><li>Create the evidence </li></ul><ul><ul><li>Pick a crime and identify the elements </li></ul></ul><ul><ul><li>Generate evidence to support that crime </li></ul></ul><ul><ul><li>Write and execute a search warrant </li></ul></ul><ul><li>Analyzing the evidence seized </li></ul><ul><ul><li>Maintain chain of custody </li></ul></ul><ul><ul><li>Analyze the digital medium for evidence </li></ul></ul><ul><ul><li>Document the process and findings </li></ul></ul><ul><li>Presentation of findings </li></ul>
  12. 12. Group Projects Created <ul><li>Bioterrorism of 80% of the world’s coconut supply on a fictitious island </li></ul><ul><li>A Da Vinci Code takeoff where the curator interrupts the robbery of the Mona Lisa and is killed in the process </li></ul><ul><li>Murder of a faculty member and where they are buried </li></ul><ul><li>Counterfeit Anaheim Angel playoff tickets </li></ul>
  13. 13. Individual Projects (Labs) <ul><li>Acquiring an image for analysis </li></ul><ul><li>Recovering deleted data </li></ul><ul><li>Password and encryption methods </li></ul><ul><li>Images and steganography </li></ul><ul><li>Tracing emails </li></ul><ul><li>Email analysis </li></ul><ul><li>Cell phones </li></ul><ul><li>PDA </li></ul>
  14. 14. Investigative Mindset <ul><li>Handling the Crime Scene </li></ul><ul><ul><li>Ears, Eyes, Hands </li></ul></ul><ul><ul><li>Computer Evidence </li></ul></ul><ul><ul><li>Digital Evidence </li></ul></ul><ul><li>Crime Scene investigation and boundaries </li></ul><ul><li>Searching and Collecting evidence </li></ul><ul><li>Do’s and Don’ts </li></ul>
  15. 15. Criminal Mindset <ul><li>Identify Theft </li></ul><ul><li>Pornography </li></ul><ul><li>Sexual Harassment </li></ul><ul><li>Embezzlement </li></ul><ul><li>Mail - Hate - Gambling across States - Drug Trafficking - Images </li></ul><ul><li>Understanding anti-forensic techniques to hide evidence </li></ul>
  16. 16. Legal Aspects of Computer Forensics <ul><li>Don’t commit a crime when manufacturing evidence </li></ul><ul><li>Verify the tools </li></ul><ul><li>Document everything </li></ul>
  17. 17. Ethics <ul><li>Do your job </li></ul><ul><li>Remove any personal agendas you may have about the case/investigation </li></ul><ul><li>Knowing it and proving it are 2 different things </li></ul><ul><li>State the facts as you see them </li></ul><ul><li>It is not your job to be Judge and/or Jury </li></ul><ul><li>Ethical Hacking </li></ul>
  18. 18. Highlights <ul><li>Professor in class challenges: </li></ul><ul><ul><li>Time available after class for lab work </li></ul></ul><ul><ul><li>Student Technical Experience is varied </li></ul></ul><ul><ul><li>Evidence created could be hit or miss </li></ul></ul><ul><ul><li>Student creativity </li></ul></ul><ul><ul><li>Training/Certifications </li></ul></ul><ul><ul><li>Computer Usage Policy </li></ul></ul><ul><ul><ul><li>White Hacker Policy </li></ul></ul></ul>
  19. 19. Questions and Answer

×