computer forensics

3,434 views

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,434
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
65
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

computer forensics

  1. 1. FINAL YEAR DEGREE PROJECT Objective Settings Proforma Student’s Name: Lisa Jarrett First Assessor: Keith Verheyden Second Assessor: Paula Thomas Project Title: Create and design a realistic case study investigation scenario for use by academia in a computer forensics training program "Murder of an entrepreneur” Project Objectives & Deliverables Objectives 1. To investigate and examine the current educational resources (Case Studies and forensics datasets) used by Universities in terms of development standards and implementation. 2. To investigate and examine the current training resources (Case Studies and forensics datasets) used by accredited companies conducting forensic training in terms of development standards and implementation. 3. Gain an understanding and insight into the students’ competencies with computer systems and evaluate their capabilities of using various software tools when conducting a digital evidence investigation. 4. To propose and develop a competency framework that can be used as an educational teaching resource for Computer Forensic investigation training. Deliverables A literature review of digital forensics training resources available for academic purposes A report based on a study of the skills and knowledge gap of current undergraduate students (?)
  2. 2. Contents Title - Create a framework for Computer Forensics students ................................. 3 Statement of Originality .......................................................................................... 3 Abstract .................................................................................................................. 3 Project Introduction................................................................................................. 3 Issues associated with its design and development ............................................... 4 Clear Aims and Objectives ..................................................................................... 4 Literature Review ....................................................................................................... 5 Overview................................................................................................................. 5 What is Computer Forensics .................................................................................. 5 Why do we need it? ................................................................................................ 5 Crimes .................................................................................................................... 5 Digital Evidence...................................................................................................... 6 Characteristics of computer forensics curriculum in Academia............................... 6 Current Pedagogy strategies .................................................................................. 6 Characteristics of industry based computer forensics programs ............................ 8 1. Frameworks, Standards, Certification, Accreditation?................................... 8 2. Training methods .......................................................................................... 8 3. Content ......................................................................................................... 8 4. Resource materials ....................................................................................... 8 5. Digital forensic software applications and tools............................................. 8 Part 2 - Design Phase ................................................................................................ 8 Summary Chapter................................................................................................... 9 References ............................................................................................................. 9 Bibliography............................................................................................................ 9 Appendices............................................................................................................. 9
  3. 3. References............................................................................................................... 10 Bibliography ............................................................................................................. 15 Appendix .................................................................................................................. 23
  4. 4. Title - Create a framework for Computer Forensics students Statement of Originality Abstract In this report an investigation into the evolution and importance of computer crime with computer forensics, at the same time discuss the crisis of computer forensics and the challenges faced by the Academics in the newest forensic science discipline. There has been much research and study into key topics and relevant subjects needed to design a curriculum framework to train and educate students to become Computer Forensic Investigators and prepare them for the real world. The main objective of this report has been to propose and develop a competency framework that can be used as an educational teaching resource for Computer Forensic investigation training in Academia, proposing different approaches and directions to better reflect the disciplines present-day objectives. There will be a focus on the technical aspects of producing teaching repositories and provide an insight of students understandings of the curriculum and the challenges and unique issues they are up against in such a fast paced technological career. Project Introduction This report is a review of the current CF educational resources, forensic tools and training programs’ content, it also outlines the deductions made from studying the many different literatures and research papers. The results and conclusions made from this review will be the basis for the new framework and outline different proposals for academics that train and educate students to become CF investigators and make considerations regarding different pedagogic approaches depending on the crime being investigated.
  5. 5. Issues associated with its design and development Clear Aims and Objectives The overall aim of the project is to develop a digital crime case study resource based on a crime (murder) and facilitate the practicum teaching of computer forensics in academia. Digital forensic investigators will require an in-depth understanding and knowledge of Information Technology which requires specialised training. Recruitment in the high tech crime industry resembles every other, they want and require experience. Like most industries they are unable to spare time or have access to large funds of money for training graduate students without previous know- how. The development of this framework will involve a full investigation and analysis of digital evidence involved in the case study scenario in addition to producing reports of any probative digital evidence found. The main objective will be to close the skills gap and provide students with relevant experience whilst preparing for the importance of managing electronic evidence cases. Furthermore graduate students can demonstrate their skills and capabilities when dealing with a specific digital crime scenario to prospective employers and illustrate their contribution in the investigation. The research study indicated that the development of certain practicum and pedagogy is much needed to cope with the current challenges faced in computer forensics. Despite the economic recession that we are currently experiencing and the new HE policy introduced by the UK government, the computer forensics discipline has benefitted with HE institutions are compelled to address the employability of students and expected to achieve a more transitional balance from academia to industry.
  6. 6. Literature Review Overview A review of areas relating to recent advances and current issues, laboratory exercises to improve technical experiences, hands on experience in hardware and software tools develop active learning modules. Computer forensics is a unique discipline of science, and in many areas it requires a different approach, different tools, as well as specialised education and training. While the distinctive position of computer forensics is generally accepted, the formal recognition of computer forensics as a section of forensic science has not yet eventuated. What is Computer Forensics Computer forensics involves the preservation, identification, extraction and documentation of digital evidence in magnetic, optical, or electronic forms hard drive, disk drives, USB drive, Zip drive),on stored media unlike paper evidence (Craiger). When computer systems are seized, forensic specialists perform their investigation analysis and also protect the systems and any components in the likelihood it is be needed for criminal or civil proceedings. Why do we need it? Computer Crimes have been a prevalent topic in the media for several years, although the first computer crime committed was in 1820, it is only since the This new forensic science disciple is fast becoming progressively popular as the proliferation of advancing technology is enterprising the criminals illegal activities. Crimes To assist and for the simplicity in the understanding of computer crime the following classifications are proposed: Criminal activity targets computer systems, networks or media storage, a tool to facilitate a new style of crime Assisted by computer systems, a new way to commit traditional crimes (harassment, fraud). Computer systems that are secondary to the crimes but utilise their facilities as a replacement for conventional tools (drug dealers tick list) using software accounting packages.
  7. 7. The classification used here is only to support and understand the context of a complex subject. Computer crime has directly led into efforts for fighting it, computer forensics was born. The obvious attraction to computer crime is blatantly obvious. At the turn of the century, criminals would have found it difficult to steal the filing cabinet and its contents, but nowadays it has been made much easier by simply downloading the entire contents onto a usb stick or emailing the information to storage somewhere in the cloud. Digital Evidence Virtually every computer device incriminated in digital media investigations and court cases rely on digital evidence obtained from them since they nearly always leave a digital footprint (Locards Principle).The procedures in paper evidence cases are instinctively clear, but digital evidence is invisible to the human eye so the specific tools that have been developed to find this evidence are used and the paper evidence procedures are mimicked. The procedure also involves the documentation “an audit trail”, required for the integrity and authenticity of the evidence. More importantly this documentation provides the method used by the expert and can be used for third parties to repeat the process and arrive at the same conclusion and provide explanations for use in court prosecutions. Characteristics of computer forensics curriculum in Academia Current Pedagogy strategies Ref: Analysing teaching design repositories Danyu Zhang, Rafael Calvo, Nicholas Carroll, John Currie Ref http://docs.moodle.org/24/en/Pedagogy 1. Use of Simulation techniques - 2. Reusable learning object approach 3. Hands on experience – work based 4. Individual project lab exercises 5. Team Project lab exercises 6. Use a real to life crime scene house / unit 7. Case Study Scenarios (i) Frameworks, standards, certification and accredidation? (ii) Content and learning outcomes
  8. 8. (iii) Resource materials (iv)Digital forensic software applications and tools
  9. 9. Characteristics of industry based computer forensics programs Frameworks, Standards, Certification, Accreditation? Training methods Content Resource materials Digital forensic software applications ,tools and techniques Part 2 - Design Phase Proposed Design of a Teaching Repositories (i) Key Objectives (ii) Testing / Evaluation (iii) Forensic Image (iv)System and Material Requirements (v) Case Scenario Plan (vi)Story Board, Timeline, Character Roles (vii) Secondary Data Sources (viii) Creating the artefacts (ix)Methodology - Hiding the Artefacts (x) Answer Key and Master Artefact sheet (xi)Implementation (xii) Testing / Evaluation (xiii) Implementation
  10. 10. Summary Chapter Leads References Bibliography Appendices
  11. 11. Leads Journal – IEEE A Comparative Study of Forensic Science and Computer Forensics Developing a computer forensics program in police higher education Developing an Innovative Baccalaureate Program in Computer Forensics A Framework to Guide the Implementation of Proactive Digital Forensics in Organisations Pedagogy and Overview of a Graduate Program in Digital Investigation Management Science Direct  Current issues confronting well-established computer-assisted child exploitation and computer crime task forces  Bringing science to digital forensics with standardized forensic corpora  The future of forensic and crime scene science: Part II. A UK perspective on forensic science education Volume 157, Supplement, Pages S1-S20 (14 March 2006)  Forensic science on trial—still! Response to “Educating the next generation” [Science and Justice, 48 (2008) 59–60] http://www.sleuthkit.org/sleuthkit/docs/framework-docs/basics_page.html http://zeltser.com/cheat-sheets/ Neil C. Rowe, Testing the National Software Reference Library, Digital Investigation, Volume 9, Supplement, August 2012, Pages S131-S138, ISSN 1742-2876, 10.1016/j.diin.2012.05.009. (http://www.sciencedirect.com/science/article/pii/S1742287612000345) Abstract: The National Software Reference Library (NSRL) is an essential data source for forensic investigators, providing in its Reference Data Set (RDS) a set of hash values of known software. However, the NSRL RDS has not previously been tested against a broad spectrum of real-world data. The current work did this using a corpus of 36 million files on 2337 drives from 21 countries. These experiments answered a number of important questions about the NSRL RDS, including what fraction of files it recognizes of different types. NSRL coverage by vendor/product was also tested, finding 51% of the vendor/product names in our corpus had no hash values at all in NSRL. It is shown that coverage or “recall” of the NSRL can be improved with additions from our corpus such as frequently-occurring files and files whose paths were found previously in NSRL with a different hash value. This provided 937,570 new hash values which should be
  12. 12. uncontroversial additions to NSRL. Several additional tests investigated the accuracy of the NSRL data. Experiments testing the hash values saw no evidence of errors. Tests of file sizes showed them to be consistent except for a few cases. On the other hand, the product types assigned by NSRL can be disputed, and it failed to recognize any of a sample of virus-infected files. The file names provided by NSRL had numerous discrepancies with the file names found in the corpus, so the discrepancies were categorized; among other things, there were apparent spelling and punctuation errors. Some file names suggest that NSRL hash values were computed on deleted files, not a safe practice. The tests had the secondary benefit of helping identify occasional errors in the metadata obtained from drive imaging on deleted files in our corpus. This research has provided much data useful in improving NSRL and the forensic tools that depend upon it. It also provides a general methodology and software for testing hash sets against corpora. Keywords: NSRL; Forensics; Files; Hash values; Coverage; Accuracy; Extensions; Directories http://cfed-ttf.blogspot.co.uk/  President Obama Expands “Educate to Innovate” Campaign for Excellence in Science, Technology, Engineering, and Mathematics (STEM) Education.  For educators who want a view of some of the education materials already available, check out stay safe online sponsored by the National Cybersecurity Alliance to learn more.  The National Science Foundation is working to build an information security workforce who will play a critical role in implementing the national strategy to secure cyberspace through several efforts including its Advanced Technology Education (ATE) program. Currently three ATE Regional centers serve to increase the quality and quantity of the cybersecurity workforce: the Cyber Security Education Consortium, Center for System Security and Information Assurance, and CyberWatch. o CyberWatch overview  The National Centers of Academic Excellence sponsored by NSA and the Department of Homeland Security (DHS) promotes higher education and research in IA and helps to increase the number of professionals with IA expertise in various disciplines  p http://digitalforensicsisascience.blogspot.co.uk/2012/01/series-introduction-spring- 2012-anti.html http://windowsir.blogspot.co.uk/p/little-black-book-of-windows-forensic.html Welcome to ITALICS - Innovation in Teaching And Learning in Information and Computer Sciences Edited by Stephen Hagan, University of Ulster This is a temporary home page until our exciting new website is constructed over the coming months. Welcome to ITALICS, Innovation in Teaching And Learning in Information and Computer Sciences, the electronic journal of the Higher Education Academy for Information and Computer Sciences (ICS). ITALICS provides a vehicle for members of the ICS communities to disseminate best practice and research on learning and teaching within their disciplines.
  13. 13. Scope ITALICS aims to highlight current issues in learning and teaching Information and Computer Sciences at the Higher Education (HE) level including:  Innovative approaches to learning and teaching  Developments in computer-based learning and assessment  Open, distance, collaborative and independent learning approaches  The variety of contexts in which students in HE learn -  Including work-based learning, placements and study visits  Improving the student experience  Continuous professional development  The integration of theory and practice Submissions Submissions to be sent to Stephen Hagan. Along with your article, please send us a signed copy of the contributor’s agreement. Please download this pdf file, sign it and return the paper copy to Hazel White, The Higher Education Academy, Innovation Way, Heslington York, YO10 5BR. We would also welcome scanned, signed copies sent by email to Hazel White but please send your paper copy as well. In the event that your article is not accepted for publication, we shall destroy this agreement. Issues There will be three issues of ITALICS each year, published in February, June and November. The journal will include:  An editorial  Peer reviewed papers  Book reviews Themed issues will be produced at least once a year and there will be opportunities for guest editors to take the helm. If you are interested in contributing to a themed issue or becoming a guest editor for ITALICS, pleaseemail us. ITALICS, June 2012 issue Volume 11  June 2012 issue  Editorial Individual papers from the authors  Paper 1  Paper 2
  14. 14.  Paper 3  Paper 4  Paper 5  Paper 6  Paper 7 Previous issues of ITALICS are available on ICS website, and will shortly be available from this page.
  15. 15. References
  16. 16. Bibliography 2003. Accreditation, quality control & assurance. Forensic Science International, 136, Supplement 1, 5-10. ARMSTRONG, C. J. 2003. Mastering computer forensics. Security education and critical infrastructures, 125, 151. ARMSTRONG, C. 2007. An Analysis of Computer Forensic Practitioners Perspectives on Education and Training Requirements. Fifth World Conference on Information Security Education, 1-8. ARMSTRONG, C. J. 2012. Computer Forensics (CF 601) Unit Outline Semester 1, 2012. ARMSTRONG, H. & ARMSTRONG, C. 2007. The Role of Information Security Industry Training and Accreditation in Tertiary Education. Fifth World Conference on Information Security Education, 137-140. ARMSTRONG, C. J. 2005. Development of a Research Framework for Selecting Computer Forensic Tools. Curtin University of Technology. ARMSTRONG, C. J. & ARMSTRONG, H. L. Mapping information security curricula to professional accreditation standards. 2007. IEEE, 30-35. ARMSTRONG, C. 2003. Developing a framework for evaluating computer forensic tools. Evaluation in Crime Trends and justice: Trends and Methods Conference in Conjunction with the Australian Bureau of Statistics, Canberra Australia, 24-25. ARMSTRONG, C. & JAYARATNA, N. 2004. Teaching computer forensics, uniting practice with intellect. Proceedings of the 8th Colloquium for Information Systems Security Education, West Point New York. AUSTIN, R. D. Digital forensics on the cheap: teaching forensics using open source tools. Proceedings of the 4th annual conference on Information security curriculum development, 2007. ACM, 6. BATTEN, L. & PAN, L. 2008. Teaching digital forensics to undergraduate students. Security & Privacy, IEEE, 6, 54- 56. BECKETT, J. & SLAY, J. 2011. Scientific underpinnings and background to standards and accreditation in digital forensics. Digital Investigation, 8, 114-121. BEM, D. & HUEBNER, E. Computer forensics workshop for undergraduate students. 2008. Australian Computer Society, Inc., 29-33. BASSETT, R., BASS, L. & O’BRIEN, P. 2006. Computer forensics: An essential ingredient for cyber security. Journal of Information Science and Technology, 3, 22-32. BRILL, A. E., POLLITT, M. & WHITCOMB, C. M. 2006. The evolution of computer forensic best practices: an update on programs and publications. Journal of Digital Forensic Practice, 1, 3-11. BRINSON, A., ROBINSON, A. & ROGERS, M. 2006. A cyber forensics ontology: Creating a new approach to studying cyber forensics. digital investigation, 3, 37-43. CALOYANNIDES, M. A. 2003. Digital evidence and reasonable doubt. IEEE Security and Privacy, 1, 89-91. CARBONE, A., MANNILA, L. & FITZGERALD, S. 2007. Computer science and IT teachers' conceptions of successful and unsuccessful teaching: A phenomenographic study. Computer Science Education, 17, 275-299. CARRIER, B. & SPAFFORD, E. H. An event-based digital forensic investigation framework. Digital forensic research workshop, 2004.
  17. 17. CARRIER, B. & SPAFFORD, E. H. 2003. Getting physical with the digital investigation process. International Journal of Digital Evidence, 2, 1-20. CHEN, P. S., TSAI, L. M. F., YING-CHIEH, C. & YEE, G. Standardizing the construction of a digital forensics laboratory. Systematic Approaches to Digital Forensic Engineering, 2005. First International Workshop on, 7-9 Nov. 2005 2005. 40-47. CHI, H., JONES, E. L., CHATMON, C. & EVANS, D. Design and Implementation of Digital Forensics Labs. CHU, H. C., LIN, W. D. & CHANG, K. H. 2010. Digital Forensics Core Curriculum Design in Higher Education in Ubiquitous Computing Era. 淡江理工學刊, 13, 89-97. COHEN, M., GARFINKEL, S. & SCHATZ, B. 2009. Extending the advanced forensic format to accommodate multiple data sources, logical evidence, arbitrary information and forensic workflow. digital investigation, 6, S57-S68. COLLINS, D. & MCGUIRE, T. 2008. Using the DC3 forensic challenge as a basis for a special topics digital forensics upper level undergraduate course. Journal of Computing Sciences in Colleges, 23, 8-14. CONGDON, C. B., FITZGERALD, S., KING, M. S., SEMMES, P. & CHAIRMAN-KAY, D. G. 2000. Teaching advice and support for new and adjunct faculty (panel session): experiences, policies, and strategies. ACM SIGCSE Bulletin, 32, 414-415. COOPER, P., FINLEY, G. T. & KASKENPALO, P. Towards standards in digital forensics education. Proceedings of the 2010 ITiCSE working group reports, 2010. ACM, 87-95. CRAIGER, J. P., POLLITT, M. & SWAUGER, J. 2005. Law enforcement and digital evidence. Handbook of Information Security John Wiley & Sons (in Print). CRAIGER, P., BURKE, P., MARBERRY, C. & POLLITT, M. 2008. A virtual digital forensics laboratory. Advances in Digital Forensics IV, 357-365. CRAIGER, P., PONTE, L., WHITCOMB, C., POLLITT, M. & EAGLIN, R. Master's Degree in Digital Forensics. 2007. IEEE, 264b-264b. CRELLIN, J., ADDA, M. & DUKE-WILLIAMS, E. 2010. The use of simulation in digital forensics teaching. CRELLIN, J., ADDA, M., DUKE-WILLIAMS, E. & CHANDLER, J. 2011. Simulation in computer forensics teaching: the student experience. CRELLIN, J. & KARATZOUNI, S. 2009. Simulation in digital forensic education. DAVEY, J., ARMSTRONG, C. & ARMSTRONG, H. 2001. Teaching cyberwarfare tactics and strategy. DINOLT, G., FARRELL, P., GARFINKEL, S. & ROUSSEV, V. 2009. Bringing Science to Digital Forensics with Standardized Forensic Corpora. NAVAL POSTGRADUATE SCHOOL MONTEREY CA GRADUATE SCHOOL OF OPERATIONAL AND INFORMATION SCIENCES.
  18. 18. DOWNS, J. C. U. & RANADIVE SWIENTON, A. 2012. Chapter 6 - Ethics Codes in Other Organizations: Structures and Enforcement. In: DOWNS, J. C. U. & ANJALI RANADIVE, S. (eds.) Ethics in Forensic Science. San Diego: Academic Press. DURANTI, L. & ENDICOTT-POPOVSKY, B. 2010. Digital records forensics: A new science and academic program for forensic readiness. Journal of Digital Forensics, Security and Law, 5. ENDICOTT-POPOVSKY, B., FRINCKE, D. & POPOVSKY, V. 2004. Designing a Computer Forensics Course for an Information Assurance Track. 8th Colloquium for Information Systems Security Education, West Point, NY. ENDICOYTT-POPUVSKY, B. 2003. Ethics and teaching information assurance. Security & Privacy, IEEE, 1, 65-67. FERGUSON-BOUCHER, K. & ENDICOTT-POPOVSKY, B. 2008. Digital Forensics and Records Management: What We Can Learn from the Discipline of Archiving. GARFINKEL, S. 2007. Anti-forensics: Techniques, detection and countermeasures. The 2nd International Conference on i-Warfare and Security (ICIW), 77-84. GARFINKEL, S. 2012. Lessons learned writing digital forensics tools and managing a 30TB digital evidence corpus. Digital Investigation, 9, S80-S89. GARFINKEL, S., FARRELL, P., ROUSSEV, V. & DINOLT, G. 2009. Bringing science to digital forensics with standardized forensic corpora. digital investigation, 6, S2-S11. GARFINKEL, S., WOODS, K., LEE, C. A., DITTRICH, D., RUSSELL, A. & KEARTON, K. 2011. Creating Realistic Corpora for Security and Forensic Education. NAVAL POSTGRADUATE SCHOOL MONTEREY CA DEPT OF COMPUTER SCIENCE. GARFINKEL, S. L. 2007. Forensic corpora: a challenge for forensic research. Electronic Evidence Information Center. GARFINKEL, S. L. 2010. Digital forensics research: The next 10 years. Digital Investigation, 7, S64-S73. GARFINKEL, S. L. 2012. Methods for creating realistic disk images for forensics tool testing and education. GOTTSCHALK, L., LIU, J., DATHAN, B., FITZGERALD, S. & STEIN, M. 2005. Computer forensics programs in higher education: a preliminary study. ACM SIGCSE Bulletin, 37, 147-151. GILLAM, W. B. & ROGERS, M. 2005. File Hound: A Forensics Tool for First Responders. Digital forensics research workshop, New Orleans, LA. Retrieved from http://www. dfrws. org. GOTTSCHALK, P., FILSTAD, C., GLOMSETH, R. & SOLLI-SÆTHER, H. 2011. Information management for investigation and prevention of white-collar crime. International Journal of Information Management, 31, 226-233. GUO, Y. & SLAY, J. 2010. Testing Forensic Copy Function of Computer Forensics Investigation Tools. Journal of Digital Forensic Practice, 3, 46-61. HAGGERTY, J. & TAYLOR, M. 2006. Managing corporate computer forensics. Computer Fraud & Security, 2006, 14- 16.
  19. 19. HANKINS, R., UEHARA, T. & LIU, J. A comparative study of forensic science and computer forensics. 2009. IEEE, 230-239. HANNAN, M., FRINGS, S., BROUCEK, V. & TURNER, P. Forensic Computing Theory & Practice: Towards developing a methodology for a standardised approach to Computer misuse. 1st Australian Computer, Network and Information Forensics Conference, Perth, WA, Australia, 2003. HARRISON, W. 2006. A term project for a course on computer forensics. Journal on Educational Resources in Computing (JERIC), 6, 6. HIBSHI, H., VIDAS, T. & CRANOR, L. Usability of forensics tools: a user study. IT Security Incident Management and IT Forensics (IMF), 2011 Sixth International Conference on, 2011. IEEE, 81-91. HUANG, J., YASINSAC, A. & HAYES, P. J. Knowledge Sharing and Reuse in Digital Forensics. 2010. IEEE, 73-78. HUEBNER, E., BEM, D. & BEM, O. 2007. Computer Forensics–Past, Present And Future. Information security Technical report, 8, 32-46. HUEBNER, E., BEM, D. & CHEUNG, H. 2010. Computer Forensics Education–the Open Source Approach. Open Source Software for Digital Forensics, 9-23. HUEBNER, E., BEM, D. & RUAN, C. Computer forensics tertiary education in Australia. 2008. IEEE, 1383-1387. HUEBNER, E., BEM, D. & WEE, C. K. 2006. Data hiding in the NTFS file system. digital investigation, 3, 211-226. HUEBNER, E. & ZANERO, S. 2010. Open source software for digital forensics, Springer HUNTON, P. 2012. Managing the technical resource capability of cybercrime investigation: a UK law enforcement perspective. Public Money & Management, 32, 225-232. IRONS, A., STEPHENS, P. & FERGUSON, R. 2009. Digital Investigation as a distinct discipline: A pedagogic perspective. Digital Investigation, 6, 82-90. J CRELLIN, J., ADDA, M. DUKE-WILLIAMS, E. Virtual Worlds for Simulation in Computer Forensics Teaching. 2011. JIGANG, L. Developing an Innovative Baccalaureate Program in Computer Forensics. 2006. 1-6. KABAY, M. E. 2003. Crime, Use of Computers in. In: EDITOR-IN-CHIEF: HOSSEIN, B. (ed.) Encyclopedia of Information Systems. New York: Elsevier. KESSLER, G. C. & HAGGERTY, D. Pedagogy and Overview of a Graduate Program in Digital Investigation Management. Hawaii International Conference on System Sciences, Proceedings of the 41st Annual, 2008. IEEE, 481-48 KESSLER, G. C. & SCHIRLING, M. E. 2006. The design of an undergraduate degree program in computer & digital forensics. Journal of Digital Forensics, Security, and Law, 3, 37-50. LACEY, T. H., PETERSON, G. L. & MILLS, R. F. The Enhancement of Graduate Digital Forensics Education via the DC3 Digital Forensics Challenge. System Sciences, 2009. HICSS '09. 42nd Hawaii International Conference on, 5-8 Jan. 2009 2009. 1-9.
  20. 20. LAWRENCE, K. R. & CHI, H. Framework for the design of web-based learning for digital forensics labs. Proceedings of the 47th Annual Southeast Regional Conference, 2009. ACM, 76. LEE, J., UN, S. & HONG, D. Improving Performance in Digital Forensics: A Case Using Pattern Matching Board. Availability, Reliability and Security, 2009. ARES'09. International Conference on, 2009. IEEE, 1001-1005. LIN, Y. C. 2008. Study of computer forensics from a cross-cultural perspective: Australia and Taiwan. Ph. D. Dissertation, University of South Australia. LISTER, R., BERGLUND, A., BOX, I., COPE, C., PEARS, A., AVRAM, C., BOWER, M., CARBONE, A., DAVEY, B. & DE RAADT, M. Differing ways that computing academics understand teaching. 2007. Australian Computer Society, Inc., 97-106. LIU, J. Developing an innovative baccalaureate program in computer forensics. 2006. IEEE, 1-6. LIU, J. 2010. Implementing a baccalaureate program in computer forensics. Journal of Computing Sciences in Colleges, 25, 101-109. LIU, J. & UEHARA, T. Computer forensics in Japan: a preliminary study. 2009. IEEE, 1006-1011. LIU, J., UEHARA, T. & SASAKI, R. 2011. Development of digital forensics practice and research in Japan. Wireless Communications and Mobile Computing, 11, 240-253. LOGAN, P. Y. & CLARKSON, A. Teaching students to hack: curriculum issues in information security. ACM SIGCSE Bulletin, 2005. ACM, 157-161. MANZANO, Y. Software Forensics Overview. MANSON, D., CARLIN, A., RAMOS, S., GYGER, A., KAUFMAN, M. & TREICHELT, J. Is the open way a better way? Digital forensics using open source tools. System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, 2007. IEEE, 266b-266b. MAXWELL, K. D., LOKAN, C., WRIGHT, T., HILL, P. R., STRINGER, M., HEIRES, J. T., FOGLE, S., LOULIS, C., NEUENDORF, B. & THOMAS, G. C. Benchmarking Software Organizations. MCGUIRE, T. J. & MURFF, K. N. 2006. Issues in the development of a digital forensics curriculum. J. Comput. Sci. Coll., 22, 274-280. MENNELL, J. 2006. The future of forensic and crime scene science: Part II. A UK perspective on forensic science education. Forensic science international, 157, S13-S20. MEYERS, M. 2005. Computer Forensics: Towards Creating A Certification Framework. M. Sc. Diss., Centre for Education and Research in Information Assurance and Security, Purdue University, West Lafayette, IN. MEYERS, M. 2005. CERIAS Tech Report 2005-28 COMPUTER FORENSICS: TOWARDS CREATING A CERTIFICATION FRAMEWORK. EYERS, M. & ROGERS, M. 2004. Computer forensics: the need for standardization and certification. International Journal of Digital Evidence, 3, 1-11.
  21. 21. MEYERS, M. & ROGERS, M. 2005. Digital forensics: meeting the challenges of scientific evidence. Advances in Digital Forensics, 43-50. NANCE, K., ARMSTRONG, H. & ARMSTRONG, C. Digital forensics: Defining an education agenda. 2010. IEEE, 1-10. OWEN, P. & THOMAS, P. 2011. An analysis of digital forensic examinations: Mobile devices versus hard disk drives utilising ACPO & NIST guidelines. Digital Investigation, 8, 135-140. OSTERBURG, J. W. & WARD, R. H. 2010. Chapter 13 - Reconstructing the Past: Methods, Evidence, Examples. Criminal Investigation (Sixth Edition). Boston: Anderson Publishing, Ltd. PASHEL, B. A. Teaching students to hack: ethical implications in teaching students to hack at the university level. Proceedings of the 3rd annual conference on Information security curriculum development, 2006. ACM, 197-200. PETERSON, G., RAINES, R. & BALDWIN, R. Graduate Digital Forensics Education at the Air Force Institute of Technology. System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, 2007. IEEE, 264c-264c. PETERSON, G. L., RAINES, R. A. & BALDWIN, R. O. Graduate Digital Forensics Education at the Air Force Institute of Technology. System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, Jan. 2007 2007. 264c-264c. PHILIP, C., LUCILLE, P., CARRIE, W., MARK, P. & RONALD, E. Master's Degree in Digital Forensics. System Sciences, 2007. HICSS 2007. 40th Annual Hawaii International Conference on, Jan. 2007 2007. 264b-264b. POLLITT, M., CALOYANNIDES, M., NOVOTNY, J. & SHENOI, S. 2004. Digital forensics: operational, legal and research issues. Data and Applications Security XVII, 393-403. POLLITT, M., NANCE, K., HAY, B., DODGE, R. C., CRAIGER, P., BURKE, P., MARBERRY, C. & BRUBAKER, B. 2008. Virtualization and digital forensics: a research and education agenda. Journal of Digital Forensic Practice, 2, 62-73. POLLITT, M. M. 1995. Principles, practices, and procedures: an approach to standards in computer forensics. Second International Conference on Computer Evidence, 10-15. ROGERS, M. 2003. Computer forensics: Science or fad. Security Wire Digest, 5. ROGERS, M. 2003. The role of criminal profiling in the computer forensics process. Computers & Security, 22, 292- 298. ROGERS, M. & MEYERS, M. 2010. Digital Forensics: Meeting the Challenges of Scientific Evidence. IFIP International Federation for Information Processing, 194. ROGERS, M. K. The Future of Digital Forensics: Challenges and Opportunities. ROGERS, M. K. & SEIGFRIED, K. 2004. The future of computer forensics: a needs analysis survey. Computers & Security, 23, 12-16. SAHAMI, M., ROACH, S., CUADROS-VARGAS, E. & REED, D. Computer science curriculum 2013: reviewing the strawman report from the ACM/IEEE-CS task force. Proceedings of the 43rd ACM technical symposium on Computer Science Education, 2012. ACM, 3-4.
  22. 22. SALT, D. W., LALLIE, H. S. & LAWSON, P. STUDYING FIRST YEAR FORENSIC COMPUTING: MANAGING THE STUDENT EXPERIENCE. SHINDER, L. & CROSS, M. 2008. Chapter 16 - Building the Cybercrime Case. Scene of the Cybercrime (Second Edition). Burlington: Syngress. SIMMONS, M. & CHI, H. Designing and implementing cloud-based digital forensics hands-on labs. Proceedings of the 2012 Information Security Curriculum Development Conference, 2012. ACM, 69-74. SIMON, M. & SLAY, J. Forensic Computing Training, Certification and Accreditation: An Australian Overview. Fifth World Conference on Information Security Education, 2007. Springer, 105-112. SIMPSON, J., SIMPSON, M., ENDICOTT-POPOVSKY, B. & POPOVSKY, V. 2010. Secure Software Education: A Contextual Model-Based Approach. International Journal of Secure Software Engineering (IJSSE), 1, 35-61. SOMMER, P. 1997. Downloads, logs and captures: Evidence from cyberspace. Journal of Financial Crime, 5, 138- 151. SOMMER, P. 1998. Digital footprints: Assessing computer evidence. Criminal Law Review, 12, 61-78. SOMMER, P. 2002. Downloads, Logs and Captures: Evidence from Cyberspace. CTLR-OXFORD-, 8, 33-42. SOMMER, P. 2004. The future for the policing of cybercrime. Computer Fraud & Security, 2004, 8-12. SOMMER, P. 2004. The challenges of large computer evidence cases. Digital Investigation: The International Journal of Digital Forensics & Incident Response, 1, 16-17. SOMMER, P. 2010. Forensic science standards in fast-changing environments. Science & Justice, 50, 12-17. SOMMER, P. 2011. Certification, registration and assessment of digital forensic experts: The UK experience. Digital investigation, 8, 98-105. SZEŻYŃSKA, M., HUEBNER, E., BEM, D. & RUAN, C. 2009. Methodology and Tools of IS Audit and Computer Forensics–The Common Denominator. Advances in Information Security and Assurance, 110-121. TAYLOR, C., ENDICOTT-POPOVSKY, B. & FRINCKE, D. A. 2007. Specifying digital forensics: A forensics policy approach. digital investigation, 4, 101-104. TAYLOR, C., ENDICOTT-POPOVSKY, B. & PHILLIPS, A. Forensics education: Assessment and measures of excellence. 2007. IEEE, 155-165. THOMAS, P., TRYFONAS, T. & SUTHERLAND, I. AN ANALYSIS OF THE CURRICULUM COMPONENTS OF COMPUTER FORENSICS UNDERGRADUATE COURSES IN THE UNITED KINGDOM. ITALICS Volume 8 (1) February 2009, 39. TU, M., CRONIN, K., XU, D. & WIRA, S. On the Development of Digital Forensics Curriculum. WANG, Y., CANNADY, J. & ROSENBLUTH, J. 2005. Foundations of computer forensics: A technology for the fight against computer crime. Computer Law & Security Review, 21, 119-127.
  23. 23. WASSENAAR, D., WOO, D. & WU, P. 2009. A certificate program in computer forensics. Journal of Computing Sciences in Colleges, 24, 158-167 WHITE, J. H., LESTER, D., GENTILE, M. & ROSENBLEETH, J. 2011. The utilization of forensic science and criminal profiling for capturing serial killers. Forensic Science International, 209, 160-165. WOODS, K., LEE, C., GARFINKEL, S., DITTRICH, D., RUSSELL, A. & KEARTON, K. 2011. Creating realistic corpora for forensic and security education. 2011 ADFSL conference on digital forensics, security and law. Richmond, VA: Elsevier. WOODS, K., LEE, C. A. & GARFINKEL, S. Extending digital repository architectures to support disk image preservation and access. 2011. ACM, 57-66. WOODS, K., LEE, C. A., GARFINKEL, S., DITTRICH, D., RUSSELL, A. & KEARTON, K. 2011. Creating Realistic Corpora for Security and Forensic Education. DTIC Document. YASINSAC, A. & BURMESTER, M. 2005. Centers of academic excellence: a case study. Security & Privacy, IEEE, 3, 62-65. YASINSAC, A., ERBACHER, R. F., MARKS, D. G., POLLITT, M. M. & SOMMER, P. M. 2003. Computer forensics education. Security & Privacy, IEEE, 1, 15-23. ZHOU, Y. & JIANG, K. An Analysis System for Computer Forensic Education, Training, and Awareness. Computing, Measurement, Control and Sensor Network (CMCSN), 2012 International Conference on, 2012. IEEE, 48-51.
  24. 24. Appendix

×