cse 469 computer and network forensics
play

CSE 469: Computer and Network Forensics Topic 1: Forensics Intro - PowerPoint PPT Presentation

Aug 28, 2023 •406 likes •1.32k views

CSE 469: Computer and Network Forensics Topic 1: Forensics Intro Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics General Forensic Science CSE 469: Computer and Network Forensics Definition Forensic Science is the

  1. CSE 469: Computer and Network Forensics Topic 1: Forensics Intro Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics

  2. General Forensic Science CSE 469: Computer and Network Forensics

  3. Definition ● Forensic Science is the application of science to those criminal and civil laws that are enforced by police agencies in a criminal justice system. 3 CSE 469: Computer and Network Forensics

  4. What is Forensics / Forensic Science ● Chemistry ● Biology ● Physics ● Geology ● Places physical evidence into a professional discipline. 4 CSE 469: Computer and Network Forensics

  5. History of Forensics / Forensic Science ● Sir Arthur Conan Doyle ● Popularized physical detection methods in a crime scene ● Developed the character Sherlock Holmes ● Publications from 1887 to 1927 5 CSE 469: Computer and Network Forensics

  6. History of Forensics / Forensic Science 6 CSE 469: Computer and Network Forensics

  7. Forensics / Forensic Science 7 CSE 469: Computer and Network Forensics

  8. Alphonse Bertillon (1853 – 1914) ● Father of Criminal Detection ● Devised the first scientific system of personal identification, using body measurements known as anthropometry in 1879 8 CSE 469: Computer and Network Forensics

  9. Francis Galton (1822 – 1911) ● Conducted the first definitive study of fingerprints and their classification. ● 1892 – Treatise entitled Finger Prints 9 CSE 469: Computer and Network Forensics

  10. Leone Lattes (1887 – 1954) ● Devised a simple procedure for determining the blood type (A,B,O,AB) of a dried bloodstain 10 CSE 469: Computer and Network Forensics

  11. Calvin Goddard (1891 – 1955) ● Used a comparison microscope to determine if a bullet was fired from a specific gun ● Published study of “tool marks” on bullets 11 CSE 469: Computer and Network Forensics

  12. Sir Alec Jeffreys ● Early 1980s: Restriction Fragment Length Polymorphism (RFLP) ● DNA fingerprinting 12 CSE 469: Computer and Network Forensics

  13. Printer & Scanner Forensics 13 CSE 469: Computer and Network Forensics

  14. Computer Crime CSE 469: Computer and Network Forensics

  15. What is Computer Crime? ● A crime in which ● 3 generic categories technology plays an Computer assisted ● e.g., fraud, child ● important, and ofuen a pornography necessary, part. Computer specific or targeted ● e.g., denial of service, ● sniffers, unauthorized ● What about the access Computer incidental computer? ● e.g., customer lists for ● the tool used in an attack ● traffickers the target of an attack ● used to store data related to ● criminal activity 15 CSE 469: Computer and Network Forensics

  16. Tor ● The Onion Router ● For anonymous Internet communication ● Bypass censorship ● Host web sites that can only be visited via Tor ● Darknet ● Not indexed by Google (surface web) ● Not the same as Deep web (facebook) 16 CSE 469: Computer and Network Forensics

  17. Tor 17 CSE 469: Computer and Network Forensics

  18. Silk Road 18 CSE 469: Computer and Network Forensics

  19. Silk Road ● Silk Road did $1.2 billion worth of business between February of 2011 and July of 2013, the FBI says, earning Dread Pirate Roberts $79.8 million in commissions using current Bitcoin rates. ● Ross Ulbricht (born in 1984), alleged operator of the Silk Road Marketplace, arrested by the FBI on Oct 1, 2013. = ? 19 CSE 469: Computer and Network Forensics

  20. Other Underground Markets Fake IDs Rent-A-Botnet Ads 20 CSE 469: Computer and Network Forensics

  21. How big is the problem? ● Average armed bank robbery Nets $7,500 ($60M annual) ● 16% of money recovered ● 80% of offenders are behind bars ● ● White collar computer crimes take in about $10B annually Less than 5% offenders go to jail ● Juries consider this a non-violent crime ● Criminal statutes vary internationally ● From Gary Kessler at Champlain College 21 CSE 469: Computer and Network Forensics

  22. How big is the problem? ● Billions of pwned accounts. ● Thousands (millions?) of breaches. ● What really scares me: How will the aggregation of all my ● breached information be used against: Me? ● My family? ● My employer? ● My country? ● My criminal record (or lack thereof)? ● ... ● 22 CSE 469: Computer and Network Forensics

  23. It Gets Worse... 23 CSE 469: Computer and Network Forensics

  24. Brief History of Digital Forensics ● Roots of digital forensics go back to roughly 1970, but... Originally data recovery ● Late 1980s - Norton & Mace Utilities provided "Unformat, Undelete." ● ● Early days were marked by: Diversity — Hardware, Sofuware & Application ● Proliferation of file formats ● Heavy reliance on time-sharing and centralized computing ● Absence of formal process, tools & training ● ● Forensics of end-user systems was hard, but it didn't matter much. Most of the data was stored on centralized computers. ● Experts were available to assist with investigations. ● There wasn't much demand! ● 24 CSE 469: Computer and Network Forensics Source: Simson Garfinkel’s slides for his paper “Digital Forensics Research: The Next 10 Years”, available on the DFRWS website.

  25. Law Enforcement Investigations ● Until 1993 , laws defining computer crimes did not exist ● Analogies between existing law and cyber crime were incomplete and ofuen flawed ● States have since added specific language to their criminal codes to define crimes that involve computers ● Crimes that have proliferated because of computers: Child pornography (Easy access and storage, Anonymity) ● Child abuse & bullying ● Financial fraud ● Identify thefu ● Coordinating drug activity ● 25 CSE 469: Computer and Network Forensics

  26. The Golden Age of Digital Forensics: 1999-2007 ● Widespread use of Microsofu Windows, especially Windows XP ● Relatively few file formats: Microsofu Office (.doc, .xls & .ppt) ● JPEG for images ● AVI and WMV for video ● ● Most examinations confined to a single computer belonging to a single subject ● Most storage devices used a standard interface. IDE/ATA ● USB ● 26 CSE 469: Computer and Network Forensics Source: Simson Garfinkel’s slides for his paper “Digital Forensics Research: The Next 10 Years”, available on the DFRWS website.

  27. The Golden Age of Digital Forensics: 1999-2007 ● This Golden Age gave us good tools and rapid growth. ● Commercial tools: FTK ● EnCase ● ● Open source tools: The Sleuth Kit ● ● Content Extraction Toolkits 27 CSE 469: Computer and Network Forensics Source: Simson Garfinkel’s slides for his paper “Digital Forensics Research: The Next 10 Years”, available on the DFRWS website.

  28. Digital Forensics Crisis (1) 1. Dramatically increased costs of extraction and analysis ● Huge storage, non-removable flash, proliferation of operating systems and file formats, multiple devices and services with important data. 2. Encryption and cloud computing ● Pervasive encryption, end-user systems don’t have the data, RAM-based malware, and new legal challenges. 28 CSE 469: Computer and Network Forensics Source: Simson Garfinkel’s slides for his paper “Digital Forensics Research: The Next 10 Years”, available on the DFRWS website.

  29. Digital Forensics Crisis (2) 3. Mobile phones ● Bit-copies can no longer be the gold standard, difficult to validate tools against thousands of phones or millions of apps, no standard extraction protocols. 4. RAM and hardware forensics is really hard ● Malware can hide in many places: disk, BIOS, firmware, RAID controllers, GPU, motherboard... 5. Tools and training simply can’t keep up! 29 CSE 469: Computer and Network Forensics Source: Simson Garfinkel’s slides for his paper “Digital Forensics Research: The Next 10 Years”, available on the DFRWS website.

  30. Digital Forensics: Basics CSE 469: Computer and Network Forensics

  31. Digital Forensics: Objectives (1) ● Digital forensics involves data retrieved from a suspect’s: ● Hard drive ● Other storage media also: NOTE: The data might be ● Cell phones ● Hidden ● ● Flash drives Encrypted ● Fragmented ● Cloud services ● Deleted ● Cars ● Outside the normal ● Thermostats file structure ● Smart speakers 31 CSE 469: Computer and Network Forensics

  32. Digital Forensics: Objectives (2) ● Figure out what happened, when , and who was responsible. ● Computer forensics is a discipline dedicated to the collection of computer evidence for judicial purposes. Source: EnCase Legal Journal ● ● Computer forensics involves the preservation, identification, extraction, documentation and interpretation of computer data. Source: Kruse and Heiser, Computer Forensics Incident Response ● Essentials ● Must be able to show proof 32 CSE 469: Computer and Network Forensics

  33. Understanding Digital Forensics ● Digital forensics involves: a. Obtaining and analyzing b. digital information c. for use as evidence d. in civil, criminal, or administrative cases. ● Critical condition: a. Obtaining evidence covered by the Fourth Amendment to the U.S. Constitution b. Protects everyone’s rights to be secure in their person, residence, and property from search and seizure . 33 CSE 469: Computer and Network Forensics

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Forensics for Graphics Files Types of graphics file formats Type of data compression How to locate

362 views • 25 slides
CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Overview of Mobile Forensics Originated in Europe and focused on the GSM SIM card. Roaming of Devices

694 views • 17 slides
CSE 469: Computer and Network Forensics Topic 8: Cloud and Web Forensics Dr. Mike Mabey | Spring

CSE 469: Computer and Network Forensics Topic 8: Cloud and Web Forensics Dr. Mike Mabey | Spring

CSE 469: Computer and Network Forensics Topic 8: Cloud and Web Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics What is The Cloud? A computing storage system that provides on-demand network access for

613 views • 25 slides
CSE 469: Computer and Network Forensics Topic 6: Email Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 6: Email Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 6: Email Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Email System Components User agents / Webmail: Composing, editing, and reading mail messages. Mail

687 views • 49 slides
CSE 469: Computer and Network Forensics Topic 3: Drives, Volumes, and Files Dr. Mike Mabey |

CSE 469: Computer and Network Forensics Topic 3: Drives, Volumes, and Files Dr. Mike Mabey |

CSE 469: Computer and Network Forensics Topic 3: Drives, Volumes, and Files Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Review: Base Conversion, Endianness, and Data Structures 2 CSE 469: Computer and Network

974 views • 84 slides
CSE 469: Computer and Network Forensics Topic 0: Course Overview Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 0: Course Overview Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 0: Course Overview Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Instructor Dr. Mike Mabey Alumnus of ASU (MS & PhD) Adjunct / Faculty Associate Full time

585 views • 25 slides
CSE 469: Computer and Network Forensics Topic 2: Evidence Acquisition Dr. Mike Mabey | Spring

CSE 469: Computer and Network Forensics Topic 2: Evidence Acquisition Dr. Mike Mabey | Spring

CSE 469: Computer and Network Forensics Topic 2: Evidence Acquisition Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Acquisition First step in the forensic process: Copy the evidence/data without altering or

629 views • 26 slides
2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York

2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York

2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York computer forensics firm found that 40% of the hard disk drives it recently purchased in bulk orders on eBay contained personal, private and sensitive

884 views • 70 slides
CSE 469: Computer and Network Forensics Topic 4: File Systems Dr. Mike Mabey | Spring 2019 CSE

CSE 469: Computer and Network Forensics Topic 4: File Systems Dr. Mike Mabey | Spring 2019 CSE

CSE 469: Computer and Network Forensics Topic 4: File Systems Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics My Sources https://smile.amazon.com/Underst https://smile.amazon.com/System-

697 views • 46 slides
CSE 469: Computer and Network Forensics Topic 9: Semester Review Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 9: Semester Review Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 9: Semester Review Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Review: Topic 1: Forensics Intro Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics

1.75k views • 142 slides
When We Need Audit Logs Computer forensics in courts Recovering from an attack

When We Need Audit Logs Computer forensics in courts Recovering from an attack

Systematic and Practical Methods for Computer Attack Analysis and Forensics Dr. Sean Peisert UC Davis Computer Science Dept. NSF I/UCRC Meeting ~ Davis, CA June 17, 2008 1 When We Need Audit Logs Computer forensics in courts

524 views • 11 slides
Team Cymru Cymru Team Network Forensics Ryan Connolly, ryan@cymru.com

Team Cymru Cymru Team Network Forensics Ryan Connolly, ryan@cymru.com

Team Cymru Cymru Team Network Forensics Ryan Connolly, ryan@cymru.com <http://www.cymru.com> Network Forensics what does it mean? network forensics is the analysis of network events in order to discover the source of problem

997 views • 43 slides
Nuix Workshop Introduction to Forensics W HAT IS C OMPUTER F ORENSICS ? Computer

Nuix Workshop Introduction to Forensics W HAT IS C OMPUTER F ORENSICS ? Computer

Nuix Workshop Introduction to Forensics W HAT IS C OMPUTER F ORENSICS ? Computer forensics, also called cyber forensics, is the applica6on of scien6fic method to computer

464 views • 33 slides
The Bro Network Security Monitor Network Forensics with Bro Matthias Vallentin UC Berkeley /

The Bro Network Security Monitor Network Forensics with Bro Matthias Vallentin UC Berkeley /

The Bro Network Security Monitor Network Forensics with Bro Matthias Vallentin UC Berkeley / ICSI vallentin@icir.org Bro Workshop 2011 NCSA, Champaign-Urbana, IL Outline 1. The Bro Difference 2. Abstract Use Cases 3. From Post-Facto to

530 views • 23 slides
Carney Forensics How to Keep a Network Safe at Little to No Cost Minnesota CLE: Paralegal Program

Carney Forensics How to Keep a Network Safe at Little to No Cost Minnesota CLE: Paralegal Program

Carney Forensics How to Keep a Network Safe at Little to No Cost Minnesota CLE: Paralegal Program September 18, 2018 John J. Carney, Esq. Carney Forensics Cybersecurity & Legal Ethics Four Basic ABA Model Rules that Govern Rule 1.1

510 views • 27 slides
Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer

Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer

Introduction to Digital Forensics Introduction Why is the Study of Digital Forensics Relevant? What is Digital/Computer Forensics? What do you Need for a Careers in Computer Digital Forensics? Educational Background

509 views • 29 slides
Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht

Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht

Automated Theorem Proving 1/4: Introduction and Propositional Theorem Proving A.L. Lamprecht Course Program Semantics and Verfication 2020, Utrecht University September 21, 2020 Lecture Notes Automated Reasoning by Gerard A.W. Vreeswijk.

609 views • 40 slides
Solving Mysteries with Rare Kaon Decays 2/8 Douglas Bryman University of British Columbia 1

Solving Mysteries with Rare Kaon Decays 2/8 Douglas Bryman University of British Columbia 1

Solving Mysteries with Rare Kaon Decays 2/8 Douglas Bryman University of British Columbia 1 Tevatron LHC; TeV Energy Scale New Physics High Mass High Mass Scales? Scales? Rare Decays and CP violation COSMOLOGICAL Symmetry

481 views • 31 slides
Introduction to Cybersecurity Prof. Dr. Michael Backes Director, CISPA Center for IT Security,

Introduction to Cybersecurity Prof. Dr. Michael Backes Director, CISPA Center for IT Security,

Introduction to Cybersecurity Prof. Dr. Michael Backes Director, CISPA Center for IT Security, Privacy, and Accountability Chair for IT-security & Cryptography Organisation Course Registration / Course Number (97380) - Register both

929 views • 71 slides
Narrative Points of View revised 02.05.13 || English 1302: Composition & Rhetoric II || D.

Narrative Points of View revised 02.05.13 || English 1302: Composition & Rhetoric II || D.

Narrative Points of View revised 02.05.13 || English 1302: Composition & Rhetoric II || D. Glen Smith, instructor Narration The Point of View, or Narrative voice, consists of the recital of events which unfold the sequence of cause and effect

280 views • 8 slides
Occams Razor Sampling Bias : generate the data carefuly Data Snooping : handle the data

Occams Razor Sampling Bias : generate the data carefuly Data Snooping : handle the data

recap: Validation and Cross Validation Validation Cross Validation D ( N ) D 1 D 2 D N D train Learning From Data D ( N K ) g 1 g 2 g N Lecture 14 ( x 1 , y 1 ) ( x 2 , y 2 ) ( x N , y N ) Three Learning Principles D

486 views • 15 slides
Constructing Social Networks of Irish and British Fiction, 1800-1922 Derek Greene School of

Constructing Social Networks of Irish and British Fiction, 1800-1922 Derek Greene School of

Constructing Social Networks of Irish and British Fiction, 1800-1922 Derek Greene School of Computer Science University College Dublin Nation, Genre and Gender Project Research project funded by Irish Research Council in 2013.

1.56k views • 22 slides
Informatics 1: Data & Analysis Lecture 13: Annotation of Corpora Ian Stark School of

Informatics 1: Data & Analysis Lecture 13: Annotation of Corpora Ian Stark School of

Informatics 1: Data & Analysis Lecture 13: Annotation of Corpora Ian Stark School of Informatics The University of Edinburgh Friday 8 March 2013 Semester 2 Week 7 N I V E U R S E I H T T Y O H F G R E

861 views • 31 slides
Applications of in Forensic Science Pushing Out the Frontiers Nick D. K. Petraco and Many

Applications of in Forensic Science Pushing Out the Frontiers Nick D. K. Petraco and Many

Applications of in Forensic Science Pushing Out the Frontiers Nick D. K. Petraco and Many Others John Jay College of Criminal Justice ! Outline Admissibility of Scientific Evidence is a problem! Frye and the Daubert Standards

469 views • 33 slides

More recommend