Forensics by 7RZQPQld

VIEWS: 12 PAGES: 15

									       Computer Forensics:
Data Collection, Analysis and Preservation




    Kikunda Eric Kajangu, Cher Vue, and John Mottola
                     ITIS-3200-001
Computer Forensics defined:

  The use of analytical and investigative
  techniques to identify, collect, examine and
  preserve evidence/information which is
  magnetically stored or encoded.
      Industry companies interested
          in computer forensics
   Guidance Software (http://www.guidancesoftware.com)
    ◦ They are the creators of the popular GUI-based forensic tool
      “EnCase”.
   Digital Intelligence, Inc. (http://www.digitalintel.com/)
    ◦ Digital Intelligence designs and builds computer forensic
      software and hardware. They also offer free forensic utility
      software for law enforcement.
   IVIZE Data Center: (http://www.ivize.net).
    ◦ They provide several litigation support services including
      Electronic Data Discovery
Three main concepts
   Data collection

   Data analysis

   Data preservation
Data Collection
   Research challenges
    ◦ Gathering data
      Ensuring the data is relevant and complete
      Obtaining volitile data
      Obtaining deleted and changed files
    ◦ Lack of trained professionals
      Computer Forensics is a relatively new field
      Threat of System administrators corrupting data
      No standards
Data Collection
   Evolution of data collection
    ◦ Mid 1980’s
       X-Tree Gold and Norton Disk Edit
         Limited to recovering lost or deleted files
    ◦ 1990’s
       Specialized tools began to appear
         Tools to perform Network investigations
    ◦ 1999
       Boot to floppy and write to alternative media
         Very slow transfer rate. (1GB/hr)
    ◦ Current
       Many tools to choose from
         GUI and Command Line Tools are available
         Fast and efficient
Data Analysis
 The main problem when dealing with electronic data analysis
  is not only the size that can easily reach a very large volume
  to manage, but also the different number of the application
  associated with those files.
 Electronic Data Discovery :
      - e-mail, Microsoft Office files, accounting databases,…
      - other electronically-stored information which could be relevant
      evidence in a law suit.
   Tools to analyze electronic data in computer forensics :
    ◦ - Needle Finder:
      use a special .NET framework application in conjunction with a SQL
      database to process hundreds of file types and emails simultaneously
      and pinpoint pertinent, requested information for analysis.
    ◦ - E-Discovery
Data Preservation
 Data should never be analyzed using the same
  machine it is collected from
 Forensically sound copies of all data storage devices,
  primarily hard drives, must bet made.
 There are two goals when making an image
    ◦ Completeness
    ◦ Accuracy
   This is done by using standalone hard-drive duplicator
    or software imaging tools such as DCFLdd or
    Iximager
Research Challenges: What are the
  essential problems in this field

   Training

   Operational Standards

   International Standardization
Training
 Law enforcement personnel should be
  trained to handle it
 Network operators should also be
  trained, to improve their abilities in
  intrusion detection,
 Lawyers should receive some training to
  give a basic understanding of computer
  evidence.
Operational Standards
   Basic guidelines for the evidence
    collection process to be established
    ◦   Planning
    ◦   Recording
    ◦   Performance
    ◦   Monitoring
    ◦   Recording
    ◦   Reporting
International Standardization
 Different countries each have their own
  methods, standards, and laws
 What is acceptable evidence in one
  country may not be in another
 Serious problem when dealing with
  international crimes, as computer crime
  often is
    Conclusions and future work
 Even though it is a fascinating field, due to the nature
  of computers, far more information is available than
  there is time to analyze.
 The main emphasis of future work is on recovery of
  data.
 To improve ways to:
    ◦ Identify the evidence
    ◦ Determine how to preserve the evidence
    ◦ Extract, process, and interpret the evidence
    ◦ Ensure that the evidence is acceptable in a court of law
                          Works Cited
   "5 Common Mistakes in Computer Forensics." Online Security. 25 June 2003. 14
    Nov.-Dec. 2007 <http://www.onlinesecurity.com/forum/article279.php>.
   "Computer Forensics." Digitalintelligence. 2007. 20 Oct. 2007
    <http://www.digitalintel.com/>.
   "Computer Forensics." Disklabs. 2004. 15 Oct. 2007
    <http://www.disklabs.com/computer-forensics.asp>.
   "Computer Forensics." Techtarget. 16 Dec. 2003. 25 Oct. 2007
    <http://labmice.techtarget.com/security/forensics.htm>.
   "Computer Forensics." Wikipedia. 26 Nov. 2007. 28 Nov. 2007
    <http://en.wikipedia.org/wiki/Computer_forensics>.
   Dearsley, Tony. "United States: Computer Forensics." Mondaq. 14 June 2007. 22 Oct.
    2007 <http://www.mondaq.com/article.asp?articleid=48322>.
   Garner, George M. "Forensic Acquisition Utilities." Gmgsystemsinc. 2007. 11 Nov.
    2007 <http://www.gmgsystemsinc.com/fau/>.
   "International High Technology." Htcia. 2007. 28 Oct. 2007 <http://htcia.org/>.
   “Computer Forensics-A Critical Need In Computer Science Programs”
   <http://www.scribd.com/doc/131838/COMPUTER-FORENSICS-A-CRITICAL-
    NEED-IN-COMPUTER>
   “Computer Forensics Laboratory and Tools”
    <http://www.scribd.com/doc/136793/COMPUTER-FORENSICS-LABORATORY-
    AND-TOOLs>
                          Works Cited
   Ispirian. "Following Procedure." Hgexperts. 2007. 01 Nov. 2007
    <http://www.hgexperts.com/hg/article.asp?id=4804>.
   Monica. "A Community of Computer Forensics Professionals."
    Computerforensicsworld. 26 Aug. 2007. 09 Nov. 2007
    <http://www.computerforensicsworld.com/>.
   Morris, Jamie. "Computer Forensics Tools." Ezinearticles. 27 Oct. 2006. 28 Oct. 2007
    <http://ezinearticles.com/?Computer-Forensics-Tools&id=340154>.
   Reuscher, Dori. "How to Become a Cyber-Investigator." About. 2007. 16 Nov. 2007
    <http://certification.about.com/cs/securitycerts/a/compforensics.htm>.
   Robinson, Judd. "An Explanation of Computer Forensics." Computerforensics. 2007.
    26 Oct. 2007 <http://computerforensics.net/forensics.htm>.
   Swartz, Jon. "Cybercrime Spurs College Courses in Digital Forensics." Usatoday. 06
    June 2006. 14 Nov. 2007
    <http://www.usatoday.com/tech/news/techinnovations/2006-06-05-digital-
    forensics_x.htm>.
   LaBancz, Melissa. “Expert vs. Expertise: Computer Forensics and the Alternative OS”
    <http://www.linuxsecurity.com/content/view/117371/171>
   “Computer Forensics – Past, Present And Future”
    <http://www.scm.uws.edu.au/compsci/computerforensics/Publications/Computer_F
    orensics_Past_Present_Future.pdf>

								
To top