Computer Forensics references
by Steve Teicher
Modern computer networks have become indispensable in our society. Both our working life and our leisure life depend on electronic connectivity to access the stored data that tells much about our lives. However, the same networks that we depend to authorize our credit purchases, personalize our shopping needs and track our credit profiles, also provide new age criminals the access to the stored data that detail many important areas of our life.
See abstract (in text format) about Digital forensics (as a Word document) and an idea.
Clouds on ... (text format) or in pdf format if you so desire. Computer forensics by cs 460 team of students, 2008.
Take the sample exam to see how much you know about forensics.
Computer and Network Forensics after 9/11 1 Key Issues 1.1 Types of Crimes 1.2 Pre-emptive versus Reactive 1.3 Legal Evidence 1.4 Technical Issues 1.5 Resources 1.5.1 Within Law Enforcement 1.5.2 Within Private Organizations 1.6 Multinational Issues 1.6.1 Evidence can be stored outside US jurisdiction 1.6.2 What can be gathered depends upon multinational treaties 2 Types of Crimes 2.1 Theft 2.1.1 Direct Theft 2.1.2 Exposure of Private Information 22.214.171.124 Medical Records 126.96.36.199 Financial Records 188.8.131.52 Financial Instruments 2.1.3 Espionage 2.2 Pornography 2.2.1 Child Porn 2.2.2 Adult Solicitation 2.3 Defacing 2.4 Destruction of Capabilities 2.5 Defamation of Character 2.6 Grand Interruption of Public Services 2.6.1 911 Systems 2.6.2 Air Traffic Control 2.6.3 Power Grids 2.6.4 National Defense Grids 2.7 Terror Activities 2.7.1 Coordination of Grand Attacks 2.7.2 Recruitment 2.7.3 Fund Raising 3 Detection 3.1 Detection of a Crime Committed often External to Computers 3.1.1 False Credit Card Charges 3.1.2 Parties meet after Chat Room solicitation 3.1.3 Report from child or former child of sexual abuse 3.1.4 Act of Terror committed 3.2 Detection of activities about the intent to commit a crime is mostly reseach 3.2.1 When punishment is not a deterrent, prevention may become the goal 3.2.2 What are the symptoms The problem with any set of frequency related symptoms is that skilled terrorists will know how to block the detection system. For instance, by increasing traffic a long time in advance of the actual "act" the symptoms of the "act" can be masked. 184.108.40.206 Latent worms or viruses 220.127.116.11 Increase in Probes 18.104.22.168 Increase in email traffic between suspicious parties 3.2.3 Where is the right place to look 3.2.4 How are symptoms assembled? 22.214.171.124 Speculation on form of attack and creation of potential warning symptoms? 126.96.36.199 Can a "honeypot" be developed to attract symptoms 3.2.5 Detection work may block prosecution Evidence often needs a warrent which has to be specific about the reasons for the search. The type of fishing for information needed to prevent attacks could make it hard to use the information gathered in court. 3.3 Balance of surveillance vs Civil Rights 3.3.1 Civil Rights Advocates argue against use of new technologies 188.8.131.52 Dershowitz argues 184.108.40.206.1 Some use of new technologies may actually reduce the use of broad profiles 220.127.116.11 Scott Meely argues that privacy is dead so "get over it". 3.3.2 Dershowitz argues that rights have to be in context. What was OK prior to 9/11 may not be OK today given the experience of society. For instance, would we agree to more invasive monitoring? Would we trust some group to monitor that would be prevented from turning over what they gather to prosecutors if it w as "off topic". Today the rule for criminal investigation is that anything found in a legal search for one crime can be used to prosecute crimes that are discovered in the search. What about the use of evidence when there was no warrent because the investigators were looking for potential acts of terror? 4 Coordination and Prevention 4.1 Criminals and terrorists exploit old organization 4.2 Coordination of databases and tools 4.2.1 Demanded by some 4.2.2 Loathed by others 4.3 Coordination and consolidation changes power bases 4.3.1 May affect jobs 4.3.2 May affect communities 4.3.3 Will have positive and some negative effects 4.3.4 Requires a high level decision that will catch flak 5 Summary 5.1 Lot of Issues 5.2 Not much time 5.3 Lots of inertia 5.4 Decisions must be made 5.5 Depend upon good intensions, intelligence, and good luck 5.6 Education critical 5.6.1 Broad understanding will replace rumor with facts 5.6.2 Education helps the public understand the terminology 18.104.22.168 The phone system was built under the covers of one company 22.214.171.124 Computer and network forensics has to be built in the open by many companies
See the following paper about:
Abstract: There is a trend in both civil and criminal courts to allow data found in computers to be used as evidence. This paper explores common techniques of finding evidence on computers primarily focusing on personal computers in a Windows environment. In doing so, this paper explores the technical methods in which an individual can protect his/her data and the legal rights an individual in the United States has to prevent the seizure of his/her computer. The legal rights and procedures explored will focus on US criminal laws.
See the paper itself
Return to Dr. Caftori's
Last updated 10/3/03