Computer Forensics references

Netiva Caftori
CS-460

Fall 2003

I hope we'll learn from each other

by Steve Teicher

Digital Forensics for the New Age

By Caftori and Teicher

Modern computer networks have become indispensable in our society. Both our working life and our leisure life depend on electronic connectivity to access the stored data that tells much about our lives. However, the same networks that we depend to authorize our credit purchases, personalize our shopping needs and track our credit profiles, also provide new age criminals the access to the stored data that detail many important areas of our life.

See abstract (in text format) about Digital forensics (as a Word document) and an idea.

Clouds on ... (text format) or in pdf format if you so desire. Computer forensics by cs 460 team of students, 2008.

Take the sample exam to see how much you know about forensics.

Computer and Network Forensics after 9/11
1 Key Issues
1.1 Types of Crimes
1.2 Pre-emptive versus Reactive
1.3 Legal Evidence
1.4 Technical Issues
1.5 Resources
1.5.1 Within Law Enforcement
1.5.2 Within Private Organizations
1.6 Multinational Issues
1.6.1 Evidence can be stored outside US jurisdiction
1.6.2 What can be gathered depends upon multinational treaties
2 Types of Crimes
2.1 Theft
2.1.1 Direct Theft
2.1.2 Exposure of Private Information
2.1.2.1 Medical Records
2.1.2.2 Financial Records
2.1.2.3 Financial Instruments
2.1.3 Espionage
2.2 Pornography
2.2.1 Child Porn
2.2.2 Adult Solicitation
2.3 Defacing 
2.4 Destruction of Capabilities
2.5 Defamation of Character
2.6 Grand Interruption of Public Services
2.6.1 911 Systems
2.6.2 Air Traffic Control
2.6.3 Power Grids
2.6.4 National Defense Grids
2.7 Terror Activities
2.7.1 Coordination of Grand Attacks
2.7.2 Recruitment
2.7.3 Fund Raising
3 Detection
3.1 Detection of a Crime Committed often External to Computers
3.1.1 False Credit Card Charges
3.1.2 Parties meet after Chat Room solicitation
3.1.3 Report from child or former child of sexual abuse
3.1.4 Act of Terror committed
3.2 Detection of activities about the intent to commit a crime is mostly reseach
3.2.1 When punishment is not a deterrent, prevention may become the goal
3.2.2 What are the symptoms
The problem with any set of frequency related symptoms is that skilled 
terrorists will know how to block the detection system. 
For instance, by increasing traffic a long time in advance of the 
actual "act" the symptoms of the "act" can be masked.

3.2.2.1 Latent worms or viruses
3.2.2.2 Increase in Probes
3.2.2.3 Increase in email traffic between suspicious parties
3.2.3 Where is the right place to look
3.2.4 How are symptoms assembled?
3.2.4.1 Speculation on form of attack and creation of potential warning symptoms?
3.2.4.2 Can a "honeypot" be developed to attract symptoms
3.2.5 Detection work may block prosecution
Evidence often needs a warrent which has to be 
specific about the reasons for the search. 
The type of fishing for information needed to prevent 
attacks could make it hard to use the information gathered in court.

3.3 Balance of surveillance vs Civil Rights
3.3.1 Civil Rights Advocates argue against use of new technologies
3.3.1.1 Dershowitz argues
3.3.1.1.1 Some use of new technologies may actually reduce the use of broad profiles
3.3.1.2 Scott Meely argues that privacy is dead so "get over it".
3.3.2 Dershowitz argues that rights have to be in context.
What was OK prior to 9/11 may not be OK today given the experience of society. 
For instance, would we agree to more invasive monitoring? 
Would we trust some group to monitor that would be prevented from 
turning over what they gather to prosecutors if it w

as "off topic". Today the rule for criminal investigation is that anything 
found in a legal search for one crime can be used to 
prosecute crimes that are discovered in the search. 
What about the use of evidence when 
there was no warrent because the investigators were looking for potential 
acts of terror?
4 Coordination and Prevention
4.1 Criminals and terrorists exploit old organization
4.2 Coordination of databases and tools 
4.2.1 Demanded by some
4.2.2 Loathed by others
4.3 Coordination and consolidation changes power bases
4.3.1 May affect jobs
4.3.2 May affect communities
4.3.3 Will have positive and some negative effects
4.3.4 Requires a high level decision that will catch flak
5 Summary
5.1 Lot of Issues
5.2 Not much time
5.3 Lots of inertia
5.4 Decisions must be made
5.5 Depend upon good intensions, intelligence, and good luck
5.6 Education critical
5.6.1 Broad understanding will replace rumor with facts
5.6.2 Education helps the public understand the terminology
5.6.2.1 The phone system was built under the covers of one company
5.6.2.2 Computer and network forensics has to be built in the open by many companies

See the following paper about:

Computer Forensics and Your Rights


Tu Tran
Mills College
Graduate Student in Interdisciplinary Computer Science (M.A.)
Sponsor: Ellen Spertus, PhD

Abstract: There is a trend in both civil and criminal courts to allow data found in computers to be used as evidence. This paper explores common techniques of finding evidence on computers primarily focusing on personal computers in a Windows environment. In doing so, this paper explores the technical methods in which an individual can protect his/her data and the legal rights an individual in the United States has to prevent the seizure of his/her computer. The legal rights and procedures explored will focus on US criminal laws.

See the paper itself

Return to Dr. Caftori's

Last updated 10/3/03