Post on 06-Jan-2016
description
transcript
FEED ME, SEYMOUR! LITTLE SHOP OF HORRORS (1986)
DR. JOE CICCONE
Unit 4: Guide to Computer Forensics and
Investigations CJ 317
Last Week – Questions – This week
How data is stored and managed on Microsoft operating systems (OSs). To become proficient in recovering data for computer investigations, you should understand file systems and their OSs, including legacy (MS-DOS, Windows 9x, and Windows Me, for example) and current OSs, such as Windows 2000, XP, and Vista. Virtual PC environment to further analyze Windows digital evidence.
Topics for the night
There are hardware and software forensics tools. There are forensic workstations, write blockers, and other devices that are needed. Since computer hardware is changing quickly as well, adapters are needed to access some drives.
In this seminar, we will discuss how one goes about selecting the hardware and software for a lab? How much do these items really cost?
Project – Review (due tomorrow) PART I
Case Project 6-2:An employee suspects that his password has been
compromised. He changed it two days ago, yet it seems that someone has used it again. Discuss what you think may be going on.
Develop a strategy to address the issue and provide the steps you would take to resolve the problem.
Use at least one outside research source including academic journals to support your view.
Don’t reinvent the wheel ? Meaning ?
Project Part II (COMBINE both)
Research two popular GUI tools: Guidance Software EnCase Access Data FTK
Compare their features to other products, such as: ProDiscover www.techpathways.com Ontracks EasyRecover
Professional www.ontrack.com/easyrecoveryprofessional Create a bar chart outlining each tool’s current capabilities. The chart should clearly indicate which software product you would recommend.
Discuss the features you would find most beneficial in creating your own lab. Use at least one outside research source including academic journals to support your view.
Video: Security Risks - Firewalls
Electronic forgery I.e. affixing of false digital signature, making false electronic record
Electronic forgery for the purpose of cheating Electronic forgery for the purpose of harming
reputation Using a forged electronic record Publication of digital signature certificate for
fraudulent purpose Offences and contravention by companies Unauthorized access to protected system
Common Web Vulnerabilities
Password guessingProxies and man-in-the-middle attackHTML comments“Forgot password” implementationsKeystroke loggersSQL injectionCommand injectionURL manipulation
Computer Crime Vulnerability
1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 20050
1000
2000
3000
4000
5000
6000
7000
Vulnerabilities Reported
Vulnerabilities
No Seminar Next Week – MIDTERM Project
Write a 3-5 page paper that addresses the following scenario: For this project, you will play the role of a
entrepreneur who is deciding what type of computer forensics company you will start or be the supervisor.
Based on what you have done so far, address the following concerns.
Describe the company The type of work it does What equipment is needed for the lab What software you will need.
National Crime Information Center (NCIC)Codes
Enhanced Name Search: Uses the New York State Identification and Intelligence System (NYSIIS). Returns phonetically similar names (e.g. Marko, Marco or Knowles, Nowles or derivatives of names such as William,Willie, Bill).
Fingerprint Searches: Stores and searches the right index fingerprint. Search inquiries compare the print to all fingerprint data on file (wanted persons and missing persons).
Probation/Parole: Convicted Persons or Supervised Release File contains records of subjects under supervised release.
Online Manuals: State Control Terminal Agencies (CTAs) can download manuals and make them available to users on-line.
Improved Data Quality: Point-of-entry checks for errors; validates that data is entered correctly (e.g., VINs); checks that data is entered in all mandatory fields; links text and image information; and expands miscellaneous fields.
Information Linking: Connects two or more records so that an inquiry on one retrieves the other record(s). Mugshots: One mugshot per person record may be entered in NCIC 2000. One fingerprint, one signature,
and up to 10 other identifying images (scars, marks, tattoos) may also be entered. Other Images: One identifying image for each entry in the following files: Article, Vehicle, Boat, Vehicle or
Boat Part. A file of generic images (e.g., a picture of a 1989 Ford Mustang) is maintained in the system Convicted Sex Offender Registry: Contains records of individuals who are convicted sexual offenders or
violent sexual predators. SENTRY File: An index of individuals incarcerated in the federal prison system. Response provides
descriptive information and location of prison. Delayed Inquiry: Every record entered or modified is checked against the inquiry log. Provides the entering
and inquiring agency with a response if any other agency inquired on the subject in the last five days. On-line Ad-hoc Inquiry: A flexible technique that allows users to search the active databases and access
the system’s historical data.
Questions
Grade UPDATE - how are you doing now?Your Concerns? - DARE Officer Ciccone