Data Collection, Analysis and Preservation Computer Forensics: Data Collection, Analysis and...
-
Upload
aldous-knight -
Category
Documents
-
view
227 -
download
0
Transcript of Data Collection, Analysis and Preservation Computer Forensics: Data Collection, Analysis and...
Computer Forensics: Data Collection, Analysis and Data Collection, Analysis and
PreservationPreservation
Kikunda Eric Kajangu, Cher Vue, and John Kikunda Eric Kajangu, Cher Vue, and John MottolaMottola
ITIS-3200-001 ITIS-3200-001
Computer Forensics defined:
The use of analytical and investigative techniques to identify, collect, examine and preserve evidence/information which is magnetically stored or encoded.
Industry companies Industry companies interested in computer interested in computer
forensicsforensicsGuidance Software (http://
www.guidancesoftware.com)◦ They are the creators of the popular GUI-based
forensic tool “EnCase”.Digital Intelligence, Inc. (http://
www.digitalintel.com/)◦ Digital Intelligence designs and builds computer
forensic software and hardware. They also offer free forensic utility software for law enforcement.
IVIZE Data Center: (http://www.ivize.net). ◦ They provide several litigation support services
including Electronic Data Discovery
Data CollectionResearch challenges
◦Gathering data Ensuring the data is relevant and complete Obtaining volitile data Obtaining deleted and changed files
◦Lack of trained professionals Computer Forensics is a relatively new field Threat of System administrators corrupting
data No standards
Data CollectionEvolution of data collection
◦ Mid 1980’s X-Tree Gold and Norton Disk Edit
Limited to recovering lost or deleted files◦ 1990’s
Specialized tools began to appear Tools to perform Network investigations
◦ 1999 Boot to floppy and write to alternative media
Very slow transfer rate. (1GB/hr)◦ Current
Many tools to choose from GUI and Command Line Tools are available Fast and efficient
Data Analysis Data Analysis The main problem when dealing with electronic data
analysis is not only the size that can easily reach a very large volume to manage, but also the different number of the application associated with those files.
Electronic Data Discovery :- e-mail, Microsoft Office files, accounting databases,…- other electronically-stored information which could be relevant evidence in a law suit.
Tools to analyze electronic data in computer forensics :◦ - Needle Finder:
use a special .NET framework application in conjunction with a SQL database to process hundreds of file types and emails simultaneously and pinpoint pertinent, requested information for analysis.
◦ - E-Discovery
Data Preservation Data Preservation Data should never be analyzed using the
same machine it is collected fromForensically sound copies of all data
storage devices, primarily hard drives, must bet made.
There are two goals when making an image◦ Completeness◦ Accuracy
This is done by using standalone hard-drive duplicator or software imaging tools such as DCFLdd or Iximager
Research Challenges: What Research Challenges: What are the essential problems in are the essential problems in
this fieldthis fieldTraining
Operational Standards
International Standardization
TrainingLaw enforcement personnel
should be trained to handle itNetwork operators should also be
trained, to improve their abilities in intrusion detection,
Lawyers should receive some training to give a basic understanding of computer evidence.
Operational StandardsBasic guidelines for the evidence
collection process to be established◦Planning◦Recording◦Performance◦Monitoring◦Recording◦Reporting
International StandardizationDifferent countries each have
their own methods, standards, and laws
What is acceptable evidence in one country may not be in another
Serious problem when dealing with international crimes, as computer crime often is
Conclusions and future Conclusions and future work work
Even though it is a fascinating field, due to the nature of computers, far more information is available than there is time to analyze.
The main emphasis of future work is on recovery of data.
To improve ways to:◦ Identify the evidence◦ Determine how to preserve the evidence ◦ Extract, process, and interpret the evidence◦ Ensure that the evidence is acceptable in a
court of law
Works Cited "5 Common Mistakes in Computer Forensics." Online Security. 25 June
2003. 14 Nov.-Dec. 2007 <http://www.onlinesecurity.com/forum/article279.php>.
"Computer Forensics." Digitalintelligence. 2007. 20 Oct. 2007 <http://www.digitalintel.com/>.
"Computer Forensics." Disklabs. 2004. 15 Oct. 2007 <http://www.disklabs.com/computer-forensics.asp>.
"Computer Forensics." Techtarget. 16 Dec. 2003. 25 Oct. 2007 <http://labmice.techtarget.com/security/forensics.htm>.
"Computer Forensics." Wikipedia. 26 Nov. 2007. 28 Nov. 2007 <http://en.wikipedia.org/wiki/Computer_forensics>.
Dearsley, Tony. "United States: Computer Forensics." Mondaq. 14 June 2007. 22 Oct. 2007 <http://www.mondaq.com/article.asp?articleid=48322>.
Garner, George M. "Forensic Acquisition Utilities." Gmgsystemsinc. 2007. 11 Nov. 2007 <http://www.gmgsystemsinc.com/fau/>.
"International High Technology." Htcia. 2007. 28 Oct. 2007 <http://htcia.org/>.
“Computer Forensics-A Critical Need In Computer Science Programs” <http://www.scribd.com/doc/131838/COMPUTER-FORENSICS-A-
CRITICAL-NEED-IN-COMPUTER> “Computer Forensics Laboratory and Tools”
<http://www.scribd.com/doc/136793/COMPUTER-FORENSICS-LABORATORY-AND-TOOLs>
Works Cited Ispirian. "Following Procedure." Hgexperts. 2007. 01 Nov. 2007
<http://www.hgexperts.com/hg/article.asp?id=4804>. Monica. "A Community of Computer Forensics Professionals."
Computerforensicsworld. 26 Aug. 2007. 09 Nov. 2007 <http://www.computerforensicsworld.com/>.
Morris, Jamie. "Computer Forensics Tools." Ezinearticles. 27 Oct. 2006. 28 Oct. 2007 <http://ezinearticles.com/?Computer-Forensics-Tools&id=340154>.
Reuscher, Dori. "How to Become a Cyber-Investigator." About. 2007. 16 Nov. 2007 <http://certification.about.com/cs/securitycerts/a/compforensics.htm>.
Robinson, Judd. "An Explanation of Computer Forensics." Computerforensics. 2007. 26 Oct. 2007 <http://computerforensics.net/forensics.htm>.
Swartz, Jon. "Cybercrime Spurs College Courses in Digital Forensics." Usatoday. 06 June 2006. 14 Nov. 2007 <http://www.usatoday.com/tech/news/techinnovations/2006-06-05-digital-forensics_x.htm>.
LaBancz, Melissa. “Expert vs. Expertise: Computer Forensics and the Alternative OS” <http://www.linuxsecurity.com/content/view/117371/171>
“Computer Forensics – Past, Present And Future” <http://www.scm.uws.edu.au/compsci/computerforensics/Publications/Computer_Forensics_Past_Present_Future.pdf>