FEED ME, SEYMOUR! LITTLE SHOP OF HORRORS (1986)

DR. JOE CICCONE

Unit 4: Guide to Computer Forensics and

Investigations CJ 317

Last Week – Questions – This week

How data is stored and managed on Microsoft operating systems (OSs). To become proficient in recovering data for computer investigations, you should understand file systems and their OSs, including legacy (MS-DOS, Windows 9x, and Windows Me, for example) and current OSs, such as Windows 2000, XP, and Vista. Virtual PC environment to further analyze Windows digital evidence.

Topics for the night

There are hardware and software forensics tools. There are forensic workstations, write blockers, and other devices that are needed. Since computer hardware is changing quickly as well, adapters are needed to access some drives.

In this seminar, we will discuss how one goes about selecting the hardware and software for a lab? How much do these items really cost?

Project – Review (due tomorrow) PART I

Case Project 6-2:An employee suspects that his password has been

compromised. He changed it two days ago, yet it seems that someone has used it again. Discuss what you think may be going on.

Develop a strategy to address the issue and provide the steps you would take to resolve the problem.

Use at least one outside research source including academic journals to support your view.

Don’t reinvent the wheel ? Meaning ?

Project Part II (COMBINE both)

Research two popular GUI tools: Guidance Software EnCase Access Data FTK

Compare their features to other products, such as: ProDiscover www.techpathways.com Ontracks EasyRecover

Professional www.ontrack.com/easyrecoveryprofessional Create a bar chart outlining each tool’s current capabilities. The chart should clearly indicate which software product you would recommend.

Discuss the features you would find most beneficial in creating your own lab. Use at least one outside research source including academic journals to support your view.

Video: Security Risks - Firewalls

Electronic forgery I.e. affixing of false digital signature, making false electronic record

Electronic forgery for the purpose of cheating Electronic forgery for the purpose of harming

reputation Using a forged electronic record Publication of digital signature certificate for

fraudulent purpose Offences and contravention by companies Unauthorized access to protected system

Common Web Vulnerabilities

Password guessingProxies and man-in-the-middle attackHTML comments“Forgot password” implementationsKeystroke loggersSQL injectionCommand injectionURL manipulation

Computer Crime Vulnerability

1995 1996 1997 1998 1999 2000 2001 2002 2003 2004 20050

1000

2000

3000

4000

5000

6000

7000

Vulnerabilities Reported

Vulnerabilities

No Seminar Next Week – MIDTERM Project

Write a 3-5 page paper that addresses the following scenario:  For this project, you will play the role of a

entrepreneur who is deciding what type of computer forensics company you will start or be the supervisor.

Based on what you have done so far, address the following concerns.

Describe the company The type of work it does What equipment is needed for the lab What software you will need.

National Crime Information Center (NCIC)Codes

Enhanced Name Search: Uses the New York State Identification and Intelligence System (NYSIIS). Returns phonetically similar names (e.g. Marko, Marco or Knowles, Nowles or derivatives of names such as William,Willie, Bill).

Fingerprint Searches: Stores and searches the right index fingerprint. Search inquiries compare the print to all fingerprint data on file (wanted persons and missing persons).

Probation/Parole: Convicted Persons or Supervised Release File contains records of subjects under supervised release.

Online Manuals: State Control Terminal Agencies (CTAs) can download manuals and make them available to users on-line.

Improved Data Quality: Point-of-entry checks for errors; validates that data is entered correctly (e.g., VINs); checks that data is entered in all mandatory fields; links text and image information; and expands miscellaneous fields.

Information Linking: Connects two or more records so that an inquiry on one retrieves the other record(s). Mugshots: One mugshot per person record may be entered in NCIC 2000. One fingerprint, one signature,

and up to 10 other identifying images (scars, marks, tattoos) may also be entered. Other Images: One identifying image for each entry in the following files: Article, Vehicle, Boat, Vehicle or

Boat Part. A file of generic images (e.g., a picture of a 1989 Ford Mustang) is maintained in the system Convicted Sex Offender Registry: Contains records of individuals who are convicted sexual offenders or

violent sexual predators. SENTRY File: An index of individuals incarcerated in the federal prison system. Response provides

descriptive information and location of prison. Delayed Inquiry: Every record entered or modified is checked against the inquiry log. Provides the entering

and inquiring agency with a response if any other agency inquired on the subject in the last five days. On-line Ad-hoc Inquiry: A flexible technique that allows users to search the active databases and access

the system’s historical data.

Questions

Grade UPDATE - how are you doing now?Your Concerns? - DARE Officer Ciccone