Gerald M. Santoro, Ph.D. ([email protected]) College of Information Sciences and Technology The...
-
Upload
emory-washington -
Category
Documents
-
view
222 -
download
2
Transcript of Gerald M. Santoro, Ph.D. ([email protected]) College of Information Sciences and Technology The...
![Page 1: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/1.jpg)
Gerald M. Santoro, Ph.D. ([email protected])College of Information Sciences and Technology
The Pennsylvania State UniversityUniversity Park, PA 16802
(slides developed by Prof. Chao-Hsien Chu)
IST 454Computer and Cyber Forensics
LearningbyDoing
Theo
ry
Practi
ce
![Page 2: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/2.jpg)
The Needs for Digital ForensicsThe Needs for Digital Forensics
• Incident handling• Identifying policy violations.• Auditing.• Investigating crimes.• Reconstructing computer security incidents.• Troubleshooting operational problems.• Log monitoring.• Recovering from accidental system damage.• Acquiring and retaining data for future use.• Exercising due diligence / regulatory compliance.• …
![Page 3: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/3.jpg)
• Personnel Security• Physical and
Environmental Security• Procurement• Regulatory and
Standards• Risk Management• Strategic Management• System and
Application Security
• Data Security• Digital Forensics• Enterprise Continuity• Incident Management• IT Security Training
and Awareness• IT Systems Operations
and Maintenance• Network Security and
Telecommunications
IT Security EBK: 14 Competency AreasIT Security EBK: 14 Competency Areas
![Page 4: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/4.jpg)
IT Security EBK: ModelIT Security EBK: Model
![Page 5: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/5.jpg)
Knowledge and Skills NeededKnowledge and Skills Needed
• Critical thinking and judgment. 69%• Communications (verbal and written). 68%• Technical knowledge. 66%• Teamwork and collaboration. 52%• Ability to lead change. 52%• Business knowledge/acumen. 40%• Cross functional influence. 35%• Influence. 33%• Facilitation. 24%• Mentoring and coaching. 19%• Strategic business planning. 22%• Industry participation. 13%
SANSInstitute
2005 Survey
![Page 6: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/6.jpg)
Prediction Detection Forensics Response
Defense In Depth of SecurityDefense In Depth of Security
Feedback
IST 451
SRA 111 SRA 468
• IST 451: Network Security
• IST 452: Legal & Regulatory Issues
• IST 453: Computer Forensics Law
• IST 454: Computer & Cyber Forensics
• IST 456: Security & Risk Management
• SRA 111: Security & Risk Analysis• SRA 211:Threats of Crime & Terrorism• SRA 221: Overview of Information Security• SRA 231: Decision Theory• SRA 311: Risk Management• SRA 472: Integration of Privacy & Security• SRA 468: Visual Analytics for Intelligence & Security
IST 453
IST 454 IST 456
IST 452
SRA 472
• Policy/Regulation• Firewall/DMZ• Access Control/VPN• …
• Qualitative models• Quantitative models• …
Prevention
• Plans• Risk analysis• …
• Scanner• IDS• Data mining• …
SRA 311SRA 221
SRA 211 SRA 231
• Computer crime• Economic crime• Policies violation• …
![Page 7: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/7.jpg)
SRA Core CurriculumSRA Core Curriculum
111 Intro Security & Risk Analysis
211 Threat of Terrorism & Crime
231 Decision Theory & Analysis
Emergency PlanningCrisis Management
Internship, Guest, & field Experience
International CultureForeign Language
(Threats) (Modeling, Analysis)(Problem Solving)
Information, People & Technology 200 Statistics
(Vulnerabilities)(Techniques)
Risk Management:Assessment & Mitigation311
Legal, Ethical, and Regulatory Issues432
440
221 Overview ofInformation Security
110
![Page 8: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/8.jpg)
SRA SRA MajorMajor - Cyber Security Option - Cyber Security Option
(Elective) (Elective) (Elective)
Support
Intro Security & Risk Analysis
Intro People,Information & Tech Statistics
Intro
Overview ofInformation Security
Threat of Terrorism& Crime
Decision Theory& Analysis
Core
Risk Management:Assessment & Mitigation
Legal, Ethical, and Regulatory Issues
Core
JuniorO
ption
Networking & Telecommunications
Computer & Cyber Forensics
Security &Risk ManagementNetwork Security
Emergency PlanningCrisis Management
Internship, Guest, & field Experience
International CultureForeign Language
Capstone
![Page 9: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/9.jpg)
SRA SRA Minor (21 cr.)Minor (21 cr.)
SRA 111: Intro Security& Risk Analysis
IST 110: Intro People,Information & Tech Stat 200: Statistics
Intro
SRA 221: Overview ofInformation Security
SRA 211: Threat of Terrorism & Crime
Core
IST 452: Legal, Ethical, & Regulatory Issues
IST 220: Networking & Telecommunications
IST 451: NetworkSecurity
IST 454: Computer & Cyber Forensics
IST 453: Cyber Forensics Laws
SRA 231: Decision Theory & Analysis
SRA 311: Risk Mgmt:Assessment & Mitigation
IST 456: Security &Risk Management
IST 402: WirelessDesign & Security
Electives (6 cr.)
Cyber Security Digital Forensics
Risk Management
![Page 10: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/10.jpg)
![Page 11: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/11.jpg)
The Center for Information Assuranceat the Pennsylvania State University,
through its curricula, certify that
Your Name Here
has acquired the knowledge and skills that meet the National Training Standard NSTISSI-4011 for
the Information Systems Security (INFOSEC)
Professionals, established by the Committee on National Security Systems (CNSS) and the
National Security Agency (NSA),on December 2005
Dr. Hank Foleys, Dean College of Information Sciences and Technology
Certificate of Accomplishment
Dr. Chao H. Chu, Executive DirectorCenter for Information Assurance
![Page 12: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/12.jpg)
IST 454 focuses on computer and
cyber forensics. Students will learn
different aspects of computer and cyber
crime and ways in which to uncover,
protect, exploit, and document digital
evidence. Students will be exposed to
different types of tools (both software
and hardware), techniques and
procedure, and be able to use them to
perform rudimentary forensic
investigations.
![Page 13: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/13.jpg)
Course ObjectivesCourse Objectives
Understand the different aspects of computer and cyber crime.
Understand the basic concepts and issues of computer forensics
Understand what tools and techniques to use in computer and cyber crime investigations
Perform basic computer and cyber forensic investigations
Understand the documentation need in performing forensic investigations
![Page 14: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/14.jpg)
TerminologyTerminology
• Computer Forensics
• Computer and Network Forensics
• Computer and Cyber Forensics
• Cyber Forensics
• Digital Forensics
• Digital Forensic Sciences
• Forensic Sciences
![Page 15: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/15.jpg)
Modules
• Digital / Computer / Cyber Forensics• Context of Computer Forensics• Knowledge and Skills Needed
• Data Acquisition – Imaging / Tools• Data Authentication / Tools• Data Search & Analysis / Tools• Forensic Policies and Procedures
• Operating Systems / File Structure• Investigating Window Systems• Investigating Linux Systems• Data Hiding Techniques / Steganography
• Overview of Web Forensics• Spam, Phishing, E-mail Tracing• PDA Forensics
• Intrusion Detection• Honeynet / Network Monitoring• Worm Forensics
• Legal and Ethical Issues• Criminal Justice Systems• Expert Witness
Overview
Search,Seizure &
Investigation
Media &File Systems
Analysis
Web / InternetForensics
Network &MalwareForensics
Legal & Criminal Justice
Systems
8 Hands-on Exercises
18 Readings
11 Quizzes / Assignments
Term Project:Report &
Presentation
1-3 GuessLectures
![Page 16: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/16.jpg)
Theory and PracticeTheory and Practice
Problem Solving Skills Interpersonal Skills Team Work Managerial Issues
TheoryPractice
Hand-
on E
xper
ienceLearning By Doing
Programming Skills Information Technology Technical Issues Emerging Information
Technologies
![Page 17: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/17.jpg)
Learning By DoingLearning By Doing
I Hear and I Forget !
I see and I Remember !
I Do and I Understand !
Confucius (Kung Chiu)5th - 6th Century, B. C.Chinese Philosopher
![Page 18: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/18.jpg)
Albert EinsteinAlbert Einstein
Imagination
is more important than
Knowledge
![Page 19: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/19.jpg)
? ? ?? ? ?
Learning Capability
is more important than
Knowledge
![Page 20: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/20.jpg)
Teaching Philosophy and Principles
Bridging the gaps between theory and practice
Learning by doing (hand-on experience)
Learning capability is more important than knowledge
Covering both technical and managerial aspects
![Page 21: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/21.jpg)
Teamwork - The Key to WinningTeamwork - The Key to Winning
![Page 22: Gerald M. Santoro, Ph.D. (gms@psu.edu) College of Information Sciences and Technology The Pennsylvania State University University Park, PA 16802 (slides.](https://reader034.fdocuments.us/reader034/viewer/2022051401/56649d1f5503460f949f3edf/html5/thumbnails/22.jpg)
We Are All in the Same BoatWe Are All in the Same Boat