Next Back MAP MAP B-1 Management Information Systems for the Information Age Second Canadian Edition...
-
Upload
barnard-eaton -
Category
Documents
-
view
215 -
download
1
Transcript of Next Back MAP MAP B-1 Management Information Systems for the Information Age Second Canadian Edition...
B-B-11
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Extended Learning Module BExtended Learning Module B
Computer Crime and ForensicsComputer Crime and Forensics
B-B-22
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Main MapMain Map
Computer CrimeComputer Crime Computer ForensicsComputer Forensics Recovery and InterpretationRecovery and Interpretation
B-B-33
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
IntroductionIntroduction
Computers are primarily used in two ways to commit a crime or Computers are primarily used in two ways to commit a crime or misdeedmisdeed As a targetAs a target As a weaponAs a weapon
A computer is a target when someone wants to bring it down or A computer is a target when someone wants to bring it down or make it malfunctionmake it malfunction
A computer used as a weapon would include acts like changing A computer used as a weapon would include acts like changing computer records to commit embezzlement, stealing information computer records to commit embezzlement, stealing information and intentionally spreading virusesand intentionally spreading viruses
B-B-44
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
IntroductionIntroductionFigure B.1Figure B.1
Examples of Computer Crime that Organizations Need to Defend AgainstExamples of Computer Crime that Organizations Need to Defend Againstpage 343page 343
B-B-55
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer Crime
Computer CrimeComputer Crime Computer ForensicsComputer Forensics Recovery and InterpretationRecovery and Interpretation
B-B-66
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer Crime
Computer crime - Computer crime - a crime in which a computer, a crime in which a computer, or computers, play a significant part. or computers, play a significant part. Illegal gamblingIllegal gambling Forgery and money launderingForgery and money laundering Child pornographyChild pornography Electronic stalkingElectronic stalking The list goes on…The list goes on…
B-B-77
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeOutside the OrganizationOutside the Organization
Computer virusComputer virus (or (or virus) - virus) - software that was written software that was written with malicious intent to cause annoyance or damage. with malicious intent to cause annoyance or damage. There are two types of viruses.There are two types of viruses.
Benign viruses display a message or slow down the Benign viruses display a message or slow down the computer, but don’t destroy any information. computer, but don’t destroy any information.
Malignant viruses damage your computer system. Malignant viruses damage your computer system.
B-B-88
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeOutside the OrganizationOutside the Organization
Macro viruses - Macro viruses - spread by binding themselves spread by binding themselves to software such as Word or Excel. to software such as Word or Excel.
WormWorm - a computer virus that replicates and - a computer virus that replicates and spreads itself, not only from file to file, but from spreads itself, not only from file to file, but from computer to computer via e-mail and other computer to computer via e-mail and other Internet traffic. Internet traffic.
B-B-99
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeOutside the OrganizationOutside the Organization
Figure B.3Figure B.3The Love Bug WormThe Love Bug Wormpage 346page 346
B-B-1010
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeOutside the OrganizationOutside the Organization
Denial-of-service (DoS) attacksDenial-of-service (DoS) attacks - flood a Web - flood a Web site with so many requests for service that it site with so many requests for service that it slows down or crashes. slows down or crashes.
Distributed denial-of-service (DDos) Distributed denial-of-service (DDos) –attacks –attacks from from multiplemultiple computers that flood a Web site computers that flood a Web site with so many requests for service that it slows with so many requests for service that it slows down or crashes.down or crashes.
B-B-1111
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeOutside the OrganizationOutside the Organization
Figure B.4Figure B.4Distributed Denial Distributed Denial of Service Attackof Service Attackpage 347page 347
B-B-1212
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeOutside the OrganizationOutside the Organization
Code Red was the first virus that combined a worm and Code Red was the first virus that combined a worm and DoS attack. DoS attack.
Probably a hoax e-mail if:Probably a hoax e-mail if: Says to forward it to everyone you know, immediately.Says to forward it to everyone you know, immediately. Describes the awful consequences of not acting immediately.Describes the awful consequences of not acting immediately. Quotes a well-known authority in the computer industry.Quotes a well-known authority in the computer industry.
B-B-1313
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeOutside the OrganizationOutside the Organization
On Your Own
What Polymorphic Viruses Are Floating Around Cyberspace?
(p. 348)
B-B-1414
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeOutside the OrganizationOutside the Organization
Stand alone worms can run on any computer that can run Win32 Stand alone worms can run on any computer that can run Win32 programs.programs.
SpoofingSpoofing - the forging of the return address on an e-mail so that the e- - the forging of the return address on an e-mail so that the e-mail message appears to come from someone other than the actual mail message appears to come from someone other than the actual sender. sender.
Trojan horse virusTrojan horse virus - hides inside other software, usually an attachment - hides inside other software, usually an attachment or download. or download.
Key loggerKey logger, or , or key trapperkey trapper, software - a program that, when installed , software - a program that, when installed on a computer, records every keystroke and mouse click. on a computer, records every keystroke and mouse click.
B-B-1515
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeWeb DefacingWeb Defacing
Web defacing replaces the site with a substitute that’s Web defacing replaces the site with a substitute that’s neither attractive nor complimentary.neither attractive nor complimentary.
Web defacing is a favorite sport of the people who Web defacing is a favorite sport of the people who break into computer systems. break into computer systems.
B-B-1616
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeThe PlayersThe Players
HackersHackers - are knowledgeable computer users who use their - are knowledgeable computer users who use their knowledge to invade other people’s computers. knowledge to invade other people’s computers.
Thrill-seeker hackersThrill-seeker hackers - break into computer systems for - break into computer systems for entertainment. entertainment.
Black-hat hackers - Black-hat hackers - cyber vandals. cyber vandals.
CrackersCrackers - hackers for hire, and are the people who engage in - hackers for hire, and are the people who engage in electronic corporate espionage. electronic corporate espionage. Social engineeringSocial engineering - conning your way into acquiring information that - conning your way into acquiring information that
you have no right to. you have no right to.
B-B-1717
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeThe PlayersThe Players
HacktivistsHacktivists - politically motivated hackers who - politically motivated hackers who use the Internet to send a political message of use the Internet to send a political message of some kind. some kind.
Cyberterrorist - Cyberterrorist - one who seeks to cause harm one who seeks to cause harm to people or destroy critical systems or to people or destroy critical systems or information. information.
B-B-1818
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeThe PlayersThe Players
White-hat (or ethical) hackers - White-hat (or ethical) hackers - computer computer security professionals who are hired by a security professionals who are hired by a company to break into its computer system.company to break into its computer system.
Script KiddiesScript Kiddies or or script bunniesscript bunnies - people - people who would like to be hackers but don’t have who would like to be hackers but don’t have much technical expertise. much technical expertise.
B-B-1919
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeThe PlayersThe Players
Team Work
Make up a Good Password
(p. 351)
B-B-2020
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeInside the CompanyInside the Company
Along with the traditional crimes of fraud and other types Along with the traditional crimes of fraud and other types of theft, managers sometimes have to deal with of theft, managers sometimes have to deal with harassment of one employee by another. harassment of one employee by another.
Chevron Corporation and Microsoft settled sexual Chevron Corporation and Microsoft settled sexual harassment lawsuits for $2.2 million each because harassment lawsuits for $2.2 million each because employees sent offensive e-mail to other employees and employees sent offensive e-mail to other employees and management didn’t intervene. management didn’t intervene.
B-B-2121
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer CrimeComputer CrimeInside the CompanyInside the Company
On Your Own
Digital Signatures and Certificates
(p. 352)
B-B-2222
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer ForensicsComputer Forensics
Computer CrimeComputer Crime Computer ForensicsComputer Forensics Recovery and InterpretationRecovery and Interpretation
B-B-2323
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer ForensicsComputer Forensics
Computer forensicsComputer forensics - - the collection, authentication, the collection, authentication, preservation, and examination of electronic information for preservation, and examination of electronic information for presentation in court. presentation in court.
In a well-conducted computer forensics investigation, there In a well-conducted computer forensics investigation, there are two major phases: are two major phases:
1.1. Collecting and authenticating electronic evidence.Collecting and authenticating electronic evidence.2.2. Analyzing the findings.Analyzing the findings.
Computer forensics experts use special hardware and Computer forensics experts use special hardware and software tools to conduct investigations.software tools to conduct investigations.
B-B-2424
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer ForensicsComputer ForensicsThe Collection PhaseThe Collection Phase
Step one of the collection phase is to get physical access to the computer Step one of the collection phase is to get physical access to the computer and related items. and related items.
ComputersComputers Hard disksHard disks Floppy disksFloppy disks CD’s and DVD’sCD’s and DVD’s Zip disksZip disks PrintoutsPrintouts Post-it notes, etc.Post-it notes, etc.
This process is similar to what police do when investigating crime in the This process is similar to what police do when investigating crime in the brick world.brick world.
B-B-2525
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer ForensicsComputer ForensicsPhase I - The Collection PhasePhase I - The Collection Phase
Step two of the collection phase is to make a Step two of the collection phase is to make a forensic image copy of all the information. forensic image copy of all the information. Forensic image copyForensic image copy - an exact copy or snapshot of - an exact copy or snapshot of
the contents of an electronic medium. the contents of an electronic medium.
B-B-2626
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer ForensicsComputer Forensics Phase I - The Collection PhasePhase I - The Collection Phase
The Authentication and Preservation Process.The Authentication and Preservation Process.
During the collection phase and later, the During the collection phase and later, the analysis phase, the investigators have to make analysis phase, the investigators have to make absolutely sure that nothing that might be used absolutely sure that nothing that might be used as evidence in a trial could have been planted, as evidence in a trial could have been planted, contaminated, or altered in any way. contaminated, or altered in any way.
B-B-2727
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer ForensicsComputer Forensics Phase I - The Collection PhasePhase I - The Collection Phase
Investigators use an authentication process to show that Investigators use an authentication process to show that nothing changed on the hard drive or other storage nothing changed on the hard drive or other storage medium since seizure. medium since seizure.
MD5 hash valueMD5 hash value - a mathematically generated number - a mathematically generated number that is unique for each individual storage medium at a that is unique for each individual storage medium at a specific point in time, because it’s based on the contents specific point in time, because it’s based on the contents of that medium. of that medium.
B-B-2828
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer ForensicsComputer Forensics Phase I - The Collection PhasePhase I - The Collection Phase
Figure B.5Figure B.5MD5 hash valueMD5 hash valuepage 355page 355
B-B-2929
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer ForensicsComputer Forensics Phase I - The Collection PhasePhase I - The Collection Phase
Computer forensics experts use special hardware and Computer forensics experts use special hardware and software tools to conduct investigations. software tools to conduct investigations.
B-B-3030
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer ForensicsComputer ForensicsPhase II - The Analysis PhasePhase II - The Analysis Phase
The analysis phase consists of the recovery and The analysis phase consists of the recovery and interpretation of the information that’s been interpretation of the information that’s been collected and authenticated. collected and authenticated.
The analysis phase of the investigation is when The analysis phase of the investigation is when the investigator follows the trail of clues and the investigator follows the trail of clues and builds the evidence into a crime story. builds the evidence into a crime story.
B-B-3131
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer ForensicsComputer Forensics Phase II - The Analysis PhasePhase II - The Analysis Phase
You can recover files from:You can recover files from: E-mail (including deleted)E-mail (including deleted) Program files and data filesProgram files and data files Web activity filesWeb activity files Network server filesNetwork server files
B-B-3232
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer ForensicsComputer Forensics Phase II - The Analysis PhasePhase II - The Analysis Phase
Computer forensic programs can pinpoint a file’s Computer forensic programs can pinpoint a file’s location on the disk, its creator, the date it was location on the disk, its creator, the date it was created, the date of last access, the date it was created, the date of last access, the date it was deleted, as well as file formatting, and notes deleted, as well as file formatting, and notes embedded or hidden in a document. embedded or hidden in a document.
B-B-3333
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Computer ForensicsComputer Forensics Phase II - The Analysis PhasePhase II - The Analysis Phase
Figure B.7Figure B.7History of File History of File ActivityActivitypage 356page 356
B-B-3434
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Recovery and InterpretationRecovery and Interpretation
Computer CrimeComputer Crime Computer ForensicsComputer Forensics Recovery and InterpretationRecovery and Interpretation
B-B-3535
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Recovery and InterpretationRecovery and Interpretation
Much of the information comes from: Much of the information comes from: Recovered Recovered Deleted filesDeleted files Currently unused disk spaceCurrently unused disk space Deliberately hidden information or filesDeliberately hidden information or files
People whose e-mail was recovered to their extreme People whose e-mail was recovered to their extreme embarrassment (or worse) were: embarrassment (or worse) were: Monica LewinskyMonica Lewinsky Arresting officer in the Rodney King caseArresting officer in the Rodney King case Bill Gates of MicrosoftBill Gates of Microsoft
B-B-3636
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Recovery and InterpretationRecovery and InterpretationPlaces to Look for Stray InformationPlaces to Look for Stray Information
Information is written all over a disk, not only when you Information is written all over a disk, not only when you save a file, but also when you create folders, save a file, but also when you create folders, repartition the disk, and so on. repartition the disk, and so on.
File remnants could be found in:File remnants could be found in:1.1. Slack spaceSlack space2.2. Unallocated disk spaceUnallocated disk space3.3. Unused disk spaceUnused disk space4.4. Hidden filesHidden files
B-B-3737
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Recovery and InterpretationRecovery and InterpretationPlaces to Look for Stray InformationPlaces to Look for Stray Information
1.1. Deleted Files and Slack SpaceDeleted Files and Slack Space Slack space Slack space -- the space left from the end of the file.the space left from the end of the file. Leftover information there can be recovered by Leftover information there can be recovered by
forensic software. forensic software.
B-B-3838
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Recovery and InterpretationRecovery and InterpretationPlaces to Look for Stray InformationPlaces to Look for Stray Information
Figure B.7Figure B.7Fragment of E-Mail Found in Slack Space by EnCasepage 358page 358
B-B-3939
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Recovery and InterpretationRecovery and InterpretationPlaces to Look for Stray InformationPlaces to Look for Stray Information
2.2. Unallocated Disk SpaceUnallocated Disk Space Unallocated spaceUnallocated space - the set of clusters that - the set of clusters that
have been set aside to store information, but have been set aside to store information, but have not yet received a file, or still contain some have not yet received a file, or still contain some or all of a file marked as deleted. or all of a file marked as deleted.
B-B-4040
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Recovery and InterpretationRecovery and InterpretationPlaces to Look for Stray InformationPlaces to Look for Stray Information
3.3. Unused disk spaceUnused disk space Part of the disk that is left over when the disk is Part of the disk that is left over when the disk is
reformatted or repartitioned..reformatted or repartitioned..
B-B-4141
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Recovery and InterpretationRecovery and InterpretationWays of Hiding InformationWays of Hiding Information
Rename the file.Rename the file.
Make the information invisible (white text on white Make the information invisible (white text on white background.)background.)
Use windows to hide files.Use windows to hide files.
Protect the file with a password.Protect the file with a password.
B-B-4242
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Recovery and InterpretationRecovery and Interpretation Ways of Hiding InformationWays of Hiding Information
Encrypt the file.Encrypt the file. Encryption -Encryption - scrambles the contents of a file so that you can’t scrambles the contents of a file so that you can’t
read it without having the right decryption key. read it without having the right decryption key.
Use steganography.Use steganography. SteganographySteganography - the hiding of information inside other - the hiding of information inside other
information. information.
Compress the file.Compress the file.
B-B-4343
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Recovery and InterpretationRecovery and InterpretationPlaces to Look for Stray InformationPlaces to Look for Stray Information
Figure B.9Figure B.9Steganography Steganography Hides a File in Hides a File in an Imagean Imagepage 361page 361
B-B-4444
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Recovery and InterpretationRecovery and InterpretationA Day In The Life Of Computer Forensics ExpertsA Day In The Life Of Computer Forensics Experts
Being a computer forensics expert is a Being a computer forensics expert is a profession that’s very demanding. profession that’s very demanding. Know a lot about computersKnow a lot about computers Keep learningKeep learning Be careful and patientBe careful and patient Be cool under pressureBe cool under pressure Be good at explaining to juries how computers workBe good at explaining to juries how computers work
B-B-4545
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
Summary Summary Student Learning OutcomesStudent Learning Outcomes
1.1. Define computer crime and list three types of computer Define computer crime and list three types of computer crime that can be perpetrated from inside and three crime that can be perpetrated from inside and three from outside the organization. from outside the organization.
2.2. Define hackers, and identify the seven types of Define hackers, and identify the seven types of hackers and what motivates each group. hackers and what motivates each group.
3.3. Define computer forensics and describe the two Define computer forensics and describe the two phases of a forensic investigation.phases of a forensic investigation.
4.4. Identify and describe three places on a storage Identify and describe three places on a storage medium where you can find stray information. medium where you can find stray information.
5.5. Identify and describe seven ways of hiding information.Identify and describe seven ways of hiding information.
B-B-4646
Management Information Systems Management Information Systems for the Information Agefor the Information Age
Second Canadian EditionSecond Canadian Edition
Copyright 2004 Copyright 2004 The McGraw-Hill Companies, Inc. The McGraw-Hill Companies, Inc.
All rights reservedAll rights reserved
Next Back
MAP
SummarySummary Assignments & ExercisesAssignments & Exercises
1.1. Find computer forensics softwareFind computer forensics software
2.2. Is your financial identity at risk for theft?Is your financial identity at risk for theft?
3.3. The international anti-cybercrime treatyThe international anti-cybercrime treaty