A Road Map for Digital Forensic Research
|
|
- Ralf Reynolds
- 5 years ago
- Views:
Transcription
1 1 Outline of Today s Lecture! A Road Map for Digital Forensic Research o Report from the 1 st Digital Forensic Research Workshop (DFRWS) 2001! Defining Digital Forensic Examination and Analysis Tools o (DFRWS 2002)! Preservation of Fragile Digital Evidence by First Response o (DFRWS 2002) A Road Map for Digital Forensic Research - Report for DFRWS 2001 Yong Guan 3216 Coover Tel: (515) guan@ee.iastate.edu Oct. 17,
2 3 Background! On Aug. 7-8, 2001, the 1 st Digital Forensic Research workshop was held in Utica, NY.! The objectives:! Spark discussion among academic and practitioners with experience and interest in the field of Digital Forensics.! Five keynote speakers:! Eugene Spafford, Charles Boeckman, Chet Hosmer, David baker, and John Hoyt 4 Introduction! Providing accurate information derived through the use of proven and well-understood methodologies! Forensic science applied in courts of law has sought to use commonly applied techniques and tools only after rigorous, repetitive testing and thorough scientific analysis.! E.g., DNA as evidence! First time in 1987, presented in U.S. court! 32 years after DNA was described.! Factual discovery takes time and an insatiable desire for accuracy of results as well as precision in the methodologies employed in its production.! Without rigorous process that leads to proven scientific discovery, decision-makers in the courts and elsewhere are left to reply on supposition or worse yet intuition in the pursuit of justice. 2
3 5 Introduction (cont.) Courts Law Enforcement Homeland Security Information Warfare Military Operations Digital Forensic Research Critical Infrastructure Protection Business & Industry 6 Workshop Discussions! Foundations! Framework for Digital Forensic Science! Trustworthy of Digital Evidence! Network Forensics! Challenges! Detection and Recovery of Hidden Data 3
4 7 A Framework for Digital Forensic Science! Build a taxonomy to guide and direct research.! Identify the areas or categories that define the universe of digital forensic science! Digital forensics should be characterized by:! Theory: a body of statements and principles that explain how things work! Abstractions and models: considerations beyond the obvious, factual, or observed! Elements of practice: related techniques, tools, and methods! Corpus of literature and professional practice! Confidence and trust in results: usefulness, purpose 8 A Framework for Digital Forensic Science! Current Status! DFS only exhibits some of these characteristics and are not tied to specific discipline practices considered by any group as scientifically rigorous! There is a level of trust and precedence established for some of these tools and techniques in common use. However, the fidelity of the trusted placed on these tools and techniques is yet to be tested.! More formal research needs to be performed. 4
5 9 A Framework for Digital Forensic Science! The definition: The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operatons 10 A Framework for Digital Forensic Science! The process See the next page. 5
6 11 12 The Trustworthyness of Digital Evidence! Questions:! Is the abstract, transformed nature of digital data troublesome?! If so, can it be overcome?! The fact that many tools and methodologies exist that allow to modify almost any attribute associated with digital data cast doubt on or at least occasionally suspect the integrity of digital evidence.! Integrity! Fidelity: How closely does the data accurately or truthfully represent fact or factual events? 6
7 13 The Trustworthyness of Digital Evidence! Issues:! Tranform process of information: Correctness! Trained and certified forensic serologists can comment on the correctness of DNA evidence via explanations that incorporate findings from molecular biology.! However, most analysts in DFS can not make similar claims.! What can be done to reduce the analytical subjectivity in DFS? It seems that human interaction with digital evidence was determined to be a fact of life in DFS into foreseeable future. Do you agree? 14 The Trustworthyness of Digital Evidence Research Solutions:! Methods to detect digital tampering! Securing or assuring protection of repositories from tampering! Correctness in digital transform methodology! Studies of hardware imperfection or electronic signature may produce data that links data to a source platform with higher confidence! Time synchronization and assessing measurable temporal drift per platform. 7
8 15 Detection and Recovery of Hidden Data Identify hiding methods and hiding places likely to be employed in digital realms.! Steganography! Anonymity! And many others! Categories of Data Hiding See the next page. 16 8
9 17 Detection and Recovery of Hidden Data Research in Detection and Recovery! Blind detection! Watermarking! Image Quality Standards! Hashing and encryption! Signature analysis 18 Network Forensics The defition: The use of scientifically proven techniques to collect, fuse, identify, examine, correlate, analyze, and document digital evidence from multiple actively processing and transmitting digital sources for the purpose of uncovering facts related to the planned intent, or measured success of unauthorized activities meant to disrupt, corrupt, and or compromise system components as well as providing information to assist in response to or recovery from these activities. 9
10 19 Network Forensics Issues:! Time! Performance! Complexity! Tools! Correlation! Collection: Who, When, What! Emerging Technologies! Wireless technology! Merging or absorbing wired services into wireless architectures, PDA, etc.! Legal hurdles Defining Digital Forensic Examination & Analysis Tools Brian Carrier 10
11 21 Definition of Digital Forensic Science "As defined at DFRWS 2001: The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to planned operations. 22 Identification and Analysis " We are restricting ourselves to the digital forensic phases of identification and analysis " Using the previous definition, the goal of these phases can be expressed as: To identify digital evidence using scientifically derived and proven methods that can be used to facilitate or further the reconstruction of events in an investigation. " All evidence is needed: Inculpatory Evidence: verifies existing data and theory Exculpatory Evidence: contradicts existing data and theory Traces of tampering: shows signs of tampering to hide data 11
12 23 Digital Forensics Complexity Problem " Data is typically acquired in its most raw format " This is generally difficult for investigators to understand " This problem has been solved by using tools to translate data through one or more layers of abstraction until it can be understood. " Abstraction Layer Examples: File System Directories ASCII HTML Network Packets Intrusion Detection Systems (IDS) 24 Digital Forensic Analysis Tools "It is proposed that the purpose of digital forensic analysis tools is to accurately present all data at a layer of abstraction and format that can be effectively used by an investigator to identify evidence. "The needed layer of abstraction is dependent on the case and investigator 12
13 25 Abstraction Layers " Used by all digital systems to customize generic interfaces " Function with two inputs and two outputs " The input rule set is typically the design specification 26 Tool Implementation Error " Errors introduced by bugs in the tools " Examples: General programming bugs Tool used an incorrect specification Tool used the correct specification, but the original source did not " One can assume that the bugs are fixed when identified " To factor in the potential for unknown bugs, a value could be calculated based on the history of a tool Likely be difficult to maintain for closed source tools that hide bugs that are not made public 13
14 27 Abstraction Error "Errors introduced by the abstraction theory "Exists in layers that were not part of the original design "Examples: Log processing IDS alerts "This error can improve with research and better abstraction theories 28 Analysis Tool Error Problem "Data from digital forensic analysis tools will have some margin of error associated with them. This does not include the errors associated with previous tampering, acquisition, or interpretation. It only includes Tool Implementation Error and Abstraction Error. "Evidence must have a margin of error associated with it and the output must be verified. 14
15 29 Layer Characteristics " Abstraction Error: Lossy Layers have an Abstraction Error and Lossless Layers have none " Mapping: A One-to-One Layer can identify the input data given the output data and a Multiple-to-One Layer cannot " Levels: Multiple levels of abstraction can occur, each having several layers of abstraction. A Boundary Layer is the last layer in a level (i.e. file contents). " Tool Types: Translation Tools translate data from one layer to another. Presentation Tools present the layer data in a format that is useful for an investigator: Directory Entries sorted by directory Directory Entries sorted by MAC times 30 Tool Requirements " Usability: Present data a layer of abstraction that is useful to an investigator (Complexity Problem) " Comprehensive: Present all data to investigator so that both Inculpatory and Exculpatory Evidence can be identified " Accuracy: Tool output must be able to be verified and a margin of error must be given (Error Problem) " Deterministic: A tool must produce the same output when given the same rule set and input data. " Verifiable: To ensure accuracy, one must be able to verify the output by having access to the layer inputs and outputs. Verification can be done by hand or a second tool set. 15
16 31 Tool Recommendations "Read-Only: Because digital data can be easily duplicated, this is not a requirement. Although, to verify the results a copy of the input will be required at a later date. 32 Conclusion "Layers of abstraction are everywhere and have always been used "Formal discussion of them has not occurred with Digital Forensics "Lossy layers will be more common as new approaches are developed to decrease analysis time and log processing times "A Tool Implementation Error value could help quantify the accuracy of a tool 16
17 Preservation of Fragile Digital Evidence by First Response Jesse Kornblum 34 Fragility of Digital Evidence " Traditional investigations Dead Body Theorem Once a crime scene has been secured, the evidence of a traditional crime such as fingerprints/firearms are not going anywhere. Preserving evidence can be done quickly and with a minimum of expertise on the investigator s behalf. E.g., if rain starts to fall on footprints in the dirt, the area can be covered with a tarp. " When a computer is involved, the very existence of evidence may not be obvious upon initial examination. No bullet holes, nor blood stains " The nature of computer-based evidence makes it inherently fragile. Data can be erased or changed without a trace 17
18 35 Types of Fragile Evidence "We are concerning with three major types of fragile evidence Transient data: Information that will be lost at shutdown, such as open network connections, memory resident programs, etc. Fragile data: Data that is stored on the hard disk, but can easily be altered, such as last accessed time stamps. Temporarily accessible data: Data that is stored on the disk, but that can only be accessed at certain times. 36 Methods of Preserving Fragile Evidence "Transport them to a non-volatile medium as quickly as possible without disrupting any other part of the system. Victim s hard drive is not safe Floppy disk for small amount of data Network connection 18
Computer forensics Aiman Al-Refaei
Computer forensics Aiman Al-Refaei 29.08.2006 Computer forensics 1 Computer forensics Definitions: Forensics - The use of science and technology to investigate and establish facts in criminal or civil
More informationNew Model for Cyber Crime Investigation Procedure
New Model for Cyber Crime Investigation Procedure * *Dept. of IT & Cyber Police, Youngdong University, Rep. of Korea ydshin@youngdong.ac.kr doi:10.4156/jnit.vol2.issue2.1 Abstract In this paper, we presented
More informationForensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud
Forensic Analysis Approach Based on Metadata and Hash Values for Digital Objects in the Cloud Ezz El-Din Hemdan 1, Manjaiah D.H 2 Research Scholar, Department of Computer Science, Mangalore University,
More informationWhen Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.
When Recognition Matters WHITEPAPER CLFE www.pecb.com CONTENT 3 4 5 6 6 7 7 8 8 Introduction So, what is Computer Forensics? Key domains of a CLFE How does a CLFE approach the investigation? What are the
More informationDIGITAL FORENSICS FORENSICS FRAMEWORK FOR CLOUD COMPUTING
17.09.24 DIGITAL FORENSICS FORENSICS FRAMEWORK FOR CLOUD COMPUTING FORENSICS FRAMEWORK FOR CLOUD COMPUTING OUTLINE Abstract Introduction Challenges in cloud forensics Proposed solution Conclusion Opinion
More informationFinancial CISM. Certified Information Security Manager (CISM) Download Full Version :
Financial CISM Certified Information Security Manager (CISM) Download Full Version : http://killexams.com/pass4sure/exam-detail/cism required based on preliminary forensic investigation, but doing so as
More informationCourse 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
More informationCOMPUTER FORENSICS (CFRS)
Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics
More informationComputer Forensics US-CERT
Computer Forensics US-CERT Overview This paper will discuss the need for computer forensics to be practiced in an effective and legal way, outline basic technical issues, and point to references for further
More informationMFP: The Mobile Forensic Platform
MFP: The Mobile Forensic Platform Abstract Digital forensics experts perform investigations of machines for triage to see if there is a problem, as well as to gather evidence and run analyses. When the
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationOHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE
OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE I. Description of Course: 1. Department/Course: CNET - 174 2. Title: Computer Forensics 3. Cross Reference: 4. Units: 3 Lec Hrs:
More informationDigital Forensics Lecture 01- Disk Forensics
Digital Forensics Lecture 01- Disk Forensics An Introduction to Akbar S. Namin Texas Tech University Spring 2017 Digital Investigations and Evidence Investigation of some type of digital device that has
More informationUnit code: D/601/1939 QCF Level 5: BTEC Higher National Credit value: 15
Unit 49: Digital Forensics Unit code: D/601/1939 QCF Level 5: BTEC Higher National Credit value: 15 Aim To provide learners with an understanding of the principles of digital forensics and the impact on
More informationIntroduction to Volume Analysis, Part I: Foundations, The Sleuth Kit and Autopsy. Digital Forensics Course* Leonardo A. Martucci *based on the book:
Part I: Foundations, Introduction to Volume Analysis, The Sleuth Kit and Autopsy Course* Leonardo A. Martucci *based on the book: File System Forensic Analysis by Brian Carrier LAM 2007 1/12h Outline Part
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationCOMPUTER HACKING Forensic Investigator
COMPUTER HACKING Forensic Investigator H.H. Sheik Sultan Tower (0) Floor Corniche Street Abu Dhabi U.A.E www.ictd.ae ictd@ictd.ae Course Introduction: CHFIv8 presents a detailed methodological approach
More informationEducating Judges, Prosecutors and Lawyers in the Use of Digital Forensic Experts
Educating Judges, Prosecutors and Lawyers in the Use of Digital Forensic Experts Dr. Hans Henseler, University of Applied Sciences Leiden Sophie van Loenhout M.Sc., Netherlands Register of Court Experts
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More informationGuide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations
Guide to Computer Forensics and Investigations Fourth Edition Chapter 2 Understanding Computer Investigations Objectives Explain how to prepare a computer investigation Apply a systematic approach to an
More informationCertification. Forensic Certification Management Board. Robert J. Garrett, Director
Certification Forensic Certification Management Board Robert J. Garrett, Director Crime Lab Accreditation and Certification Essentials National Clearinghouse for Science, Technology, and the Law What is
More informationThe Trustworthiness of Digital Records
The Trustworthiness of Digital Records International Congress on Digital Records Preservation Beijing, China 16 April 2010 1 The Concept of Record Record: any document made or received by a physical or
More informationCOMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9
COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9 Course Code: 3401 Prepare for the CHFI certification while learning advanced forensics investigation techniques. EC-Council released the most advanced computer
More informationIntroduction to Computer Forensics
Introduction to Computer Forensics Subrahmani Babu Scientist- C, Computer Forensic Laboratory Indian Computer Emergency Response Team (CERT-In) Department of Information Technology, Govt of India. babu_sivakami@cert-in.org.in
More informationCategories of Digital Investigation Analysis Techniques Based On The Computer History Model
DIGITAL FORENSIC RESEARCH CONFERENCE Categories of Digital Investigation Analysis Techniques Based On The Computer History Model By Brian Carrier, Eugene Spafford Presented At The Digital Forensic Research
More informationScientific Working Groups on Digital Evidence and Imaging Technology
SWGDE/SWGIT Guidelines & Recommendations for Training in Digital & Multimedia Evidence Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE/SWGIT request
More informationIncident Response Data Acquisition Guidelines for Investigation Purposes 1
Incident Response Data Acquisition Guidelines for Investigation Purposes 1 1 Target Audience This document is aimed at general IT staff that may be in the position of being required to take action in response
More informationCompTIA CAS-003. CompTIA Advanced Security Practitioner (CASP)
CompTIA CAS-003 CompTIA Advanced Security Practitioner (CASP) http://killexams.com/pass4sure/exam-detail/cas-003 DEMO Find some pages taken from full version Killexams CAS-003 questions and answers are
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationThis version has been archived. Find the current version at on the Current Documents page. Archived Version. Capture of Live Systems
Scientific Working Group on Digital Evidence Capture of Live Systems Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE requests notification by e-mail
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner ACCREDITATIONS EXAM INFORMATION The Certified Digital Forensics Examiner exam is taken online through Mile2 s Assessment and Certification System ( MACS ), which is
More informationAfter the Attack. Business Continuity. Planning and Testing Steps. Disaster Recovery. Business Impact Analysis (BIA) Succession Planning
After the Attack Business Continuity Week 6 Part 2 Staying in Business Disaster Recovery Planning and Testing Steps Business continuity is a organization s ability to maintain operations after a disruptive
More informationTest Results for Disk Imaging Tools: EnCase 3.20
JUNE 03 U.S. Department of Justice Office of Justice Programs National Institute of Justice Special REPORT Test Results for Disk Imaging Tools: U.S. Department of Justice Office of Justice Programs 810
More informationDigital Forensics. Also known as. General definition: Computer forensics or network forensics
TEL2813/IS2621 Security Management James Joshi Associate Professor Lecture 3 Jan 29, 2014 Introduction ti to Digital Forensics Digital Forensics Also known as Computer forensics or network forensics General
More informationCan Digital Evidence Endure the Test of Time?
DIGITAL FORENSIC RESEARCH CONFERENCE By Michael Duren, Chet Hosmer Presented At The Digital Forensic Research Conference DFRWS 2002 USA Syracuse, NY (Aug 6 th - 9 th ) DFRWS is dedicated to the sharing
More informationResponding to Cybercrime:
Responding to Cybercrime: Preserving Crucial Evidence for Law Enforcement RCMP National Division Integrated Technological Crime Unit (ITCU) Presented by : Sgt. Stéphane Turgeon Cpl. David Connors 2 Goals
More informationCourse Curriculum for Master Degree in Network Engineering and Security
Course Curriculum for Master Degree in Network Engineering and Security The Master Degree in Network Engineering and Security is awarded by the Faculty of Graduate Studies at Jordan University of Science
More informationCyber Attack Investigative Tools and Technologies
HTCIA Silicon Valley 7 May 2003 Cyber Attack Investigative Tools and Technologies Kevin O Shea Technical Analysis Group Institute for Security Technology Studies at Dartmouth College Hanover, NH For more
More informationHow to Respond to a HIPAA Breach. Tuesday, Oct. 25, 2016
How to Respond to a HIPAA Breach Tuesday, Oct. 25, 2016 This Webinar is Brought to You By. About HealthInsight and Mountain-Pacific Quality Health HealthInsight and Mountain-Pacific Quality Health are
More informationCOMP116 Final Project. Shuyan Guo Advisor: Ming Chow
Digital Forensics with ios Devices COMP116 Final Project Shuyan Guo Shuyan.guo@tufts.edu Advisor: Ming Chow Abstract This project focuses on ios device forensics. The study provides a general overview
More informationComputer Information Systems (CIS) CIS 105 Current Operating Systems/Security CIS 101 Introduction to Computers
Computer Information Systems (CIS) CIS 101 Introduction to Computers This course provides an overview of the computing field and its typical applications. Key terminology and components of computer hardware,
More informationDigital Forensics Lecture 02- Disk Forensics
Digital Forensics Lecture 02- Disk Forensics Hard Disk Data Acquisition Akbar S. Namin Texas Tech University Spring 2017 Analysis of data found on a storage device It is more common to do dead analysis
More informationMemory Analysis. CSF: Forensics Cyber-Security. Part II. Basic Techniques and Tools for Digital Forensics. Fall 2018 Nuno Santos
Memory Analysis Part II. Basic Techniques and Tools for Digital Forensics CSF: Forensics Cyber-Security Fall 2018 Nuno Santos Previous classes Files, steganography, watermarking Source of digital evidence
More informationDonor Credit Card Security Policy
Donor Credit Card Security Policy INTRODUCTION This document explains the Community Foundation of Northeast Alabama s credit card security requirements for donors as required by the Payment Card Industry
More informationCertified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Title: Certified Digital Forensics Examiner Duration: 5 days Class Format Options: Instructor-led classroom Live Online Training Prerequisites: A minimum of
More informationFreeware Live Forensics tools evaluation and operation tips
Edith Cowan University Research Online Australian Digital Forensics Conference Security Research Centre Conferences 2006 Freeware Live Forensics tools evaluation and operation tips Ricci Ieong ewalker
More informationOverview. Handling Security Incidents. Attack Terms and Concepts. Types of Attacks
Overview Handling Security Incidents Chapter 7 Lecturer: Pei-yih Ting Attacks Security Incidents Handling Security Incidents Incident management Methods and Tools Maintaining Incident Preparedness Standard
More informationForensics on the Windows Platform, Part Two by Jamie Morris last updated February 11, 2003
SecurityFocus HOME Infocus: Forensics on the Windows Platform, Part Two 2003-02-17 12:56:05-0900 SFOnline Forensics on the Windows Platform, Part Two by Jamie Morris last updated February 11, 2003 Introduction
More informationDNA Intrusion Detection Methodology. James T. Dollens, Ph.D Cox Road Roswell, GA (678)
DNA Intrusion Detection Methodology by James T. Dollens, Ph.D. 1675 Cox Road Roswell, GA 30075 JTDDGC@aol.com (678) 576-3759 Copyright 2001, 2004 James T. Dollens Page 1 of 1 Introduction Computer viruses,
More informationDigital Cameras. An evaluation of the collection, preservation and evaluation of data collected from digital
Ronald Prine CSC 589 - Digital Forensics New Mexico Institute of Mining and Technology October 17, 2006 Digital Cameras Executive Summary An evaluation of the collection, preservation and evaluation of
More informationSecuring Information Systems
Chapter 7 Securing Information Systems 7.1 2007 by Prentice Hall STUDENT OBJECTIVES Analyze why information systems need special protection from destruction, error, and abuse. Assess the business value
More informationWindows Forensics Advanced
Windows Forensics Advanced Index: CF102 Description Windows Forensics - Advanced is the next step for forensics specialists, diving deeper into diverse processes on Windows OS serving computer investigators.
More informationC HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR
Page: 1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 Page: 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge
More informationGujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
More informationCIS 890: Safety-Critical Systems
CIS 890: Safety-Critical Systems Fall 2007 Lecture 1: Application Areas and SPARK Demo Copyright 2007, John Hatcliff. The syllabus and all lectures for this course are copyrighted materials and may not
More informationScientific Working Group on Digital Evidence
Disclaimer: As a condition to the use of this document and the information contained therein, the SWGDE requests notification by e-mail before or contemporaneous to the introduction of this document, or
More informationCyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS
Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS Continual disclosed and reported
More informationElectronic Signature Systems
Electronic Signature Systems A Guide for IT Personnel Copyright Topaz Systems Inc. All rights reserved. For Topaz Systems, Inc. trademarks and patents, visit www.topazsystems.com/legal. Table of Contents
More informationSAULT COLLEGE OF APPLIED ARTS AND TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE
SAULT COLLEGE OF APPLIED ARTS AND TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE COURSE TITLE: CODE NO. : SEMESTER: Fall 2011 PROGRAM: AUTHOR: Computer Engineering Technologist - Networking Dan Kachur
More informationDigital Forensics for Attorneys
Lars E. Daniel, EnCE, ACE, AME, CTNS Digital Forensics Examiner Digital Forensics for Attorneys Overview of Digital Forensics Digital Forensics For Attorneys Overview of Digital Forensics Types of Digital
More informationGina L. Bianchi, Deputy Commissioner and Counsel Acting Director, Office of Forensic Services Kimberly A. Schiavone, Forensic Services Program
Gina L. Bianchi, Deputy Commissioner and Counsel Acting Director, Office of Forensic Services Kimberly A. Schiavone, Forensic Services Program Manager New York State Forensic Overview Office of Forensic
More informationApplications for Preservation and Production in our Digital World
Applications for Preservation and Production in our Digital World Gavin W. Manes, Ph.D. President, Digital Forensics Professionals, Inc. Research Assistant Professor, The University of Tulsa Background
More informationDATA RECOVERY FROM PROPRIETARY- FORMATTED CCTV HARD DISKS
Chapter 15 DATA RECOVERY FROM PROPRIETARY- FORMATTED CCTV HARD DISKS Aswami Ariffin, Jill Slay and Kim-Kwang Choo Abstract Digital video recorders (DVRs) for closed-circuit television (CCTV) commonly have
More informationDenial of Service, Traceback and Anonymity
Purdue University Center for Education and Research in Information Assurance and Security Denial of Service, Traceback and Anonymity Clay Shields Assistant Professor of Computer Sciences CERIAS Network
More informationFPKIPA CPWG Antecedent, In-Person Task Group
FBCA Supplementary Antecedent, In-Person Definition This supplement provides clarification on the trust relationship between the Trusted Agent and the applicant, which is based on an in-person antecedent
More informationOrganization of Scientific Area Committees for Forensic Science (OSAC)
Stetson University College of Law Essentials in Forensic Science and the Law Webinar Series Organization of Scientific Area Committees for Forensic Science (OSAC) Mark D. Stolorow Director for OSAC Affairs
More informationFairWarning Mapping to PCI DSS 3.0, Requirement 10
FairWarning Mapping to PCI DSS 3.0, Requirement 10 Requirement 10: Track and monitor all access to network resources and cardholder data Logging mechanisms and the ability to track user activities are
More informationESTABLISHMENT OF AN OFFICE OF FORENSIC SCIENCES AND A FORENSIC SCIENCE BOARD WITHIN THE DEPARTMENT OF JUSTICE
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 ESTABLISHMENT OF AN OFFICE OF FORENSIC SCIENCES AND A FORENSIC SCIENCE BOARD WITHIN
More informationA Formal Logic for Digital Investigations: A Case Study Using BPB Modifications.
A Formal Logic for Digital Investigations: A Case Study Using BPB Modifications. Abstract I. Mitchell Middlesex University, UK A Formal Logic is developed and the following presented: i) Notation for Formal
More informationThe UNIX file system! A gentle introduction"
ISA 785 Research in Digital Forensics The UNIX file system! A gentle introduction" ISA 785! Angelos Stavrou, George Mason University! File System Basics 2! Readings from the Textbook! Unix / EXT3! FAT/NTFS!
More informationCOE589: Digital Forensics
COE589: Digital Forensics Research in Digital Forensics Dr. Ahmad Almulhem KFUPM - Fall 2012 (T121) COE589 - Ahmad Almulhem 1 Outline Re-Visit to Course Syllabus What is (not) Research? Research Agenda
More informationDigital Forensic Science: Ideas, Gaps and the Future. Dr. Joshua I. James
Digital Forensic Science: Ideas, Gaps and the Future Dr. Joshua I. James Joshua@cybercrimetech.com 2015-08-09 Overview Digital Forensic Science where are we now? Past Present Where are we going? Future
More informationInformation and Communications Security: Encryption and Information Hiding
Short Course on Information and Communications Security: Encryption and Information Hiding Tuesday, 10 March Friday, 13 March, 2015 Lecture 10: Information Hiding Contents Covert Encryption Principles
More informationFIRST RESPONDER FORENSICS
FIRST RESPONDER FORENSICS or Can I Pull the Plug Now? Mick Walsh Special Agent United States Secret Service Miami Electronic Crimes Task Force THE U.S. SECRET SERVICE Created in 1865 at the end of the
More informationSPECIAL ISSUE, PAPER ID: IJDCST-09 ISSN
Digital Forensics CH. RAMESH BABU, Asst.Proffessor, Dept. Of MCA, K.B.N.College, Vijayawada Abstract: The need for computer intrusion forensics arises from the alarming increase in the number of computer
More informationBACHELOR OF SCIENCE IN INFORMATION TECHNOLOGY
Bachelor of Science in Information Technology BACHELOR OF SCIENCE IN INFORMATION TECHNOLOGY Description and Outcomes The objective of the Bachelor of Science in Information Technology program is to help
More informationCellebrite Digital Forensics for Legal Professionals (CDFL)
Global forensic training Course description Level Intermediate Length Two days (14 hours) Training Track Investigative The two-day Cellebrite Digital Forensics for Legal Professionals course is designed
More informationGuide for Minimum Qualifications and Training for a Forensic
Guide for Minimum Qualifications and Training for a Forensic Footwear and/or Tire Tread Examiner 1. Scope 1.1 This Guide describes the minimum qualifications and training for a forensic footwear and/or
More informationitexamdump 최고이자최신인 IT 인증시험덤프 일년무료업데이트서비스제공
itexamdump 최고이자최신인 IT 인증시험덤프 http://www.itexamdump.com 일년무료업데이트서비스제공 Exam : CISA Title : Certified Information Systems Auditor Vendor : ISACA Version : DEMO Get Latest & Valid CISA Exam's Question and
More informationSQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD
SQL Security Whitepaper SECURITY AND COMPLIANCE SOLUTIONS FOR PCI DSS PAYMENT CARD INDUSTRY DATA SECURITY STANDARD The Payment Card Industry Data Security Standard (PCI DSS), currently at version 3.2,
More informationIntegration of Agilent OpenLAB CDS EZChrom Edition with OpenLAB ECM Compliance with 21 CFR Part 11
OpenLAB CDS Integration of Agilent OpenLAB CDS EZChrom Edition with OpenLAB ECM Compliance with 21 CFR Part 11 Technical Note Introduction Part 11 in Title 21 of the Code of Federal Regulations includes
More informationDigital Forensics Lecture 7. Network Analysis
Digital Forensics Lecture 7 Network Analysis This Week s Presentations Johnathan Ammons: Web Analysis Kelcey Tietjen: Wireless Network Traffic David Burton: Collection and Analysis of Network Traffic David
More informationCRIJ 1301 Introduction to Criminal Justice (8-Week On-line Version) Fall 2017 Aug. 28 through Oct. 22
CRIJ 1301 Introduction to Criminal Justice (8-Week On-line Version) Fall 2017 Aug. 28 through Oct. 22 Professor: Dr. Won-Jae Lee Office: HAR 209 Telephone: (325) 486-6717 Email: wlee@angelo.edu Office
More informationUnification of Digital Evidence from Disparate Sources (Digital Evidence Bags)
Unification of Digital Evidence from Disparate Sources (Digital Evidence Bags) Philip Turner QinetiQ, Digital Investigation Services, Trusted Information Management Department, St. Andrews Road, Malvern,
More informationNIST SP Notes Guide to Integrating Forensic Techniques into Incident Response
NIST SP800-86 Notes Guide to Integrating Forensic Techniques into Incident Response Authors: Karen Kent, Suzanne Chevalier, Tim Grance, Hung Dang, August 2006 Computer Forensics The application of science
More informationUNCLASSIFIED. UNCLASSIFIED Office of Secretary Of Defense Page 1 of 8 R-1 Line #18
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: Applied Research COST ($ in Millions)
More informationSoftware System For Automatic Reaction To Network Anomalies And In Real Time Data Capturing Necessary For Investigation Of Digital Forensics
Software System For Automatic Reaction To Network Anomalies And In Real Time Data Capturing Necessary For Investigation Of Digital Forensics Mladen Vukašinović Faculty of Information Technology Mediterranean
More informationA Software System for automatic reaction to network anomalies and in Real Time Data Capturing necessary for investigation of digital Forensics
A Software System for automatic reaction to network anomalies and in Real Time Data Capturing necessary for investigation of digital Forensics Mladen Vukašinović Abstract Digital forensics has a technical
More informationRanking Algorithms For Digital Forensic String Search Hits
DIGITAL FORENSIC RESEARCH CONFERENCE Ranking Algorithms For Digital Forensic String Search Hits By Nicole Beebe and Lishu Liu Presented At The Digital Forensic Research Conference DFRWS 2014 USA Denver,
More informationDigital Forensics as a Big Data Challenge
Digital Forensics as a Big Data Challenge Bruxelles, October 23rd 2013 Alessandro Guarino CEO, StudioAG Slide 1 of 20 Digital Forensics 1 DFRWS definition 2001 Digital Forensics is the use of scientifically
More informationVoting System Security as per the VVSG
Voting System Security as per the VVSG Austin Conference on State Certification Testing for Voting Systems (2017) Michael Santos Test Manager SLI Compliance Elements of Security Outside Vendor Control
More informationVISUAL CORRELATION IN THE CONTEXT OF POST-MORTEM ANALYSIS
VISUAL CORRELATION IN THE CONTEXT OF POST-MORTEM ANALYSIS Michael Hayoz and Ulrich Ultes-Nitsche Research group on telecommunications, networks & security Department of Informatics, University of Fribourg,
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationFinancial Forensic Accounting
Financial Forensic Accounting Qualification Scope of Content Version: as at 02 March 2018 6. SCOPE OF CONTENT 1. Digital forensics overview 1.1. History of digital forensics 1.2. Sources of electronic
More informationInitial CITP and CSci (partial fulfilment). *Confirmation of full accreditation will be sought in 2020.
PROGRAMME SPECIFICATION Master of Computing (Hons) in Computer Forensics Awarding institution Teaching institution UCAS Code JACS Code Programme Duration Language of Programme Liverpool John Moores University
More informationCertified Cyber Security Analyst VS-1160
VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The
More informationICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update)
ICBA Summary of FFIEC Cybersecurity Assessment Tool (May 2017 Update) June 2017 INSERT YEAR HERE Contact Information: Jeremy Dalpiaz AVP, Cyber and Data Security Policy Jeremy.Dalpiaz@icba.org ICBA Summary
More informationComputer Forensic Capabilities. Cybercrime Lab Computer Crime and Intellectual Property Section United States Department of Justice
Computer Forensic Capabilities Cybercrime Lab Computer Crime and Intellectual Property Section United States Department of Justice Agenda What is computer forensics? Where to find computer evidence Forensic
More informationBIG DATA ANALYTICS IN FORENSIC AUDIT. Presented in Mombasa. Uphold public interest
BIG DATA ANALYTICS IN FORENSIC AUDIT Presented in Mombasa Uphold public interest Nasumba Kwatukha Kizito CPA,CIA,CISA,CISI,CRMA,CISM,CISSP,CFE,IIK Internal Audit, Risk and Compliance Strathmore University
More informationRapid Forensic Imaging of Large Disks with Sifting Collectors
DIGITAL FORENSIC RESEARCH CONFERENCE Rapid Forensic Imaging of Large Disks with Sifting Collectors By Jonathan Grier and Golden Richard Presented At The Digital Forensic Research Conference DFRWS 2015
More information