Hello
Smith97
week1.pdf
CSCI 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and
Overview of Computer Crime
Instructor: Song Huang, Ph.D. Email: [email protected]
August 24, 2020
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 1 / 23
Introduction to Instructor Song Huang is an Adjunct Professor in the Department of Computer Science and Information Systems. He got his Ph.D. degree in Computer Science and Engineering from University of North Texas in 2019. His Research Interest includes but not limited to:
Applying Machine Learning on Reliability of Computer Systems Deep Learning, Reinforcement Learning and Feedback Control Natural Language Processing and AI Cyber Security
He likes playing soccer, but haven’t played for a while because of the pandemic.
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 2 / 23
Tentative Breakdown of Course Grade
Tentative Breakdown of Course Grade Reading Assignment 20% Homework Assignment 10% Projects 30% Exams 40%
Final Letter grades Letter Grade Cut-off Score A 90% - 100% B 80% - 90% C 70% - 80% D 60% - 70% F Below 60%
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 3 / 23
Tasks in this Course
Reading Assignments. students will be asked to read some sections in the textbook and answer some questions. The questions are all essay questions. Homework Assignments: The homework assignments usually have 3-5 questions. Homework must be done individually, and students should learn how to solve problems. Projects: Students are given 2 projects during the semester. The projects are required to be developed using high level programming languages, for example, Python, Java, and C++. Exams: There are 2 exams in the semester, Exam 1 covers the information given in the first half of the semester, and Exam 2 covers the lectures in the second half of the semester.
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 4 / 23
Outline of the Slides
1 Introduction to Forensics What Computer Forensics is What you need to know about the field of digital forensics what you need to know for computer forensics analysis what the Daubert standard is what is the relevant laws are what the federal guidelines are
2 Overview of Computer Crime How Computer crime affects forensics what the details of identity theft are what hacking is what the truth about cyberstalking and harassment is what you need to know about fraud on the Internet what the details about non-access computer crimes are what you need to know about the new frontier of cyberterrorism
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 5 / 23
Chapter 1: What is Forensics
Forensics: the use of science to process evidence so you can establish the facts of a case. The evidence has to be examined and processed in a consistent scientific manner. Computer Forensics: our modern world is full of electronic devices with the capacity to store data. The extraction of that data in a consistent scientific manner is the subject of Computer Forensics.
the process of scientific knowledge for collecting, analyzing, and presenting evidence to the courts deals primarily with the recovery and analysis of latent evidence use of analytical and investigative techniques to identify, collect, and preserve evidence/information which is magnetically stored or encoded. the objective in computer forensics is to recover, analyze, and present computer-based material that can be used as evidence in a court of law.
Digital Forensics: Not only computers, but encompasses some other digital device forensics, like cell phone forensics, router forensics, GPS forensics, tablet forensics and so on.
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 6 / 23
Computer Forensics Applies Domains of IT Infrastructure
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 7 / 23
Forensics Processes
Collecting: collect evidence. There are specific procedures for properly collecting evidence to make make evidences admissible in a court. Analyzing: The most time-consuming parts of a forensics investigation. Presenting: present thhat evidence in one form or another. The two most basic forms are:
Expert Report: includes what tests you conducted, what you found, and your conclusions. It also includes your Curriculum Vitae (CV), which is like a resume. Expert Testimony: testify as an expert witness, that is, on basis of scientific or technical knowledge you have that is relevant to a case.
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 8 / 23
Understanding the Field of Digital Forensics
What is Digital Evidence? information that has been processed and assembled so that it is relevant to an investigation and supports a specific finding or documentation. Chain of Custody: continuity of control of evidence that makes it possible to account for all that happened to evidence between its original collection and its appearance in court. 4 types of evidence:
Real Evidence: Documentary Evidence: Testimonial Evidence: Demonstrative Evidence:
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 9 / 23
Scope-Related Challenges to System Forensics
Forensics Challenges: not only analytical challenges, but also psychological challenges.
Large Volumes of Data: the Volume of data to be analyzed System Complexity: the complexity of the computer system Distributed Crime Scense: The size and character of the crime scene, which might involve a network that crosses U.S. and foreign jurisdictions. Growing Caseload and Limited Resources:
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 10 / 23
Types of Digital System Forensics Analysis
Disk forensics: Email forensics: Network forensics: Internet forensics: Software forensics: Live system forensics: Cell-phone forensics:
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 11 / 23
General Guidelines for Forensics
Chain of Custody: the whereabouts and custody of the evidence, and how it was handled and stored and by whom, must be able to be shown at all times. Don’t touch the Suspect Drive: touch the system as little as possible. make a forensics copy and work with the copy if necessary. Document Trail: document everything. Secure Evidence: ensure that no one can tamper with the evidence.
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 12 / 23
Knowledge Needed for Computer Forensics Analysis
Assume that you have a basic understanding of computer hardware, software, and operating systems.
Hardware: Random Access Memory(RAM); Hard Drives Software: Operating Systems(Windows, Linux, Machintosh); Files and File systems Networks: Addresses(Physical Ports, MAC Addresses, IP Addresses, Logical Port Numbers, URLs); Basic Network Utilities;
Two more challenges in obtaining digital evidence: Obscured Information: maybe scrambled by encryption, hidden using steganographic software, compressed, or a proprietary format. Anti-Forensics:
Data destruction Data hiding Data transformation File system alteration
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 13 / 23
The Daubert Standard
Used by a trial judge to make a preliminary assessment of whether an expert’s scientific testimony is based on reasoning or methodology that is scientific valid and can properly be applied to the facts at issue. The factors that may be considered in determining whether the methodology is valid:
Whether the theory or technique in question can be and has been tested whether it has been subjected to peer review and publication its known or potential error rate the existence and maintainance of standards controlling its operation whether it has attracted widespread acceptance within a relevant scientific community.
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 14 / 23
U.S. Laws Affecting Digital Forensics and Federal Guidelines
there are many laws that affect digital forensics investigation, it is important to be aware of the legal requirements in the jurisdiction.
The Federal Privacy Act of 1974 The Privacy Protection Act of 1980 ......
Federal Guidelines: FBI The Secret Service The Regional Computer Forensics Laboratory Program.
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 15 / 23
Chapter 2: Overview of Computer Crime
How computer crime affects forensics What the details of identity theft are what hacking is what the truth about cyberstalking and harassment is what you need to know about fraud on the Internet what the details about non-access computer crimes are what you need to know about the new frontier of cyberterrism
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 16 / 23
How Computer Crime Affects Forensics
Computer can be involved in a variety of types of crimes. Cybercrime can also involve modification of a traditional crime by using Internet. Certain crimes are more likely than others to yield certain types of forensics evidence. Computer Attachs Categories based on the type of crime:
Identity theft Hacking systems for data Cyberstalking / harassment Internet fraud Non-access computer crimes Cyberterrorism
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 17 / 23
Identity Theft
Definition: someone wrongfully obtains and uses another person’s personal data in some way that involves fraud or deception, typically for economic gain. Common methods to perpetrate identity threft:
Phishing: usually done by emailing the victims. (Spear phishing and whaling) Spyware: any software that can monitor your activities on a computer. Discarded information: any documents that are thrown out without first being shredded could potentially aid an identity thief.
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 18 / 23
Hacking
breaking into a system remotely. SQL Injection: the most common web application attack, inserting SQL commands into text boxes (logon screen), the query from your database for logging. Cross-Site Scripting: post some script and display to victims, then execute the scripts to redirect the victims to a phishing site. Ophcrack: basic tool for physically accessing a Windows machine by cracking the local passwords on Windows Systems. Tricking Tech Support: Add some scripts to the system startup process, when a domain admin log on to the machine, the local account become a domain admin.
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 19 / 23
Cyberstalking and Harassment
use of the Internet, email, or other electronic communications devices to stalk another person. Three Criteria of law enforcement officers to bear in mind when considering cyberstalking and harassment cases:
Is it possible? If a person makes a threat, is that threat credible? How frequent? How serious?
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 20 / 23
Fraud
Any attempt to gain financial reward through deception is fraud. Investment Offers: for example “pump and dump” Data Piracy: The Internet makes distribution of illegally copied materials, or data piracy very easy.
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 21 / 23
Non-Access Computer Crimes
Render the target unreachable by legitimate users. Denial of Service: prevent legitimate users from being able to access a given computer resource. The most common target is a website. Virus: any software that self-replicates, like a human or animal virus. Logic Bombs: malware designed to harm the system when some logical condition is reached. Often it is triggered based on a specific data and time.
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 22 / 23
Cyberterrorism
Issues of cyberterrorism and cyberrespionage are referred to the Federal Bureau of Investigation. They use same techniques as any other cyber-crime, the actual technical portions of the investigation are the same.
Instructor: Song Huang, Ph.D.Email: [email protected] 352 - Intro to Digital Forensics Week 1: Introduction to Forensics and Overview of Computer CrimeAugust 24, 2020 23 / 23
