html5-img
1 / 25

Security and Privacy in Computer Forensics Applications

Security and Privacy in Computer Forensics Applications S. Srinivasan Professor of CIS Director, Center for Information Assurance University of Louisville Louisville, Kentucky Outline Computer Forensics in academia History Emerging curricula Technology Collaboration Applications

Solomon
Télécharger la présentation

Security and Privacy in Computer Forensics Applications

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security and Privacy in Computer Forensics Applications S. Srinivasan Professor of CIS Director, Center for Information Assurance University of Louisville Louisville, Kentucky

  2. Outline • Computer Forensics in academia • History • Emerging curricula • Technology • Collaboration • Applications • Security issues • Privacy concerns

  3. Computer Forensics • Computer Forensics • process involves: • Collection • Preservation • Analysis • Presentation of evidence from digital sources • Historically a law enforcement responsibility

  4. Computer Forensics • 1984 – FBI forms the Computer Analysis and Response Team (CART) • 1993 - first international Computer Evidence conference held • 1995 – International Organization for Computer Evidence formed • 1997 – G-8 Summit in Moscow calls for training law enforcement personnel for solving high tech crimes

  5. Computer Forensics • 2000 – first Regional Computer Forensics Lab formed in Dallas • 2006 – latest (14th) RCFL opened in Louisville, KY

  6. FBI’s Regional Computer Forensics Labs (RCFLs) Source: www.rcfl.gov

  7. Computer Forensics in Academia • Many programs housed in Criminal Justice departments • Main focus on evidence preservation and presentation • Analysis done by forensic examiners well versed in computing • Over 100 CF programs exist today in US

  8. Computer Forensics in Academia • Important programs to review: • Purdue University, West Lafayette, IN • University of Tulsa, Tulsa, OK • University of Central Florida, Orlando, FL • Mississippi State Univ., Mississippi State, MS • Champlain College, Burlington, VT

  9. Emerging Curricula • Typical courses in Computer Forensics program: • Networking • Operating Systems • Data Communications • Computer Evidence • Criminal Law • Basic Computer Forensics • Advanced Computer Forensics • Ethics • Algebra and Statistics

  10. Emerging Curricula • Emphasis on both technology and policy • Exposure to forensic tools • EnCase • FTK • Significance of chain of evidence

  11. Technology • Understanding of • storage technology • operating system features • Windows • Linux • Unix • Mac OS • file systems

  12. Technology • Knowledge of • Slack space • Host Protected Area (HPA) • Device Configuration Overlay (DCO) • Disk imaging • Data recovery • Total data deletion • Handling encryption

  13. Collaboration • Computer Forensics investigation requires collaboration of • Law enforcement • Attorneys • Computer specialists • In academia, collaborating units could be: • Computer Science • Criminal Justice • Law • Accounting & Finance

  14. Applications • Email • Lasts longer than people believe • Businesses monitor employee emails • Admissible in legal proceedings • Protect using PGP • E-commerce • Exchange of confidential data • Impersonation

  15. Applications • Data backup • Encrypt • Secure transfer of backup media • Periodic recovery

  16. Security Issues • Data hiding • Image hiding • Improper destruction of sensitive data • Weak authentication tools • Created, Accessed, Modified date • Boot password • Password cracking

  17. Privacy Concerns • Computer Forensic investigation reveals: • Passwords • Encryption keys • Images • Scope of investigation • Use of knowledge beyond goal of investigation • Legal requirements

  18. Privacy Protection • Ten guidelines: • Remove personally identifiable data from storage media • Store an identical copy of any evidentiary media given to law enforcement • Limit search to goal of investigation • Handle time stamped events in strictest confidence • On networks, packet acknowledgement be via the use of tokens than IP addresses

  19. Privacy Protection • Safe storage of all internal logs • Preservation of event logs in external nodes • Put policies in place for actionable items related to attacks • Put policies in place for safeguarding backed up data related to an investigation • Handle disposal of sensitive data in a secure manner

  20. Summary • Computer Forensics provides plenty of trace back capabilities • Forensic investigators should get periodic training in ethical handling of data • Policies should be in place to protect privacy of subjects in an investigation

  21. References • Computer Evidence: Collection and Preservation by Christopher Brown, Thomson Publishers, MA 2006, ISBN: 1-58450-405-6 • Guide to Computer Forensics and Investigations, 2nd edition by Bill Nelson et al, Thomson Publishers, MA 2006, ISBN: 0-619-21706-5 • Computer Forensics – Hacking Exposed: Secrets and Solutions by Chris Davis et al, Osborne-McGraw Hill Publishers, NY 2005, ISBN: 0-070225675-3

  22. References • File System Forensic Analysis by Brian Carrier, Addison-Wesley, MA, 2005, ISBN: 0321268172 • Alec Yasinsac, Robert Earbacher, Donald G. Marks, Mark Pollitt, Peter M. Sommer, "Computer Forensics Education", IEEE Computer Security and Privacy Magazine, July-Aug 2003, Vol. 1, No. 4, pp. 15-23

  23. References • EnCase http://www.guidancesoftware.com • FTK http://www.accessdata.com • FileHound http://www.filehound.org • SATA http://www.serialata.org/ • Creating disk image http://darkdust.net/marc/diskimagehowto.php • National Institute of Justice document on dd command http://www.ncjrs.gov/pdffiles1/nij/203095.pdf

  24. References • Computer Forensics programs http://www.e-evidence.info/education.html • Brian Carrier http://dftt.sourceforge.net/

  25. Thank you! srini@louisville.edu www.louisville.edu/infosec

More Related