1 / 20

Why should we be teaching Linux Forensics?

Why should we be teaching Linux Forensics?. Paul Stephens. Harmonisation of Computer Forensics Investigation Training. Participants Include. AGIS Courses Developed. ISEC Developments (2008-2011). Vista Forensics. Linux as a Forensic Tool. Initially run as a one week course

arne
Télécharger la présentation

Why should we be teaching Linux Forensics?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Why should we be teaching Linux Forensics? Paul Stephens

  2. Harmonisation of Computer Forensics Investigation Training

  3. Participants Include

  4. AGIS Courses Developed

  5. ISEC Developments (2008-2011) Vista Forensics

  6. Linux as a Forensic Tool • Initially run as a one week course • Following evaluations • Basics [online] – Week One • Forensic Features and Tools – Week Two • Currently being updated by a team of five

  7. Advanced Scripting • Currently in development • One week course to be run at Microsoft Copenhagen!

  8. Other Linux Forensics Courses GNU/Linux Forensics Data Recovery & Analysis ICT and Forensic Investigation Digital Forensics

  9. Why should we be teaching Linux Forensics?

  10. Why should we be teaching Linux Forensics? • Scripting will allow investigators to carry out: • Large scale investigations on unusual data sets • Automation for routine tasks • Integration of various standalone tools into one process • Will also equip the investigator with advanced knowledge beyond pre-provided software functionality • Projects • Open Source

  11. Some of the Linux Forensic Tools • LibEWF • dcfldd and rdd • The Sleuth Kit • Autopsy Forensic Browser/PTK • ophcrack • QEMU

  12. CCCU Forensic Lab Setup • Two PCs • Normal PC • Internet connection • ‘HazardNET’ PC • Students have BIOS/Administrator control • Network linked to Windows server running RIS and Linux SSH/SFTP server

  13. Teaching Materials (Basics) • Linux • http://www.ss64.com/bash/ • http://linuxcommand.org/ • Linux Forensics • http://www.linuxleo.com/ • Disk Images and other cool stuff • http://www.honeynet.org/ • Distributions • Debian/Ubuntu? • http://www.e-fense.com/helix/ • http://www.lnx4n6.be/

  14. Development of Teaching Materials • Download other peoples evidence files • Create the test images/network dumps/etc yourself • Takes a loooooooooooooooong time • Get someone else to create resources • Spec what you want and set it for your current students as an assessment/project • Report/presentation on the task

  15. Some Current Projects • AGIS/ISEC course developments • Analysis of the accuracy and usefulness of Linux Tools • Usability analysis of Autopsy/PTK • Presentation of computer-based evidence in an electronic format (MOD) • A triage toolkit for divisional examiners (Essex) • Using virtual technology in the presentation of digital evidence (Trading Standards)

  16. 3rd Annual International Conference on • Cybercrime Forensics Education and Training - CFET 2009 • First Announcement and Call for Papers • The conference will take place in the Powell Building at the North Holmes • Road campus of Canterbury Christ Church University on • 1st and 2nd September 2009. • The conference invites papers, practical workshop proposals, and • poster presentations including the following: • Development of cybercrime forensics as a new discipline • Hacking detection and prevention • Viruses and antivirus software • Commercial training in cybercrime forensics • Supporting police investigations • Defining educational programmes and their objectives • Ethical, Professional and legal issues • New software tools for cybercrime forensics • International cooperation to develop standards • Career pathways in cybercrime forensics • Network and mobile communication technologies • Cooperation of commercial and academic partners • Case studies in cybercrime forensics • Deadline for papers 1st May 2009. • Please contact Denis Edgar-Nevill [denis.edgar-nevill@canterbury.ac.uk] for details. Sponsored by

  17. Cybercrime Forensics SG The Aim of the new SG is: “Promoting Cybercrime Forensics and the use of Cybercrime Forensics; of relevance to computing professionals, lawyers, law enforcement officers, academics and those interested in the use of Cybercrime Forensics and the need to address cybercrime for the benefit of those Groups and of the wider public.” 17

  18. Cybercrime Forensics SG The interim committee: Denis Edgar-Nevill HoD Computing Canterbury Christ Church University - Chair Alastair Irons HoD Computing University Sunderland - Vice Chair Dr Abhaya Induruwa Canterbury Christ Church University - Treasurer Paul Stephens Canterbury Christ Church University - Membership Secretary Dr Richard Overill Kings College London Dr James Uhomoibhi University of Ulster Dr Bernd Carsten Stahl DeMontfort University Professor Margaret Ross MBE Southampton Solent University Geoff Staples Southampton Solent University Dr Liz Bacon HoD Computing University of Greenwich 18

  19. Cybercrime Forensics SG INAUGURAL MEETING The SG will formally come into being with its first meeting at Canterbury Christ Church University Monday 15th December 2008 held at 1400. The current President of the BCS, Rachel Burnett, will open the inaugural meeting. The event will include a keynote presentation on “Tackling the Criminal Use of Technology” by Chris Simpson—High Tech Crime Training Manager NPIA. The event will be open to all. 19

  20. Questions? paul.stephens@canterbury.ac.uk

More Related