Академический Документы
Профессиональный Документы
Культура Документы
Electronic Evidence
Reconstructing what happened
06/18/09 PHIT 2005 1
Issues to think about…
What’s Electronic Evidence (e-evidence)
…& why is it important?
What’s Computer Forensics
…& why is it growing so fast?
06/18/09 2
More issues to think about…
Enrollment in comp sci, info systems, & IT
06/18/09 3
What’s Electronic Evidence
…& why is it important?
06/18/09 4
1st Why is Evidence important?
In the legal world,
evidence is everything & the only thing
Evidence is used to establish facts
Evidence must be admissible in court or
legal action
To be admissible, the investigator must
follow proper procedure
06/18/09 5
E-evidence:
Today's fingerprint & smoking gun
Zacarias Moussaoui
20th hijacker in the 9/11 terrorist attacks
against the U.S.
his laptop, 4 computers, and several email
accounts (pilotz123@hotmail.com) were
searched for e-evidence
http://www.cnn.com/2002/LAW/09/04/moussaoui.computer/index.html Zacarias
Moussaoui
passing through
FBI discovered that the 19 hijackers used a London airport.
Kinko's computers in various cities to gain [BBC]
access to the Internet to plan 9/11.
06/18/09 6
11-digit computer code cracks the case
It was neither a fingerprint nor physical evidence that led authorities to
the woman suspected of strangling a mother-to-be & fetus-kidnapping. It
was IP address 65.150.168.223
06/18/09 7
Crime Investigations
Crime investigations are searches for evidence—
& e-evidence—to trace & reconstruct what happened.
Digital profiling of crime suspects to trace who
did what when.
Data stored on or created by hard-drives, email
systems, cellular and handheld devices, or even
TiVo reveal a lot about a person and tell a lot
about that person’s friends, family, co-workers…
06/18/09 8
What is CyberCrime?
A crime that involves computers, digital devices,
or the Internet.
A computer is:
06/18/09 9
Computer Crime
Easy to commit—too many
vulnerable systems & gullible people
Crime without punishment—too often
Lots of media sensationalism &
public apathy
Leaves digital trails
06/18/09 10
Types of Cyber Crime
Unauthorized Access Forgery and Counterfeiting
Denial of Service Internet Fraud
Extortion Spoofing or “Imposter Sites”
Theft SEC Fraud and Stock
Sabotage Manipulation
Espionage Child Pornography
Computer Fraud Stalking & Harassment
Embezzlement Credit Card Fraud & Skimming
Copyright Violation Identity theft
Cyber terrorism Tsunami fraud
06/18/09 11
Technological progress is
like an axe in the hands of
a pathological criminal.
06/18/09 12
Issues to think about…
06/18/09 13
What is Computer Forensics?
A process of applying scientific
& analytical techniques to
computers, networks, digital
devices, & files to discover or
recover admissible evidence.
06/18/09 14
Who needs Computer Forensics?
The Victim!
Businesses and government
Financial sector
Law Enforcement
Those involved in marital or employment
disputes
Anti-terrorist & National Security agencies
Insurance Carriers
Those in need of Data & Disaster Recovery
06/18/09 15
Issues to think about…
06/18/09 16
Crime scene is where the evidence is
06/18/09 17
Types of Computer Forensics
06/18/09 18
Disk Forensics
Disk forensics is the process of acquiring and
analyzing the data stored on some form of
physical storage media.
Includes the recovery of hidden and
deleted data.
06/18/09 19
Network Forensics
Network forensics is the process of examining
network traffic.
After-the-fact analysis of transaction logs
• Sniffers
• Real-time tracing
06/18/09 20
Email Forensics
Email forensics is the study of source and content of
electronic mail as evidence.
identifying the actual sender and recipient of a
message, date/time it was sent.
Often email is very incriminating.
06/18/09 21
Tracking down Email Evidence
Reading Email Headers
http://www.stopspam.org/email/headers.html
06/18/09 22
Internet Forensics
Internet or Web forensics is the process of
piecing together where and when a user has
been on the Internet.
E.g., Scott Peterson,
Michael Jackson
06/18/09 23
Source Code Forensics
To determine software ownership or
software liability issues.
Review of actual source code.
Examination of the entire development
process, e.g., development procedures,
documentation review, and review of
source code revisions.
06/18/09 24
Issues to think about…
06/18/09 25
Self-Evaluation
06/18/09 26
The Future of Computer Forensics
06/18/09 27