CARL LINNAEUS EVOLUTION ASSIGNMENT KELSEY BOWMAN SEPTEMBER 28 TH, 2015 .
COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 26 @ 3:35 PM Assignment 3...
-
date post
21-Dec-2015 -
Category
Documents
-
view
217 -
download
2
Transcript of COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 26 @ 3:35 PM Assignment 3...
COS/PSA 413COS/PSA 413
Day 5
Agenda• Questions?• Assignment 2 Redo
– Due September 26 @ 3:35 PM
• Assignment 3 posted– Due September 26 @ 3:35 PM
• Quiz 1 on September 30– Chaps 1-5, Open book, Open notes
– 20 M/C and 5 essays
• Lab 1 corrected– 2 B’s, 6 C’s and 1 F– RTDQ!
• Lab 2 write-ups due• Finish Discussion Processing Crime and incident Scenes• Lab 3 in N105
– Hands-on project 5-4 and 5-5– Follow instructions in
Lab 1• 2-1
– File listing , contents & memo– Just the facts>>no bias and no conclusions
• 2-2 – Memo – 25 clusters hits
• 2-3– Memo
• 4 files, 30 clusters for BOOK• 1 image files name and where found
• 2-4 – File listing
• 2-5 – Prodiscover resport with “deleted and file type”
• 2-6– Prodiscover report with proper comments– 3 files with the 3 words (one file each)
Guide to Computer Forensics and Investigations 3
Guide to Computer Forensics and Investigations 4
Reviewing Background Information for a Case
• Company called Superior Bicycles– Specializes in creating new and inventive modes of
human-driven transportation
• Two employees, Chris Murphy and Nau Tjeriko, have been missing for several days
• A USB thumb drive has been recovered from Chris’s office with evidence that he had been conducting a side business using company computers
Guide to Computer Forensics and Investigations 5
Identifying the Case Requirements
• Identify requirements such as:– Nature of the case– Suspect’s name– Suspect’s activity– Suspect’s hardware and software specifications
Guide to Computer Forensics and Investigations 6
Planning Your Investigation
• List what you can assume or know– Several incidents may or may not be related– Suspect’s computer can contain information about
the case– If someone else has used suspect’s computer
• Make an image of suspect’s computer disk drive
• Analyze forensics copy
• \\Wallagrass\Software for N105 lab\COS413 Software\Chap05\InChap05
Guide to Computer Forensics and Investigations 7
Conducting the Investigation: Acquiring Evidence with AccessData
FTK• Functions
– Extract the image from a bit-stream image file– Analyze the image
Guide to Computer Forensics and Investigations 8
Guide to Computer Forensics and Investigations 9
Conducting the Investigation: Acquiring Evidence with AccessData
FTK (continued)
Guide to Computer Forensics and Investigations 10
Guide to Computer Forensics and Investigations 11
Guide to Computer Forensics and Investigations 12
Conducting the Investigation: Acquiring Evidence with AccessData
FTK (continued)
Guide to Computer Forensics and Investigations 13
Guide to Computer Forensics and Investigations 14
Conducting the Investigation: Acquiring Evidence with AccessData
FTK (continued)
Guide to Computer Forensics and Investigations 15
Summary
• Digital evidence is anything stored or transmitted on electronic or optical media
• Private sector– Contained and controlled area
• Publish right to inspect computer assets policy
• Private and public sectors follow same computing investigation rules
• Criminal cases– Require warrants
Guide to Computer Forensics and Investigations 16
Summary (continued)
• Protect your safety and health as well as the integrity of the evidence
• Follow guidelines when processing an incident or crime scene– Security perimeter– Video recording
• As you collect digital evidence, guard against physically destroying or contaminating it
• Forensic hash values verify that data or storage media have not been altered
Guide to Computer Forensics and Investigations 17
Summary (continued)
• To analyze computer forensics data, learn to use more than one vendor tool
• You must handle all evidence the same way every time you handle it
• After you determine that an incident scene has digital evidence, identify the digital information or artifacts that can be used as evidence