Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction •...
Transcript of Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction •...
![Page 1: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/1.jpg)
Developing a Repository of
Digital Forensics Case Studies
to Provide Flexible Learning
Environment
Syed Naqvi, Ali Abdallah
Centre for Cyber Security & Forensics
![Page 2: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/2.jpg)
Outline
• Introduction
• Flexible Learning Environments
• Digital Forensics Case Studies
• Summary & Perspectives
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK2
![Page 3: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/3.jpg)
Project ConSoLiDatE
• Multi-disciplinary Cooperation for Cyber Security, Legal and Digital Forensics Education
• Objectives:• Development of educational resources conveying:
• essential cyber security knowledge
• essential digital forensic investigations
• essential legal principles
• Provision of educational audio-visual resources that facilitate active student learning, debate, critical thinking and classroom engagement.
• Development of strong links between theory and practice through consolidation of student’s understanding of principles by examining applicability to carefully constructed practical scenarios.
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK3
![Page 4: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/4.jpg)
Project ConSoLiDatE
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK4
Practice
TechnologyLaw
Case Studies
Criminology
Psychology Best practices
Expert witnessAdvocacy
Investigations
![Page 5: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/5.jpg)
Flexible Learning Environments
• Students with different learning abilities
• Curriculum inclusive of students diversity
• Sustainable learning resources
• Self directed studies versus studying with own pace
• Case-studies
• Modern legal briefs
• Technical challenges
• Expert industrial input
• Discussion activities
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK5
![Page 6: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/6.jpg)
Multidisciplinary DF Education
• Scenario-based learning (SBL)
• Learning best takes place in the context where it is going to be used.
• It involves students working their way through a storyline, usually based around a real-life case study.
• Students are encouraged to play active role by using their subject knowledge, critical thinking and problem solving skills in real-world environment.
• SBL in the area of digital forensics
• Set of scenarios to cover various stages of digital forensic analysis from evidence collection to the events correlation.
• Legal dimension: Chain of custody, paperwork, evidence handling, etc.
• Technical dimension: Imaging, password extraction, pin code, device connectors, etc.
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK6
![Page 7: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/7.jpg)
Digital Forensic Case Studies
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK7
![Page 8: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/8.jpg)
1. Forensic Soundness
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK8
When HD can’t be removed …
Device needs to be powered on …
![Page 9: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/9.jpg)
1. Forensic Soundness
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK9
When HD can’t be removed …
Device needs to be powered on …
Video of imaging and processing
Integrity of the video – MD5/SHA1
![Page 10: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/10.jpg)
2. Logical Images
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK10
When Physical image of a HD
(.E01) cannot be taken …
![Page 11: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/11.jpg)
2. Logical Images
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK11
When Physical image of a HD
(.E01) cannot be taken …
Make Logical image (.L01)
Recovery from Unallocated clusters,
deleted files, … – Product Support!
![Page 12: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/12.jpg)
3. Cloud Forensics
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK12
http
://ww
w.su
eblim
ely.co
m/im
ag
es/posts/2
008/sh
out.jp
g
When dispute-related
data entirely resides in
a fraction of machines
![Page 13: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/13.jpg)
3. Cloud Forensics
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK13
![Page 14: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/14.jpg)
4. Virtual Machine Forensics
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK14
.lnk files
.dll files
![Page 15: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/15.jpg)
Summary
• Teaching real life digital forensic case studies
• Provision of flexible learning environment
• Challenges of providing remote support
• Problems of using commercial tools remotely
• Future directions
• Adaption to flipped curriculum
• Evaluation of learning experience and skills level
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK15
![Page 16: Developing a Repository of Digital Forensics Case Studies ... · Outne • Introduction • Flexible Learning Environments • Digital Forensics Case Studies • Summary & Perspectives](https://reader034.fdocuments.in/reader034/viewer/2022050601/5fa8cda618d6652c19273678/html5/thumbnails/16.jpg)
Perspectives
• We need to work on the harmonisation of digital forensic analysis methodologies and the governing policies
• Scenarios-based testing
• Identification of grey areas
• Mutual validations
19 November 2015Teaching Computer Forensics Workshop 2015,
Sunderland, UK16
Legislations
Technology Investigations
Sandbox