Digital Forensics

1
Digital Forensics

• Dr. Bhavani Thuraisingham
• The University of Texas at Dallas
• Lecture 6
• Forensics Services
• September 10, 2007

2
Outline

• Cyber crime
• Cyber detective
• Risk Management
• Investigative services
• Process improvement
• Conclusion
• Links
• Appendix Malicious Code Detection

3
Review of Lecture 5

• Lectures 5
• Types of Computer Forensics Systems
• Objective Identify issues in corporate planning
  for computer forensics
• Tools for Digital Forensics
• Assignment 1
• Lab Tour

4
Lecture 5 Types of Computer Forensics Systems

• Internet Security Systems
• Intrusion Detection Systems
• Firewall Security Systems
• Storage Area Network Security Systems
• Network disaster recovery systems
• Public key infrastructure systems
• Wireless network security systems
• Satellite encryption security systems
• Instant Messaging Security Systems
• Net privacy systems
• Identity management security systems
• Identify theft prevention systems
• Biometric security systems
• Homeland security systems

5
Cyber Crime

• Financial Fraud
• Sabotage of Data or Networks
• Theft of Proprietary Information
• System Penetration from the outside and denial of
  service
• Unauthorized access by insiders and employee
  misuse of Internet access privileges Insider
  threat
• Malicious code (e.g., Virus)

6
Cyber Detective

• Forensics investigators
• detect the extent f security breach,
• recover lost data,
• determine how an intruder got past the security
  mechanisms,
• and possibly identify the culprit
• Legal issues
• Admissibility of digital evidence in court
• Laws lag technology
• Theft A person must permanently deprive the
  victim of property does this apply to cyber
  theft?

7
Risk Management

• Risk management
• is the human activity which integrates
  recognition of risk, risk assessment, developing
  strategies to manage it, and mitigation of risk
  using managerial resources.
• The strategies include transferring the risk to
  another party, avoiding the risk, reducing the
  negative effect of the risk, and accepting some
  or all of the consequences of a particular risk.
• http//en.wikipedia.org/wiki/Risk_management
• Risk management for Computer Forensics
• Effective IT and staff policies
• Use of state of the art Vendor tools
• Effective procedures

8
Forensic Services

• Forensics Incident Response
• Evidence Collection
• Forensic Analysis
• Expert witness
• Forensic litigation and insurance claims support
• Training
• Process improvement

9
Investigative services examples

• Intrusion detection service
• Installing technical safeguards to spot network
  intruders or detect denial of service attacks at
  e-commerce servers
• Digital evidence collection
• Identify all devices that may contain evidence
• Quarantine all in-house computers
• Court orders to preserver and collect evidence

10
Process Improvement Tools

• Dig x/nslookup
• Whois
• Ping
• Traceroute
• Finger
• Anonymous surfing
• USENET
• Need to integrate the processes

11
Conclusion

• Part I has provided an overview of computer
  forensics and discussed technologies, systems and
  services
• There are two major aspects one is detect that a
  problem has occurred and the other is finding out
  who did it
• Technology and legal aspects both work together
• Should a corporation outsource the forensics
  services or carry it out in-house
• Evidence collected must be stored in a secure
  place security techniques include encryption
• Must manage and mitigate risks

12
Links

• http//www.compforensics.com/
• http//www.computer-forensic.com/faqs.html
• http//www.cfsiusa.com/
• Dallas, TX
• http//www.evestigate.com/
• http//www.digitaldataforensics.com/
• http//www.databankservices.com/
• Austin, TX
• http//www.vogon-international.com/computer-forens
  ics/
• http//www.vogon.co.uk/
• http//www.forensiccomputerservice.com/