Introduction to Digital Forensics - PowerPoint PPT Presentation

1 / 21

About This Presentation

Title:

Introduction to Digital Forensics

Description:

Introduction to Digital Forensics – PowerPoint PPT presentation

Number of Views:803

Avg rating:3.0/5.0

Slides: 22

Provided by: goldengric

Category:

more less

Transcript and Presenter's Notes

Title: Introduction to Digital Forensics

1
Introduction to Digital Forensics

Golden G. Richard III
Professor
Department of Computer Science
University of New Orleans
GIAC-certified Digital Forensics Investigator
Co-founder, Digital Forensics Solutions, LLC
golden_at_cs.uno.edu
http//www.cs.uno.edu/golden

2
My Background

Born in Jennings, LA (a small town near
Lafayette)
Moved to New Orleans when I was 5
Attended public schools
Allen ? McMain ? Beauregard (now Thorogood
Marshall) ? Warren Easton
Then University of New Orleans (B.S.)
Then Ohio State (M.S., Ph.D)
Moved back to New Orleans after Ohio State
Professor at university where I started out

3
Digital Forensics

Definition Tools and techniques to recover,
preserve, and examine digital evidence on or
transmitted by digital devices.
Devices include computers, PDAs, cellular phones,
videogame consoles, copy machines, printers,

4
In Other Words
Ouch

Recover information from
Computers
Cell phones
Copy machines
FAX machines
Lots of other types of devices
TO
Help solve crimes or defendpeople accused of
crimes
Recover lost information
EXAMPLE Digital camera breaks and photos are
lost

5
Examples of Digital Evidence

Illegal pictures
Threatening emails
Documents
Suicide notes
Bomb-making diagrams
Text messages on cell phones
Contact lists
Pictures from camera phone

6
Why Does Digital Forensics Work?

Deleted files arent really deleted
Can use tools to retrieve deleted data
Renaming computer files to avoid detection
doesnt work
Tools detect that names of files have been
changed
Installation (and un-installation) of software on
your computer leaves electronic fingerprints
Even chopping up storage media like floppy disks
or CDs may not destroy all the data!
What do you need to do to really kill files?

7
Killing Hard Drives
or
or
degausser (a BIG magnet!)
8
Overview Typical Investigation

Assumes that what we discussed on the previous
slide hasnt happened!)
Document the scene (take photos)
Make copies of evidence
Examine the copies of the evidence
Write a report that describes results
Present results to the person writing the check
for your services! ()

9
Careful Documentation is Very Important
10
Remove Evidence, Make Copies
hard drive
11
Then Figure Out Whats Going On
evidence
12
(No Transcript)
13
(No Transcript)
14
(No Transcript)
15
Faster Using Cool Computer Hardware
Cluster of computers helps speed up
investigations
Run parts of forensicsapplications on graphics
cards!
16
Careers in Digital Forensics

Law
Lots of interesting legal issues
Knowledge of digital forensics law
(!!)
Law Enforcement
Local, state , federal
Corporate
Banks, large chains like Target, K-Mart,
Private digital investigation companies
Be a Teacher

17
Skill Levels
computer technician preserve evidence, make
copies of evidence
basic computer skills some knowledge of
legal issues
digital forensics investigator perform digital
investigations using existing tools,
prepare detailed examination reports, testify
training in common digital forensics applications
digital forensics researcher ability to create
new tools, sometimes in response to
case-specific needs
excellent programming skills, knowledge of
operating systems, filesystems,
low-level details of computer systems
18
Black Belt in Digital Forensics Skills

Excellent oral and written communication skills
Must communicate findings (incredibly technical
details) to non-technical people (in English)
Study English, become the best speaker and writer
that you can
Math, math, math
Computer programmers must understand math
Its hard. So what? Do it anyway.
Learn everything you can about computers

19
University of New Orleans