COS/PSA 413 - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

COS/PSA 413

Description:

COS/PSA 413 Day 5 * * * Agenda Questions? Assignment 2 Redo Due September 26 _at_ 3:35 PM Assignment 3 posted Due September 26 _at_ 3:35 PM Quiz 1 on September 30 Chaps 1-5 ... – PowerPoint PPT presentation

Number of Views:83
Avg rating:3.0/5.0
Slides: 18
Provided by: CourseTe8
Category:
Tags: cos | psa | chapter | quiz

less

Transcript and Presenter's Notes

Title: COS/PSA 413


1
COS/PSA 413
  • Day 5

2
Agenda
  • Questions?
  • Assignment 2 Redo
  • Due September 26 _at_ 335 PM
  • Assignment 3 posted
  • Due September 26 _at_ 335 PM
  • Quiz 1 on September 30
  • Chaps 1-5, Open book, Open notes
  • 20 M/C and 5 essays
  • Lab 1 corrected
  • 2 Bs, 6 Cs and 1 F
  • RTDQ!
  • Lab 2 write-ups due
  • Finish Discussion Processing Crime and incident
    Scenes
  • Lab 3 in N105
  • Hands-on project 5-4 and 5-5
  • Follow instructions in

3
Lab 1
  • 2-1
  • File listing , contents memo
  • Just the factsgtgtno bias and no conclusions
  • 2-2
  • Memo 25 clusters hits
  • 2-3
  • Memo
  • 4 files, 30 clusters for BOOK
  • 1 image files name and where found
  • 2-4
  • File listing
  • 2-5
  • Prodiscover resport with deleted and file type
  • 2-6
  • Prodiscover report with proper comments
  • 3 files with the 3 words (one file each)

4
Reviewing Background Information for a Case
  • Company called Superior Bicycles
  • Specializes in creating new and inventive modes
    of human-driven transportation
  • Two employees, Chris Murphy and Nau Tjeriko, have
    been missing for several days
  • A USB thumb drive has been recovered from Chriss
    office with evidence that he had been conducting
    a side business using company computers

5
Identifying the Case Requirements
  • Identify requirements such as
  • Nature of the case
  • Suspects name
  • Suspects activity
  • Suspects hardware and software specifications

6
Planning Your Investigation
  • List what you can assume or know
  • Several incidents may or may not be related
  • Suspects computer can contain information about
    the case
  • If someone else has used suspects computer
  • Make an image of suspects computer disk drive
  • Analyze forensics copy
  • \\Wallagrass\Software for N105 lab\COS413
    Software\Chap05\InChap05

7
Conducting the Investigation Acquiring Evidence
with AccessData FTK
  • Functions
  • Extract the image from a bit-stream image file
  • Analyze the image

8
(No Transcript)
9
Conducting the Investigation Acquiring Evidence
with AccessData FTK (continued)
10
(No Transcript)
11
(No Transcript)
12
Conducting the Investigation Acquiring Evidence
with AccessData FTK (continued)
13
(No Transcript)
14
Conducting the Investigation Acquiring Evidence
with AccessData FTK (continued)
15
Summary
  • Digital evidence is anything stored or
    transmitted on electronic or optical media
  • Private sector
  • Contained and controlled area
  • Publish right to inspect computer assets policy
  • Private and public sectors follow same computing
    investigation rules
  • Criminal cases
  • Require warrants

16
Summary (continued)
  • Protect your safety and health as well as the
    integrity of the evidence
  • Follow guidelines when processing an incident or
    crime scene
  • Security perimeter
  • Video recording
  • As you collect digital evidence, guard against
    physically destroying or contaminating it
  • Forensic hash values verify that data or storage
    media have not been altered

17
Summary (continued)
  • To analyze computer forensics data, learn to use
    more than one vendor tool
  • You must handle all evidence the same way every
    time you handle it
  • After you determine that an incident scene has
    digital evidence, identify the digital
    information or artifacts that can be used as
    evidence
Write a Comment
User Comments (0)
About PowerShow.com