Digital ForensicsOutlineWhat data to collect and analyzeValidating forensic dataData HidingRemote AcquisitionsRecovering Graphic FilesData CompressionLocating and Recovering Graphic FilesSteganographyTopics for Lecture #13Digital ForensicsDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #12Computer Forensics Analysis/Validation and Recovering Graphic FilesOctober 1, 2008OutlineTopics fir Lecture #12-What data to collect and analyze-Validating forensics data-Data hiding techniques-Remote acquisitions-Recovering Graphic files-Data compression-Locating and recovering graphic files-Stgenaography and Steganalysis-Reference: Chapter 9 am 10 of TextbookTopics for Lecture Number #13What data to collect and analyzeDepends on the type of investigationEmail investigation will involve network logs, email server backupsIndustrial espionage may include collecting information from cameras, keystrokesScope creep: Investigation extends beyond the original description due to unexpected evidenceValidating forensic dataValidating with hexadecimal editors-Provides support such as hashing files and sectorsDiscriminating functions-Selecting suspicious data from normal dataValidating with forensics programs-Use message digests, hash valuesData HidingData hiding is about changing or manipulating a file to conceal informationHiding partitions: Create partitions and use disk editor to delete reference to it, then recreate links to find the partitionMarking bad clusters: Placing sensitive or incriminating data in free space; use disk editors to mark good clusters as bad clustersBut shifting: Change bit patterns or alter byte valuesUsing Stereography to hide data (Lecture 13)Encrypt files to prevent accessRecover passwords using passwords recovery toolsRemote AcquisitionsTools are available for acquiring data remotely-E.g., Diskexplorer for FAT-Diskexporer for NTFSSteps to follow-Prepare the tool for remote acquisition-Make remote connection-Acquire the dataRecovering Graphic FilesWhat are graphic files-Bitmaps and Raster images-Vector graphics-Metafile graphicsGraphics file formats-Standards and SpecializedDigital camera file formats-Raw and Inage file formatData CompressionLossless compression-Reduce file size without removing dataLossy compression-Reduces file size but some bits are removed-JPEGTechniques are taught in Image processing coursesLocating and Recovering Graphic FilesIdentify the graphic file fragments-If the file is fragmented, need to recover all the fragments carving or salvaging)Repair damage headers-If header data is partially overwritten need to figure out what the missing pieces areProcedures also exist form recovering digital photograph evidenceSteps to follow-Identify file-Recover damage headers-Reconstruct file fragments-Conduct examSteganographySteganography is the art of covered or hidden writing. The purpose of steganography is covert communication to hide a message from a third party. This differs from cryptography, the art of secret writing, which is intended to make a message unreadable by a third party but does not hide the existence of the secret communication.Topics for Lecture #13SteganographyNull CiphersDigital Image and AudioDigital Carrier MethodsDetecting
View Full Document