Digital ForensicsOutlineReview of Lecture #5Lecture 5: Types of Computer Forensics SystemsCyber CrimeCyber DetectiveRisk ManagementForensic ServicesInvestigative services examplesProcess Improvement: ToolsConclusionLinksDigital ForensicsDr. Bhavani ThuraisinghamThe University of Texas at DallasLecture #6Forensics ServicesSeptember 10, 2007OutlineCyber crimeCyber detectiveRisk ManagementInvestigative servicesProcess improvementConclusionLinksAppendix: Malicious Code DetectionReview of Lecture #5Lectures 5-Types of Computer Forensics Systems-Objective: Identify issues in corporate planning for computer forensicsTools for Digital ForensicsAssignment #1Lab TourLecture 5: Types of Computer Forensics SystemsInternet Security SystemsIntrusion Detection SystemsFirewall Security SystemsStorage Area Network Security SystemsNetwork disaster recovery systemsPublic key infrastructure systemsWireless network security systemsSatellite encryption security systemsInstant Messaging Security SystemsNet privacy systemsIdentity management security systemsIdentify theft prevention systemsBiometric security systemsHomeland security systemsCyber CrimeFinancial FraudSabotage of Data or NetworksTheft of Proprietary InformationSystem Penetration from the outside and denial of serviceUnauthorized access by insiders and employee misuse of Internet access privileges: Insider threatMalicious code (e.g., Virus)Cyber DetectiveForensics investigators -detect the extent f security breach, -recover lost data, -determine how an intruder got past the security mechanisms, -and possibly identify the culpritLegal issues-Admissibility of digital evidence in court-Laws lag technology-Theft: A person must permanently deprive the victim of property: does this apply to cyber theft?Risk ManagementRisk management -is the human activity which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources.-The strategies include transferring the risk to another party, avoiding the risk, reducing the negative effect of the risk, and accepting some or all of the consequences of a particular risk.-http://en.wikipedia.org/wiki/Risk_managementRisk management for Computer Forensics-Effective IT and staff policies-Use of state of the art Vendor tools-Effective proceduresForensic ServicesForensics Incident ResponseEvidence CollectionForensic AnalysisExpert witnessForensic litigation and insurance claims supportTrainingProcess improvementInvestigative services examplesIntrusion detection service-Installing technical safeguards to spot network intruders or detect denial of service attacks at e-commerce serversDigital evidence collection-Identify all devices that may contain evidence-Quarantine all in-house computers-Court orders to preserver and collect evidenceProcess Improvement: ToolsDig –x/nslookupWhoisPingTracerouteFingerAnonymous surfingUSENETNeed to integrate the processesConclusionPart I has provided an overview of computer forensics and discussed technologies, systems and servicesThere are two major aspects: one is detect that a problem has occurred and the other is finding out who did itTechnology and legal aspects: both work togetherShould a corporation outsource the forensics services or carry it out in-houseEvidence collected must be stored in a secure place – security techniques include encryptionMust manage and mitigate risksLinkshttp://www.compforensics.com/http://www.computer-forensic.com/faqs.htmlhttp://www.cfsiusa.com/-Dallas, TXhttp://www.evestigate.com/http://www.digitaldataforensics.com/http://www.databankservices.com/-Austin,
View Full Document