Teaching Computer Forensics Using Student Developed Evidence Files

1
Teaching Computer Forensics Using Student
Developed Evidence Files

• Anna Carlin
• Cal Poly Pomona

2
Agenda

• What is Computer Forensics
• Trends in Computer Forensics
• Structure of a Computer Forensics Course
• Investigative Mindset
• Criminal Mindset
• Legal Aspects of Computer Forensics
• Ethics
• Highlights
• Questions Answers

3
What is Computer Forensics?

• Application of computer investigation and
  analysis in the interests of determining
  potential legal evidence
• Involves the identification, preservation,
  extraction, documentation, and interpretation of
  this digital evidence

4
Trends in Computer Forensics

• Computer Information System/Information
  Technology
• 95 or worlds information is being generated and
  stored in a digital form
• Only about one-third of documentary evidence is
  printed out

5
Structure Of Course

• Prerequisites
• Textbooks Used
• Group and Individual Projects
• Lab Environment/Facility

6
Quarter System Class

• Prerequisites
• Cal Poly Junior/Senior level in a career track
• Textbooks
• Guide to Computer Forensics
• from Course Technology
• Recommended Hacking Exposed Computer Forensics
  Secrets and Solutions

7
Topics Covered

• Applicable Laws
• Processing Crime and Incident Scenes
• Collecting Evidence
• Recovering Evidence
• Computer Forensic Tools
• Documenting the Investigation
• Communicating the Results

8
Cal Polys Computer Forensics Lab

• Allows hands-on experience
• Evidence lockers
• 3 separate hard drives
• Software available
• EnCase Enterprise version 5
• FTK
• Open source products
• Virtual PC

9
Additional Software

• HexWorkshop
• Irfanview
• Paraben
• PC-Encrypt
• WinHex
• BitPim
• Stegdetect

10
Group Project

• The goals are to
• Follow a documented forensics investigation
  process
• Identify relevant electronic evidence associated
  with various violations of specific laws
• Identify probable cause to obtain a search
  warrant
• Recognize the limits of search warrants
• Locate and recover relevant electronic evidence
• Maintain a chain of custody

11
Group Project Parts

• Create the evidence
• Pick a crime and identify the elements
• Generate evidence to support that crime
• Write and execute a search warrant
• Analyzing the evidence seized
• Maintain chain of custody
• Analyze the digital medium for evidence
• Document the process and findings
• Presentation of findings

12
Group Projects Created

• Bioterrorism of 80 of the worlds coconut supply
  on a fictitious island
• A Da Vinci Code takeoff where the curator
  interrupts the robbery of the Mona Lisa and is
  killed in the process
• Murder of a faculty member and where they are
  buried
• Counterfeit Anaheim Angel playoff tickets

13
Individual Projects (Labs)

• Acquiring an image for analysis
• Recovering deleted data
• Password and encryption methods
• Images and steganography
• Tracing emails
• Email analysis
• Cell phones
• PDA

14
Investigative Mindset

• Handling the Crime Scene
• Ears, Eyes, Hands
• Computer Evidence
• Digital Evidence
• Crime Scene investigation and boundaries
• Searching and Collecting evidence
• Dos and Donts

15
Criminal Mindset

• Identify Theft
• Pornography
• Sexual Harassment
• Embezzlement
• Mail- Hate- Gambling across States- Drug
  Trafficking- Images
• Understanding anti-forensic techniques to hide
  evidence

16
Legal Aspects of Computer Forensics

• Dont commit a crime when manufacturing evidence
• Verify the tools
• Document everything

17
Ethics

• Do your job
• Remove any personal agendas you may have about
  the case/investigation
• Knowing it and proving it are 2 different things
• State the facts as you see them
• It is not your job to be Judge and/or Jury
• Ethical Hacking

18
Highlights

• Professor in class challenges
• Time available after class for lab work
• Student Technical Experience is varied
• Evidence created could be hit or miss
• Student creativity
• Training/Certifications
• Computer Usage Policy
• White Hacker Policy

19
Questions and Answer