Computer Security and Computer Forensics - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Computer Security and Computer Forensics

Description:

Computer Security and Computer Forensics Dr John Haggerty Network and Information Security Technology Lab (NISTL), Liverpool John Moores University – PowerPoint PPT presentation

Number of Views:1359
Avg rating:3.0/5.0
Slides: 19
Provided by: SchoolofC1
Category:

less

Transcript and Presenter's Notes

Title: Computer Security and Computer Forensics


1
Computer Security and Computer Forensics
Dr John Haggerty Network and Information Security
Technology Lab (NISTL), Liverpool John Moores
University J.Haggerty_at_ljmu.ac.uk http//www.cms.l
ivjm.ac.uk/cmpjhagg/
2
Outline of talk
  • Background
  • My philosophy
  • What constitutes computer security versus
    computer forensics?
  • Problems in teaching both computer security and
    computer forensics
  • The perfect module/programme?
  • Future issues and directions that can be brought
    into a course
  • LJMU initiatives

3
My background
  • Lecturer in Computer Security and Computer
    Forensics at LJMU
  • Teach modules in security and forensics
  • Developed and now Programme Leader for BSc (Hons)
    Sandwich Computer Forensics at LJMU
  • Chair of Advances in Computer Security and
    Forensics (ACSF) conference more later
  • Computer security and forensics background
  • Academic research
  • Practitioner experience
  • I hope to be a bit contentious in this talk!

4
My foolosophy
  • Computer security and computer forensics are
    distinct but complementary fields
  • Hopefully, will demonstrate this during the talk
  • Computer security is deterministic
  • Computer forensics is multi-disciplinary
  • Is computer forensics vocational or just computer
    science by another name?
  • New academic research area brings problems
  • Forensics free-for-all with security papers
    masquerading as forensics

5
Research-informed teaching
Conception of Knowledge Objective and separate
from knowers
Disciplinary Research culture
Departmental Learning milieu
Conception of Teaching Teacher focused,
information transmission
A. Brew, Teaching Research New relationships
and their implications for inquiry-based teaching
and learning in higher education, Higher
Education Research Development, vol. 22, no. 1,
2003.
6
Research-informed teaching
Forensics Vocational/Practitioner input?
Disciplinary Research culture
Academics
Students
Departmental Learning milieu
Knowledge transmission
7
Computer security - definition
  • Computer security is the preservation of system
    confidentiality, integrity and availability
  • Some researchers have broadened this definition
    to include access control, authentication,
    authorisation, etc.
  • Well defined and accepted area
  • Focus on the preservation of system security
  • In real life, aims to reduce the economic cost of
    an attack or threat of attack

8
Computer forensics - definition
  • Computer forensics the study of how people use
    computers to inflict mischief, hurt, and even
    destruction (Mohay et al, 2003)
  • The application of computer investigation and
    analysis techniques to determine potential
    evidence (Li Seberry, 2003)
  • No accepted definition
  • Focus on investigation and analysis
  • To determine responsibility for an event/set of
    events
  • Legacy of law enforcement focus
  • But is being adopted outside this domain

9
Security vs. forensics activities
  • Security versus forensics activities (caveat -
    depending on the focus of the investigation!)

Worms
Data source analysis
Firewalls
Mobile Device forensics
HD analysis
DoS/ DDoS
Access Control
Hacking
Investigation frameworks
Evidence collection
Intrusion detection
Incident Response
Fraud investigation
Mobile code/agents
Packet Spoofing
Law
Imaging
DRM
Cryptography
Log analysis
Impersonation
Port Scanning
Restoring deleted evidence
Hostile Code
Anti-Virus
Spam
Data theft analysis
Privacy
Security
Forensics
10
Computer security timeline
  • Iterative process
  • Focus on system integrity

Security planning policies
Deploy countermeasures
Fix problem/ Ensure no repeat
Problem discovered
Problem analysis
11
Computer forensics timeline
  • Linear process
  • Focus on culpability/responsibility

12
Problems teaching forensics
  • Security, and its benefits, are well known
  • Forensics less so
  • Teaching contradictory activities
  • e.g. hacking, anti-forensics, etc.
  • Often wearing two hats which is problematic
  • e.g. views on Vista encryption
  • Have to educate university colleagues to
    re-assure them of the benefits of forensics

13
The perfect forensics module?
  • Spans the computing spectrum (IS -gt SE)
  • Fit lecturers interests to student abilities
  • Make use of free tools in labs
  • As always, assume no knowledge
  • CSI doesnt count ?
  • I have forensic science students on my modules
  • Can only introduce a broad subject
  • Suggested lecture topics (no security per se)
  • What is computer forensics?, basics of HD/storage
    media, legal aspects, uses of computer forensics,
    procedures, Windows, Unix, network forensics,
    ethics, data hiding, investigating fraud, future
    issues

14
The perfect programme?
  • Rooted in computer science with specialist
    modules
  • Not all students will work in forensics after
    graduation
  • Forensics lab is required
  • Complement existing modules
  • e.g. programming, architecture, networks, etc.
  • Suggested specialist topics/modules
  • Year 1 Introduction to computer forensics,
    introduction to general law, scientific methods
  • Year 2 Use of computer forensics tools,
    developing investigations, IT law, development of
    forensic tools
  • Year 3 Computer security, network security,
    advanced IT law, advanced computer forensics

15
Future challenges
  • Academia well placed to meet future challenges to
    the field (throw out the goalposts?)
  • To name a few
  • Move to mobile/pervasive networked devices
  • Expanding memory availability
  • User security
  • Secure networked applications (e.g. Skype)
  • Investigatory procedures/frameworks in corporate
    environments
  • The law and technology (geo-political borders)
  • Multi-disciplinary nature of the field

16
Future directions
  • Possible areas to bring into a computer forensics
    module/programme
  • Some future directions of the field
  • Process automation
  • Development of scalable tools and techniques
  • Development of standards outside law enforcement
  • Understandable and applicable investigation
    frameworks
  • Security with accountability
  • Multi-disciplinary approaches encompassing law,
    technology and trust

17
LJMU initiatives
  • Practitioner talks
  • Get to know your local practitioners, police,
    etc.
  • Multimedia resources
  • Videos, MP3 downloads, etc.
  • Advances in Computer Security and Forensics (ACSF
    2008) conference sponsored by IET
  • Opportunity to meet with practitioners and
    researchers
  • Students attend for free!
  • Poster session by undergraduate/MSc students to
    present their projects at next conference

18
Summary
  • Computer security and computer forensics are
    distinct but complementary fields
  • As both fields are distinctive, wearing two hats
    can be problematic
  • The perfect (?) computer forensics module will
    have very little computer security input but
    computer security should be included in the
    perfect (?) computer forensics programme
  • Bring in future issues/directions of the field
    into the module and programme
Write a Comment
User Comments (0)
About PowerShow.com