january 2001network ice1 forensics. january 2001network ice2 what is computer forensics? acquisition...
TRANSCRIPT
January 2001 NETWORK ICE 1
Forensics
January 2001 NETWORK ICE 2
What is Computer Forensics?
• Acquisition of Computer Evidence• Preservation• Analysis• Court Presentation
January 2001 NETWORK ICE 3
Why Computer Forensics?• U.S. businesses will generate 17.5 trillion
electronic documents as compared to only about 7.5 trillion paper documents by 2005.
• Computer evidence is fragile by nature and can be easily erased or otherwise compromised without special handling.
• Forensic tools should promoted the non-invasive recovery of deleted, hidden and temporary files that are normally invisible to the user.
January 2001 NETWORK ICE 4
Computer Forensics and the Law
• Courts in the US and other jurisdictions mandate that computer evidence be collected in a forensically sound manner -Gates Rubber Co. v. Bando Chemical Indus.,
Ltd., 167 F.R.D. 90 (D.C. Col., 1996); Simon Property Group v. mySimon, Inc. 2000 WL 963035
• Proper Preservation and Chain of Custody of Computer Evidence must be Established
January 2001 NETWORK ICE 5
Forensic Type cases• theft of intellectual property • destruction of/misappropriation of data • alteration of data, alteration/misuse of programs • use of unlicensed software • illegal duplication of software • unauthorized access to a computer system • unauthorized use of a company's computer for private gain • unofficial access to confidential data • downloading/distribution of pornographic material • e-mail mis-use • blackmail • money laundering • murder • rape • insurance fraud
January 2001 NETWORK ICE 6
Extreme Forensics
January 2001 NETWORK ICE 7
Evidence Display