technology in computer forensics alicia castro thesis defense master of software engineering ...
TRANSCRIPT
![Page 1: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/1.jpg)
Technology in Computer Forensics
Alicia Castro Thesis Defense
Master of Software Engineering Department of Computer Science
University of Colorado, Colorado Springs
![Page 2: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/2.jpg)
Technology in Computer Forensics
Author: Alicia Castro
Committee Members: Dr. C. Edward Chow
Dr. Jugal K. Kalita Dr. Xiaobo Zhou
![Page 3: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/3.jpg)
Computer Forensics Facts
Computer forensics is about investigating digital evidence related to criminal or suspicious behavior where computers or computer and related equipment may or may not be the target.
Internet crime has increased 22.3% in 2009 over 2008.
![Page 4: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/4.jpg)
Computer Forensic Background Digital evidence includes computer
generated records such as the output of computer programs and computer-stored records such as email messages
It is difficult to attribute certain computer activities to an individual especially in a multi-access environment.
![Page 5: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/5.jpg)
Computer Forensics Legal Issues Understand fundamentals of:
Search and Seizure laws Electronic Communication Privacy Act Wiretap Statute Pen/Trap Statute Patriotic Act State Laws about Search and Seizure
![Page 6: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/6.jpg)
Forensic Investigation
Accessories to a Crime
![Page 7: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/7.jpg)
…Forensic Investigation
Accomplices of a Crime
Suspect
![Page 8: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/8.jpg)
Utilities used with Nica Forensic Tool
IECacheView MozillaCacheView ChromeCacheView IEHV Outlook Redemption Microsoft Log Parser
Nica Forensic Tool uses external tools to help parse the cache files from IE, Mozilla Firefox and Google Chrome browsers and also to gain access and parse the Outlook .pst files
![Page 9: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/9.jpg)
Nica Forensic tool functionality
Use the cache files parser information and determine what information is valuable.
Get cookies and history files of each web browser, Skype logs, Instant Messenger and Outlook logs.
Store information in a database Display any necessary output. Design of all GUI displays
![Page 10: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/10.jpg)
Nica Forensic Tool
Unlike most the forensic tools, it finds all the users on the computer not just the logged on users.
Unlike similar forensic tools, it does not need the investigator to enter the path where the information would be found. Nica Forensic Tool does it for the investigator.
![Page 11: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/11.jpg)
Nica Forensic Tool Design
Enter Case NumberCase DescriptionForensic InvestigatorNotes
![Page 12: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/12.jpg)
Run the parser to find entries by activities. Note the time stamp for date that the investigation was done and also the times it takes to find all the activities
![Page 13: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/13.jpg)
Timeline Viewer Report by user, date time and activities
![Page 14: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/14.jpg)
Finding the Evidence
![Page 15: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/15.jpg)
Selecting the Evidence
![Page 16: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/16.jpg)
Displaying selected suspected activities
![Page 17: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/17.jpg)
Evidence’s Classification
Inclusion Criteria More than one
activity Time between
activities is less than 15 minutes
Previous history of web sited visited
Exclusion Criteria One isolated
activity and no previously history
Two or more activities with time intervals of more than 15 minutes between each activity
![Page 18: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/18.jpg)
Nica Forensic Tool Logic Flow Chart
![Page 19: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/19.jpg)
Nica Forensic Tool Implementation Number of End Users = 6 (it can be
unlimited) Effects on change of task and
responsibilities of End Users: Tool is so portable, investigators can carry it
with them. It works so fast, that it can be run when a
suspect just moves away from his/her computer for a few minutes.
It is still a forensic tool, all the legal steps should be followed before trying to run the tool.
![Page 20: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/20.jpg)
Nica Forensic Tool Limitations Forensic can be done only to computers
that are using the windows platform. Currently set to use the most popular
browsers, instant messengers, and Outlook email client but more can be added easily to the scalable architecture.
![Page 21: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/21.jpg)
Conclusion
Only portable Forensic Tool that automatically looks for login paths and all user profiles
Capture relevant Evidence Easy to use Assist Investigators obtaining reliable
evidence
![Page 22: Technology in Computer Forensics Alicia Castro Thesis Defense Master of Software Engineering Department of Computer Science University of Colorado,](https://reader036.vdocuments.us/reader036/viewer/2022062321/56649ef55503460f94c08641/html5/thumbnails/22.jpg)
References
Please refer to Thesis Document http://cs.uccs.edu/~chow/master/acastro/doc/
MasterThesisV6.doc