CRIM 218 Study Guide - Spring 2019, Comprehensive Final Exam Notes - Malware, Security Hacker, Phishing
54 views36 pages
30 Mar 2019
School
Department
Course
Professor
CRIM 218
L1 Introduction to cybercrime:
1. Digital forensics and computer security:
• Computer security focuses on protection, prevention and recovery
• Digital forensics focuses on detection, evidence and event reconstruction
2. Digital forensic analyst:
• Some work for law enforcement: preparing evidence for criminal proceedings
• Working with law enforcement, private companies, forensic consultants
• Public sector or commercial organisations: investigating in house cases
3. Cybercrime:
• Any illegal activity that depends for its execution on computers, computer
baased devices or computer networks
4. Computer based crime:
• Criminal activity conducted purely on computers
• May include aspects of traditional crime conducted purely on computers
5. Computer facilitated crime:
• Crime conducted in the real world but facilitated by the use of computers
• Fraud: using computers to communicate with others
6. Digital forensics: major components:
• Following appropriate standards of practice
• Analysis and investigation techniques
• Using software tools
• Secure and detect evidence
• Determine the presence and nature of computer-based criminal activity
7. Facts:
• Takes time and may require a court order to obtain a specific IP address, not as
precise and quick like in the movies
• Most video evidence is grainy and quickly loses definition when magnified,
software enhancement techniques can help only a little bit
• Aims to detect the presence of residual data: log files etc. detection, recording
and reporting of such data
8. Computer-based electronic evidence:
• Information and data of investigate value that is stored on or transmitted by a
computer
• In its natural state, we cannot see what is contained in the physical object that
holds our evidence
• Equipment and software are required to make the evidence available: testimony
may require to explain the examination and any limitations in the detection
process
• Fragile in nature, can be altered, damaged, or destroyed by improper handling or
improper examination
find more resources at oneclass.com
find more resources at oneclass.com
9. Association of Chief Police Officers guidelines:
10. Secure and detect evidence:
• Securing evidence is the seizure of relevant devices
• Seized, bagged, labelled and documented
• A chain of evidence log is maintained to provide an audit trail
• All actions on the devices are also logged
• Record the identity of investigators managing the devices at any time
11. Evidence is secured:
• All data storage devices are copied and imaged
• An MD5 or SHA-1 hash is created to validate the data, to compare to the original
if someone altered it
• All subsequent search uses a copy of the original data
12. Evidence is detected:
• Using software tools
• To search a particular variety of information
• Such s recent documents or google search history ha-ha
13. Data quantity:
• Huge quantities od data, many devices, lost of analysis and requires a lot fo time
and storage
• One byte = 1 character
• 1 megabyte=1 million characters, 500 sheets of paper
• 1GB: about 50 meters tall of flat paper
• 2TB about 100 km
• average person can read and process through about 200 words per minute
• we need data analysis to support such huge amount of data searching
• time required to seize and document the hardware
find more resources at oneclass.com
find more resources at oneclass.com