Class notes
Computer Forensics Notes
- Course
- Institution
computer forensics notes introduction
[Show more]
Seller
Follow
Koech
Content preview
Computer Forensics Notes – IntroductionChapters Overview
Chapters 01 – 05: Fundamental Concepts and Legal Issues
Chapters 06 – 09: Digital Investigations
Chapters 10 – 14: Apprehending Offenders
Chapters 15 – 20: Computer Forensics
Chapters 21 – 25: Network Forensics
Introduction
Although you will have to think in order to succeed in the class, most of what you need for the tests are
already covered in the labs and lectures. Focus on understanding the material instead of memorizing it.
We will be focusing on basic computer law at federal and state levels, digital investigation techniques,
investigation procedures, possible locations of evidence, and real-world applications.
Our Interconnected World
m
er as
In the modern age, cyberspace and the real world are interconnected; GPS systems built into cell phones
co
track our movements, credit card transactions tell others where (and when) we were shopping at a
eH w
store, digital cameras watch over us as we walk through the streets, etc. The divide between cyberspace
and the physical world is fading as technology continues to play a larger role in our daily lives.
o.
rs e
ou urc
Computer Crimes
In recent times, bullying and hate crimes have started taking place in cyberspace, pedophiles are using
the internet to exploit children, stalkers are using technology to harass their victims, and criminals are
o
using technology to steal information. On a much larger scale, nations are taking to cyberspace in order
aC s
to develop cyberweapons that can cause physical harm (to other computers and computer networks).
vi y re
Why Computer Forensics?
Today, we focus on performing digital investigations, apprehension, and eventually, prosecution.
Although every case is different, most cases involve the use of computers, which may contain
ed d
incriminating evidence, be used as a tool used in a crime, become the target of a crime, etc.
ar stu
Note that in some cases, computer networks (not the computers themselves) may also contain
incriminating evidence.
is
Computer Crimes
Th
Crimes involving computers are often referred to as computer crimes. In essence, the term refers to a
[limited] set of offenses that are defined by law (such as the U.S. Computer Fraud and Abuse Act).
Computer crimes can include theft of computer services, unauthorized access to protected computers
sh
(discussed in lecture notes), software piracy, and alteration/theft of electronically stored information.
The difficulty in using the term computer crime (or cybercrime) is that a computer may not have been
directly involved with a crime; however, the computer may contain digital evidence of the crime
occurring. In such instances, the term computer-related crime should be used instead.
This study source was downloaded by 100000831055357 from CourseHero.com on 09-01-2021 03:38:04 GMT -05:00
https://www.coursehero.com/file/22527730/Forensics-Chapter-1-Notes/
, Digital Investigation
The term digital investigation refers to any investigation involving digital evidence. The term computer
forensics usually refers to the forensic examination of computers, stored content, and its peripherals; the
term is loosely used to describe a wide range of activities that are more related to securing information
systems than gathering evidence for an investigation (field includes more than computers).
The Framework of Computer Forensics
Computer Science provides the technical details necessary to understand aspects of digital evidence.
Behavioral Analysis provides a method of synthesizing knowledge and understanding scientific
methods in order to better understand criminal behavior and motivation, see the “Fraud Triangle”.
Forensic Science provides a general approach to analyzing evidence.
The Law is the framework within which these concepts fit.
Chapter 1: Foundations of Digital Forensics
m
Digital Crimes
er as
Nearly every crime contains a digital component, which includes (but is not limited to) computer files,
co
internet histories, emails, mobile devices, digital photos, and social networks. Common computer crimes
eH w
include child pornography, computer/network hacking, financial fraud (including embezzlement, credit
o.
card fraud, and money laundering) and the sale of illegal goods/services.
rs e
ou urc
In recent times, terrorism, serial offenses, and cyberbullying have become greater concerns. For
instance, terrorists use computers to recruit members, launder money, spread propaganda, etc. Likewise,
network-based attacks often target critical infrastructure, including the government, power/electric
o
providers, health services, communication networks, financial institutions, emergency response services,
aC s
and so on. In addition, serial offenders often use the internet to lure victims and cyberbullies use the
vi y re
internet to harass other users; these actions can lead to real-world consequences.
However, there is a positive aspect to the increasing use of technology: criminals often leave behind
digital evidence. For example, Enron was caught in their fraudulent accounting practices primarily due to
ed d
digital evidence (mostly emails, since the firm destroyed the physical evidence) and brokerage firms
ar stu
dealing with Enron were fined for “failing to maintain data relating to communications with Enron.”
Case Study – Second Life
is
In virtual worlds, such as Second Life, attackers can steal and delete in-game avatars, in-game items, etc.
As such, crimes relating to the destruction of digital property are starting to become recognized today.
Th
Digital Evidence
Digital data is useful in almost any case involving technology (directly or indirectly), regardless of
sh
whether it is criminal or civil; digital data should be collected while conducting an investigation, as it can
provide leads, support/disprove witness statements, and identify possible suspects.
Digital Evidence Cont.
This study source was downloaded by 100000831055357 from CourseHero.com on 09-01-2021 03:38:04 GMT -05:00
https://www.coursehero.com/file/22527730/Forensics-Chapter-1-Notes/
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Koech. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $7.49. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
56326 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now