CPSC 4680/5680: Computer Crime Investigation & Computer Forensics
IA Course
Catalog Description
Study on procedures for identification, preservation, and extraction of electronic evidence. Auditing and investigation of network and host system intrusions, analysis and documentation of information gathered, and preparation of expert testimonial evidence will also be covered. Also forensic tools and resources for system administrators and information system security officers will be explored.
Syllabus
Course Outcomes
- To familiarize and give the students an ethical perspectives and practices in computing by teaching them the existence of computer abuse, laws pertaining to such abuse and legal gray areas. This objective can be achieved through the teaching of morality, ethics, security, privacy, intellectual property rights, and the reliability of software products.
- To give the students a technical know how in computer network security so that they are able to not only know and identify computer system vulnerabilities, but are able to deal with a number of them.
- To give the students a legal and investigative framework, understanding, and competence through the study of computer forensics. Students will not only know how to deal with security bleaches, they will also be able to deal with the after effects of such bleaches through investigations and prosecutions of the culprits.
- To provide the student with the context to appreciate the value of technology and to understand that technology is not neutral, that it creates ethical and moral muddles that must be dealt with.
- To create and nurture an ideal atmosphere for academic dialogue, debate, and question-answer sessions among students intended to deepen their understanding of technology and its effects on society.
- To improve students’ oral and written communication skills.
- To affect their behavior by challenging them to examine ethical and moral situations, think through them and identify relevant support systems.
Textbooks
Nelson, Bill, Amelia Phillips, frank Enfinger, and Chris Steuart. Guide to Computer
Forensics and Investigations. 3rd Edition, Thomson Course Technology, 2008.
Mandia, K., Prosise, C. and C. Pepe, M. Incident Response and Computer Forensics.
Second Edition, Osborne-McGraw Hill, 2003.
Please check this link from the UTC InfoSec center for additional resources for your course work and paper:
https://new.utc.edu/engineering-and-computer-science/caecd/resources.
COURSE OUTLINE
- Understanding Computer Forensics
- Understanding Computer Investigations
- Working with Windows and MSDOS Systems ( FAT , UNIX, NTFS File Systems)
- Mac and Linux Boot Processes and Disk Structure
- Digital Evidence Collection and Controls
- Processing Crime and Incident Scenes
- Data Acquisition
- Computer Forensics Analysis
- E-mail Investigations
- Recovering Image Files
- Writing Investigative Reports
Class Notes and Schedule
(to see notes click on Week number)
|
Week |
Lecture Topic |
Laboratory Activity |
|
Introduction. Nature of Forensics Evidence. Ethical Issues Legal Issues I. |
Ethics Case, Seizure Proceedings |
|
|
Evidence Collection. Email Tracing. Internet Fraud. |
Email Trace. URL Obscuring. Password Cracking. |
|
|
Legal Issues II. Hard Drive Facts. FAT File Systems I. Hard Drive Imaging. |
Hard Drive Mirroring. Understanding MBR and BPB |
|
|
NTFS, UNIX UNIX File Systems II. Searching for Evidence on a Hard Drive I. |
Evidence Search at Byte Level. |
|
|
FAT, NTFS, UNIX File Systems III. Searching for Evidence on a Hard Drive II. |
Evidence Search with Forensics Tool. |
|
|
Live Systems Investigations. |
Creation of Forensics Boot Disks. Emergency Assessment of a UNIX system. |
|
|
Network Protocols. Network Analysis. |
Introduction to network scanning tools. Ethereal, TCPDump. |
|
|
Hacking I. |
Network Scanning. Traffic Analysis. Snort. |
|
|
Hacking II. Organizational Security. |
Denial of Service Attacks. |
|
|
Incidence Response Policies. Incidence Reporting. Forensics and Intrusion Detection Tools. |
Network Vulnerability Tools. |
|
|
E-mail Investigations |
|
|
|
Recovering Image Files |
|
|
|
Writing Investigative Reports |
|
|
|
Presentation of Reports |
|
References
Article
- 9 Of 10 Companies Hit By Computer Crime, FBI Says; According to the FBI's most recent survey, one of five organizations also admitted that it had been victimized by 20 or more attacks.(Federal Bureau of Investigation report)(Brief Article). (January 01, 2006). Information week.
- Welch, T. (September 06, 1997). Computer Crime Investigation and Computer Forensics. Information Systems Security, 6, 2, 56-80.
- Colaguori, C. (December 01, 2012). Computer crime, investigation, and the law. Police Practice and Research, 13, 6, 539-540.
- Barmaki, R. (January 01, 2012). Computer Crime, Investigation, and the Law.(Book review). Criminal Justice Review, 37, 1, 132-133.
- Handbook of Computer Crime Investigation: Forensic Tools and Technology.(INVESTIGATIONS)(Book Review). (January 01, 2005). Security Management, 49, 3.)
- Computer Forensics: Computer Crime Scene Investigation, Second Edition, by John Vacca, provides an overview of computer crime. (July 01, 2005). Communications News, 42, 7, 10.
- McCollum, T. (November 01, 1997). Computer crime. Nations Business, 85, 11, 18-28.
- Kosiba, T. P. (January 01, 2003). Handbook of computer crime investigation: forensic tools and technology. Forensic Science Communications, 5, 2.)
- Investigating Computer Crime. (January 01, 1997). Fbi Law Enforcement Bulletin, 66, 3, 15.
- Carter, D. L. (January 01, 1995). Computer Crime Categories. Fbi Law Enforcement Bulletin, 64, 7, 21.
Book
- Kizza, J. M. (2013). Ethical and social issues in the information age. London: Springer London.
- Vacca, J. R., & Rudolph, K. (2010). System forensics, investigation, and response. Sudbury, MA: Jones & Bartlett Learning.
- Maras, M.-H. (2012). Computer forensics: Cybercriminals, laws, and evidence. Sudbury, Mass: Jones & Bartlett Learning.
- Leonard, V. A. (1971). Criminal investigation and identification. Springfield, Ill: Thomas.
- James, S. H., & Nordby, J. J. (2003). Forensic science: An introduction to scientific and investigative techniques. Boca Raton, Fla: CRC Press.
- Kim, K. J., & Chung, K.-Y. (2013). IT convergence and security 2012. Dordrecht: Springer.
- Sammons, J. (2012). The basics of digital forensics: The primer for getting started in digital forensics. Amsterdam: Elsevier/Syngress.
Resources
Secure Use |
|
General Security Policy: Cyber Ethics |
Cyber Ethics |
General Security Policy: Information Technology Security Evaluation Criteria (ITSEC) |
ITSEC Definition |
General Procedures: Inference |
Inference Definition |
General Procedures: Rainbow Series |
Rainbow Series |
General Procedures: NSTISSAM COMPUSEC/1-99 Insider Threat to Government Computer Systems |
NSTISS Glossary
|
General Countermeasures and Safeguards: Computer Law |
Computer Law |
General Countermeasures and Safeguards: Computer Media |
Computer Media
|
General Countermeasures and Safeguards: Evaluate Security Testing Tools |
Security Testing Tools |
Administrative Countermeasures/Safeguards: Control Management |
Change Control
|
Administrative Countermeasures/Safeguards: Privacy Act |
Privacy Act of 1974 |
Operations Policies/Procedures: Keystroke Monitoring |
Keystroke Monitoring |
Operations Policies/Procedures: Disaster Recovery Planning |
Disaster Recovery |
Incidents |
|
Policy and Procedures: Incident Response |
Incident Response |
Policy and Procedures: Witness Interrogation |
Witness Interrogation |
Operations Countermeasures/Safeguard: Computer Attacks |
Computer Attacks
|
Operations Countermeasures/Safeguard: Computer Emergency Readiness Teams |
CERT |
Configuration |
|
Administrative Policies/Procedures: Approval to Operate |
Approval to Operate |
Administrative Policies/Procedures: Configuration/Change Control |
Change Control |
Administrative Policies/Procedures: Copyright Protection |
Copyright Protection |
Administrative Policies/Procedures: Patch Management |
Patch Management |
Administrative Policies/Procedures: Records Management |
Records Management |
Administrative Policies/Procedures: Wireless Use Policies |
Wireless Use Policy |
Anomalies and Integrity |
|
General Risk Management: Computer System Risk Management |
Risk Management |
Access Control Safeguards: Computer System Access Control |
Access Control |
Access Control Safeguards: Protected Distribution Systems |
Protected Distribution System |
Access Control Safeguards: Information Systems Access Restrictions |
Access Restrictions |
Administration |
|
Access Control Mechanisms: KMI Applications |
Key Management |
Access Control Mechanisms: Single Sign-on |
Single Sign On |
IA Sites
- National Security Agency, Central Security Service—Information Assurance
- Information Assurance Support Environment
- Information Design Assurance Red Team (IDART)
- National Institute of Standards and Technology (NIST) Computer Security Division
- NIST Computer Security Resource Clearinghouse
- National Telecommunications and Information Administration (NTIA)
- ICAT Metabase
- ICAT is a searchable index of information on computer vulnerabilities. It provides search capability at a fine granularity and links users to vulnerability and patch information.
- National Vulnerability Database (NVD)
- STRATCOM
- ASD NII
- Defense Advanced Research Projects Agency (DARPA)
- Defense Information Systems Agency (DISA)
- Internet Traffic Report
The Internet Traffic Report monitors the flow of data around the world. It then displays a value between zero and 100 and is updated ever 15 minutes. Higher values indicate faster and more reliable connections. - Electronic Privacy Information Center Home Page
Public interest research center in Washington, D.C. - Information Security Portal
This site provides information concerning the topic of Information Warfare including security tools, the law and legal issues, espionage, terrorism, and information operations. - Internet Privacy Coalition
- International Computer Security Association (ICSA)
ICSA is known worldwide as an objective source for security assurance services. - Glossary of Information Warfare Terms
- Cyberwar - Information warfare and psychological operations
Provides information on the topics of propaganda analysis, online journals, index and metapages, general resources, intelligence agencies, and articles and documents. - Reliable Software Technologies (RST): Information Warfare
- Forum of Incident Response and Security Teams (FIRST)
- FIRST brings together a variety of computer security incident response teams from government, commercial, and academic organizations. FIRST aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large.
- International Association for Cryptologic Research (IACR)
The International Association for Cryptologic Research (IACR) is a non-profit scientific organization whose primary purpose is to further research in cryptology and related fields. - International Biometrics Industry Association (IBIA)
- Common Vulnerabilities and Exposures
- A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.
- Institute for Applied Network Security (IANETSEC)
The Institute for Applied Network Security is the premier membership organization for practicing information security professionals. The Institute's mission is to provide key technical and business insights to help members solve their most pressing professional challenges. - Reliability Information Analysis Center (RIAC)
Reliability Information Analysis Center (RIAC) : A Government and Industry focal point for Reliability, Maintainability, Quality, Supportability, and Interoperability related Engineering, Data, Software, Information, Training and Technical Assistance.