Gerald M. Santoro, Ph.D. (gms@psu.edu)College of Information Sciences and Technology

The Pennsylvania State UniversityUniversity Park, PA 16802

(slides developed by Prof. Chao-Hsien Chu)

IST 454Computer and Cyber Forensics

LearningbyDoing

Theo

ry

Practi

ce

The Needs for Digital ForensicsThe Needs for Digital Forensics

• Incident handling• Identifying policy violations.• Auditing.• Investigating crimes.• Reconstructing computer security incidents.• Troubleshooting operational problems.• Log monitoring.• Recovering from accidental system damage.• Acquiring and retaining data for future use.• Exercising due diligence / regulatory compliance.• …

• Personnel Security• Physical and

Environmental Security• Procurement• Regulatory and

Standards• Risk Management• Strategic Management• System and

Application Security

• Data Security• Digital Forensics• Enterprise Continuity• Incident Management• IT Security Training

and Awareness• IT Systems Operations

and Maintenance• Network Security and

Telecommunications

IT Security EBK: 14 Competency AreasIT Security EBK: 14 Competency Areas

IT Security EBK: ModelIT Security EBK: Model

Knowledge and Skills NeededKnowledge and Skills Needed

• Critical thinking and judgment. 69%• Communications (verbal and written). 68%• Technical knowledge. 66%• Teamwork and collaboration. 52%• Ability to lead change. 52%• Business knowledge/acumen. 40%• Cross functional influence. 35%• Influence. 33%• Facilitation. 24%• Mentoring and coaching. 19%• Strategic business planning. 22%• Industry participation. 13%

SANSInstitute

2005 Survey

Prediction Detection Forensics Response

Defense In Depth of SecurityDefense In Depth of Security

Feedback

IST 451

SRA 111 SRA 468

• IST 451: Network Security

• IST 452: Legal & Regulatory Issues

• IST 453: Computer Forensics Law

• IST 454: Computer & Cyber Forensics

• IST 456: Security & Risk Management

• SRA 111: Security & Risk Analysis• SRA 211:Threats of Crime & Terrorism• SRA 221: Overview of Information Security• SRA 231: Decision Theory• SRA 311: Risk Management• SRA 472: Integration of Privacy & Security• SRA 468: Visual Analytics for Intelligence & Security

IST 453

IST 454 IST 456

IST 452

SRA 472

• Policy/Regulation• Firewall/DMZ• Access Control/VPN• …

• Qualitative models• Quantitative models• …

Prevention

• Plans• Risk analysis• …

• Scanner• IDS• Data mining• …

SRA 311SRA 221

SRA 211 SRA 231

• Computer crime• Economic crime• Policies violation• …

SRA Core CurriculumSRA Core Curriculum

111 Intro Security & Risk Analysis

211 Threat of Terrorism & Crime

231 Decision Theory & Analysis

Emergency PlanningCrisis Management

Internship, Guest, & field Experience

International CultureForeign Language

(Threats) (Modeling, Analysis)(Problem Solving)

Information, People & Technology 200 Statistics

(Vulnerabilities)(Techniques)

Risk Management:Assessment & Mitigation311

Legal, Ethical, and Regulatory Issues432

440

221 Overview ofInformation Security

110

SRA SRA MajorMajor - Cyber Security Option - Cyber Security Option

(Elective) (Elective) (Elective)

Support

Intro Security & Risk Analysis

Intro People,Information & Tech Statistics

Intro

Overview ofInformation Security

Threat of Terrorism& Crime

Decision Theory& Analysis

Core

Risk Management:Assessment & Mitigation

Legal, Ethical, and Regulatory Issues

Core

JuniorO

ption

Networking & Telecommunications

Computer & Cyber Forensics

Security &Risk ManagementNetwork Security

Emergency PlanningCrisis Management

Internship, Guest, & field Experience

International CultureForeign Language

Capstone

SRA SRA Minor (21 cr.)Minor (21 cr.)

SRA 111: Intro Security& Risk Analysis

IST 110: Intro People,Information & Tech Stat 200: Statistics

Intro

SRA 221: Overview ofInformation Security

SRA 211: Threat of Terrorism & Crime

Core

IST 452: Legal, Ethical, & Regulatory Issues

IST 220: Networking & Telecommunications

IST 451: NetworkSecurity

IST 454: Computer & Cyber Forensics

IST 453: Cyber Forensics Laws

SRA 231: Decision Theory & Analysis

SRA 311: Risk Mgmt:Assessment & Mitigation

IST 456: Security &Risk Management

IST 402: WirelessDesign & Security

Electives (6 cr.)

Cyber Security Digital Forensics

Risk Management

The Center for Information Assuranceat the Pennsylvania State University,

through its curricula, certify that

Your Name Here

has acquired the knowledge and skills that meet the National Training Standard NSTISSI-4011 for

the Information Systems Security (INFOSEC)

Professionals, established by the Committee on National Security Systems (CNSS) and the

National Security Agency (NSA),on December 2005

Dr. Hank Foleys, Dean College of Information Sciences and Technology

Certificate of Accomplishment

Dr. Chao H. Chu, Executive DirectorCenter for Information Assurance

IST 454 focuses on computer and

cyber forensics. Students will learn

different aspects of computer and cyber

crime and ways in which to uncover,

protect, exploit, and document digital

evidence. Students will be exposed to

different types of tools (both software

and hardware), techniques and

procedure, and be able to use them to

perform rudimentary forensic

investigations.

Course ObjectivesCourse Objectives

Understand the different aspects of computer and cyber crime.

Understand the basic concepts and issues of computer forensics

Understand what tools and techniques to use in computer and cyber crime investigations

Perform basic computer and cyber forensic investigations

Understand the documentation need in performing forensic investigations

TerminologyTerminology

• Computer Forensics

• Computer and Network Forensics

• Computer and Cyber Forensics

• Cyber Forensics

• Digital Forensics

• Digital Forensic Sciences

• Forensic Sciences

Modules

• Digital / Computer / Cyber Forensics• Context of Computer Forensics• Knowledge and Skills Needed

• Data Acquisition – Imaging / Tools• Data Authentication / Tools• Data Search & Analysis / Tools• Forensic Policies and Procedures

• Operating Systems / File Structure• Investigating Window Systems• Investigating Linux Systems• Data Hiding Techniques / Steganography

• Overview of Web Forensics• Spam, Phishing, E-mail Tracing• PDA Forensics

• Intrusion Detection• Honeynet / Network Monitoring• Worm Forensics

• Legal and Ethical Issues• Criminal Justice Systems• Expert Witness

Overview

Search,Seizure &

Investigation

Media &File Systems

Analysis

Web / InternetForensics

Network &MalwareForensics

Legal & Criminal Justice

Systems

8 Hands-on Exercises

18 Readings

11 Quizzes / Assignments

Term Project:Report &

Presentation

1-3 GuessLectures

Theory and PracticeTheory and Practice

Problem Solving Skills Interpersonal Skills Team Work Managerial Issues

TheoryPractice

Hand-

on E

xper

ienceLearning By Doing

Programming Skills Information Technology Technical Issues Emerging Information

Technologies

Learning By DoingLearning By Doing

I Hear and I Forget !

I see and I Remember !

I Do and I Understand !

Confucius (Kung Chiu)5th - 6th Century, B. C.Chinese Philosopher

Albert EinsteinAlbert Einstein

Imagination

is more important than

Knowledge

? ? ?? ? ?

Learning Capability

is more important than

Knowledge

Teaching Philosophy and Principles

Bridging the gaps between theory and practice

Learning by doing (hand-on experience)

Learning capability is more important than knowledge

Covering both technical and managerial aspects

Teamwork - The Key to WinningTeamwork - The Key to Winning

We Are All in the Same BoatWe Are All in the Same Boat