Computer Forensics

 

                       

                       

 

Computer Forensics Overview

Computer forensics is the application of computer examination and analysis techniques in the interests of determining potential legal evidence. Evidence might be sought in a wide range of computer crimes or misuse, including but not limited to theft of trade secrets, theft of or destruction of intellectual property, and fraud, child pornography, disputes of ownership, prevention of destruction of evidence, etc. Computer specialists can draw on an array of methods for discovering data that resides in a computer system, or recovering deleted, encrypted, or damaged file information. Any or all of this information may help during discovery, depositions, settlements, or actual litigation.

 

 

 

I- Computer Forensics laboratories.

 

 

 

First Regional Computer Forensics Laboratory established in San Diego: http://npaci.edu/online/v5.1/rcfl.htlm

New Technologies Inc. : http://www.4incidentresponse.com

Datatrail electronic and Computer Forensics experts : http://www.ontrack.com

DIBS Computer Forensics: http://www.computer-forensics.com/products/training.htlm

Veridian  : http://www.veridian.com/

IFIP TC11: http://www.ifip.tu-graz.ac.at/TC11

JUSTNET: http://www.nlectc.org/

High tech crime network: http://www.htcn.org/ 

LIST : http://ite.gmu.edu/list/

 

 

 

II- Teaching and Training.

 

 

 A - Computer Sciences.

· New Technologies Inc. training:

 

Three day Computer Forensics training course:  http://www.forensics-intl.com/forensic.html

Two day network forensics course-windows NT: http://www.forensics-intl.com/ntclass.html

Data hiding course: http://www.forensics-intl.com/datahide.html

 

 

· National Center for Forensics Science, University of Central Florida: http://www.ucf.edu/

 

Courses offered by Computer sciences: http://www.cs.usf.edu/csdept/info/gccf/courseDesc.htm

 

CGS 5131: Computer Forensics I: seizure and forensics examination of computer system.

CGS 5132: Computer Forensics II: Network security, intrusion detection, and forensics analysis.

CAP6133: Advanced topics in Computer Security and Computer Forensics.

 

 

 

· Center for Education and Research in Information Assurance and Security (CERIAS), Purdue University .

Infosec masters program: http://www.cerias.purdue.edu/masters_program/index.php

 

 

· The Center for Secure Information Systems, George Mason university: http://isse.gmu.edu/~csis/intro.html

 

-ECE 646 : Cryptography and computer network security:  http://isse.gmu.edu/~csis/ece646/index.html

-INFS 762: Information security principles :  http:// isse.gmu.edu/~csis/infs762/index.htlm

-STAT 789: Advanced Topics in Statistics: Computer Intrusion Detection: http:// isse.gmu.edu/~csis/stat789/index.htlm

-ECE 746: secure telecommunication systems: http:// isse.gmu.edu/~csis/stat789/index.htlm

-INFS 765: Database and Distributed Systems Security: http:// isse.gmu.edu/~csis/infs765/index.htlm

-INFS 766: Internet security protocols: http:// isse.gmu.edu/~csis/infs766/index.htlm

 

· DIBS computer forensics trainings : http://www.computer-forensics.com/products/training.htlm

 

 

Computer Forensics: http://www.worldrg.com/it113/

 

This Program Will Be Attended By:

Senior Level IT/IS Management (Directors, Managers, VPs, CTOs and CIOs) specializing in:
Computer Security, Information Security, Information Technology, IT/IS Systems Analysis, Fraud and Loss Prevention, Systems and Network Administration, and Risk Management

Learn How To:

 

 

-CSI Information Security Seminars 2002: http://www.gocsi.com/infosec/wkshop.html

 

· Catalog of courses, description and schedule:  http://www.gocsi.com/pdfs/infosec2002.pdf

 

Florida Association of Computer Crime Investigators, Inc : http://www.facci.org/

Schedule : http://www.facci.org/schedule.htm

 

- HTCIA International: http://htcia.org/linksframe.htm

 

B- Law Enforcement.

· McCombs School of Business, http://praetor.bus.utexas.edu/leibrock/index.htm

-Seminar in Digital evidence: Investigations, computer systems Audits and Forensics: http://praetor.bus.utexas.edu/leibrock/index.htm

 

International Organization on Computer Evidence:  http://nfstc.org/ioce/

 (Guide to forensic computing evidence)

 

· Forensic Computer Investigation Programs, University of  New Haven http://www.newhaven.edu/california/Certificates.html

 

-         Forensic Computer Investigation Certificate: http://www.newhaven.edu/psps/fscerts.html

 

CJ 520 Computer Crime: Legal Issues and Investigative Procedures
CJ 524 Network Security, Data Protection and Telecommunications

Plus two of the following, with approval of adviser:
CJ 201 Principles of Criminal Investigation
CJ 217 Criminal Procedure I
CJ 218 Criminal Procedure II and Evidence
CJ 415 Crime Scene Investigation and Pattern Evidence
CJ 420 Advanced Investigative Techniques
CJ 450 Special Topics
CJ 498 Research Project
CJ 522 Computers, Technology and Criminal Justice Information Management Systems
CJ 523 Internet Vulnerabilities and Criminal Activity

 

-         Information Protection and Security Certificate.

CJ 525 Information Systems Threats, Attacks and Defenses
CJ 526 Firewall and Secure Enterprise Computing
CJ 527 Internet Investigations and Audit-Based Computer Forensics
CJ 528 Computer Viruses and Malicious Code
CJ 529 Practical Issues in Cryptography

-   Graduate Certificate in Information Protection and Security. Required Courses (6 credits):

CJ 625 Information Systems: Threats, Attack and Defense

CJ 626 Firewalls and Secure Enterprise Computing

Plus six credits from the following:

    CJ 602 Computers, Technology and Criminal Information Systems

    CJ 604 Network Security, Data Protection and Telecommunications

    CJ 608 Law and Evidence

    CJ 627 Internet and Audit Based Computer Forensics

    CJ 628 Computer Viruses and Malicious Code

    CJ 629 Practical Issues in Cryptography

    CJ 651 Criminal Procedure

- Course outline. http://www.newhaven.edu/california/ip630.htm

Part 1: Basics of computer forensics - 6 weeks:

Part 2: Cyber-forensics and the first responder - 2 weeks:

Part 3: Tracking things and people through the Internet - 3 weeks

Part 4: Hands-on with some cyber-evidence - 36 contact hours:

 

-         New Technologies Inc. training:  the computer in Court, presenting Expert testimony on electronic evidence: http://www.forensics-intl.com/expert.html

 

-         Master of Science in Economic Crime Management, Utica College of Syracuse University.

      http://www.utica.edu/gce/graduate/ecm_masters.htm

 

Courses

ECM 601 Economic Crime Management Proseminar (3): This course is designed to provide students with the foundation for the master's degree in Economic Crime Management. Focus will be on four thematic areas: management, economic crime, technology, and analytical skills. Background knowledge will be provided to prepare students for in-depth coursework in these areas. Students will be exposed to the learning and communications skills necessary to succeed in an independent study degree program.

ECM 611 Organizational Theory, Structure, and Design (3): This course is designed to familiarize students with the structure and design of organizations. Emphasis will be on systems theory and its applicability to today's environment, identifying external environmental forces, designing optimal corporate structure for the organization's mission, changing organizational structure, and analyzing the process and effects of corporate infrastructure.

ECM 612 The Manager in a Global Environment (3): This course is designed to familiarize students with the challenges faced by managers and organizations precipitated by the post-industrial knowledge-based, global society. Discussions will include topics such as the changing concepts of technology and knowledge, impact of workforce changes on managers and organizations, the evolution of management thought and concepts, managing in foreign cultures, international law issues, and managing a multi-cultural workforce.

ECM 621 Advanced Economic Crime (3): Economic crime types, techniques, trends, and issues in various industries including banking, credit card, insurance, and telecommunications. Exploration of fraud control from a cross-industry perspective.

ECM 622 Legal Concepts of Criminal Fraud and Corporate Criminal Liability (3): Analysis of business and economic crime, including the various devices utilized in the commission of criminal fraud, fraud upon governmental and commercial institutions, group and enterprise crimes, the criminal liability of corporations and their officers and managers, sanctions, and the prosecution of business and economic crime. The case study method will be utilized extensively.

ECM 631 Fraud Management and Technology (3): The challenges of management in an increasingly technological environment. The history and evolutionary development of counter-fraud technology. The integration of fraud management in the development of new corporate products or instruments. Anticipating new forms of frauds based on the application of new and projected technologies.

ECM 632 Information and Communication Security (3): Issues and concepts related to the protection of information and information systems. Threats and vulnerabilities to internal and external modes of communication. Securing communications, information systems, and computer technology. Legal, ethical, and privacy issues related to information security.

ECM 633 Networks and Internet Security (3): The course will focus on the key components associated with the threats and vulnerabilities to computers and networks. Students will develop an understanding of distributed systems and how they work, an appreciation for various methods of network and Internet security, and the necessary strategies to promote successful business plans/policies. Legal, ethical, and privacy issues will be discussed.

ECM 641 Research and Analytical Methods in Fraud Management (3): Statistical and analytic methods for evaluating fraud activity, conducting research and evaluation of fraud programs, data collection strategies, analyzing and interpreting data, using SPSS, and policy implications.

ECM 642 Advanced Fraud Analysis (3): This course is designed to familiarize students with innovative analytic approaches used to perform complex fraud analysis. Topics include: link analysis, data mining, advanced statistical tools, case management systems, and expert system approaches such as neural network early-warning software.

ECM 651 Professional Project I (3): The professional project proposal will be developed during this semester. The professional project will be developed and finalized consistent with the Graduate Research Proposal Guidelines for the Economic Crime Management Program.

ECM 652 Professional Project II (3): Completion of the professional project, including data collection, analysis, and submission of the project report, or other methodologies approved by the Research Committee.

ECM 653 Thesis I (3): Planned research and writing directed by the student's thesis committee. The thesis proposal will be developed during this semester. The thesis will adhere to the Graduate Research Proposal Guidelines for the Economic Crime Management Program.

ECM 654 Thesis II (3): Completion of the thesis, including data collection, analysis, and submission of the thesis. The thesis will adhere to the Graduate Research Proposal Guidelines for the Economic Crime Management Program.

 

 

- The Economic Crime Investigation Institute, Utica College of Syracuse University
        http://www.utica.edu/academic/institutes/

The Economic Crime Investigation Institute (ECII) was formed in November 1988 to support the major in criminal justice/economic crime investigation; prepare students to prevent, detect, investigate, and prosecute economic crimes; and provide continuing education opportunities for economic crime investigation professionals. The ECII meets its goals by encouraging the
exchange of expertise between educators and professionals in the field; placing students in internships, co-op programs, and professional positions with corporations and government agencies; sponsoring conferences, seminars, and lectures; and supporting research endeavors. The Institute has a distinguished board of directors that includes individuals at the top of their fields in higher education, business, and the federal government. These board members, who
are experts in insurance fraud, credit card fraud, computer security, financial investigations, internal security, and corporate security, are working with Utica College faculty to accomplish the ECII's goal of preparing individuals to fight economic crime. In addition, the ECII has developed a computer-aided instructional laboratory to be used by economic crime investigation, accounting, and computer science students for a variety of courses.

- Computer Forensics: http://www.worldrg.com/it113/

This Program Will Be Attended By:

Senior Level IT/IS Management (Directors, Managers, VPs, CTOs and CIOs) specializing in: 

Legal Professionals (Litigators), Corporate Security Managers, Corporate Security Officers, and CFOs

Learn How To:

  • Institute an effective incident response strategy
  • Document the chain of evidence
  • Preserve and recover digital evidence
  • Effectively use recovered data to protect your company
  • Understand the legal aspects of computer forensics
  • Implement in-house computer forensics
  • Understand technical aspects of computer crime recovery
  • Select computer forensic software

 

 

 

III- Research.

 

-Center for Education and Research in Information Assurance and Security: http://www.cerias.purdue.edu/projects/

 

-Computer Forensics Research Development Center: http://www.utica.edu/academic/institutes/



The Computer Forensics Research and Development Center (CFRDC) of Utica College opened May 7, 1999. It is the result of a study on the state-of-the-art in computer forensics that was conducted by Chet Hosmer, president of WetStone Technologies, Inc., and Dr. Gary R. Gordon, former professor and director of economic crime programs at Utica College, and funded by the Air Force Research Laboratory/Information Directorate.

The study identified a crucial need for an organization to facilitate the research and development of a new generation of computer forensic tools and methods. The CFRDC brings together key organizations from the military, law enforcement, commercial industry, and academe to help rapidly advance the emerging field of forensic information sciences. The center is located at Utica College and is governed by a board of advisers. Dr. Gordon is the director and Chet Hosmer is the research adviser. Its key partners are the Air Force Research Lab, the National Law Enforcement and Corrections Technology Center - Northeast (NLECTC-NE), and WetStone Technologies, Inc .

 

 

- IBM research.

 

-Software Diagnostics and Conformance Testing Division: http://www.itl.nist.gov/div897/

 

Computer Forensics
Developing of reference materials and test methods in support of the law enforcement community.