 Computer
Forensics Home |
|
|
|
|
|
|
|
| |
|
|
|
|
|
|
|
|
|
For full details please see the Workshop site, or contact one of the following organisers: the Workshop Co-Chairs: Ewa Huebner (University of Western Sydney), Stefano Zanero (Politecnico di Milano) or the Programme Committee member: Derek Bem (University of Western Sydney).
|
ACM SIGOPS Operating Systems Review Special Issue on Computer Forensics - April 2008 |
Operating Systems Review (OSR) is a publication of the ACM Special Interest Group on Operating Systems (SIGOPS). A special issue on the relationships between the design and implementation of operating systems and computer forensics has been published in April 2008. The issue guest editors are: Ewa Huebner (University of Western Sydney) and Frans Henskens (University of Newcastle). See ACM SIGOPS Operating Systems Review Volume 42 , Issue 3 Special Issue on Computer Forensics
|
What
is Computer Forensics? |
Computer forensics
is an emerging discipline that focuses on the gathering of evidence
(often as part of a criminal investigation) from computers and computer
networks. Such evidence may consist of actual files (e.g. an illegal
image) or the traces of a user's activities that are left in the activity
logs of operating systems, browsers, databases, web proxies, or network
firewalls, etc. The discipline requires a detailed technical knowledge
of the relationship between a computer's operating system and the supporting
hardware (e.g. hard disks), and between the operating system and system/application
programs and the network. Similarly, knowledge of cryptographic and
steganographic techniques is needed where data has been encrypted and/or
obfuscated to make it inaccessible and/or hidden. Finally, and critically,
all evidence gathering must proceed in a manner that ensures that the
evidence is admissible in a court of law, and can be documented and
presented in an intelligible manner.
 |
To
quote Sir Arthur Conan Doyle, author of famous Sherlock Holmes
stories published between 1887 and 1927:
"in
solving a problem of this sort, the grand thing is to be
able to reason backwards. That is a very useful accomplishment,
and a very easy one, but people do not practise it much.
In
the everyday affairs of life it is more useful to reason
forward, and so the other comes to be neglected. There are
fifty who
can reason synthetically for one who can reason analytically." |
|
There
are many possibilities of where the hidden information
of a hard drive can be retrieved. One of these locations
are hidden log files and deleted files. Using special
computer forensics software, a formatted hard drive may
still be able to be recovered with all of information inside.
In the event
of advanced network system, there are many important information
inside firewalls logs, switches logs, intrusion detection systems
logs, security event managers, sniffer captured packets, routers
logs, etc. Collecting information from these kinds of data
sources and combining them into useful information can be state-of-the-arts
of the computer forensics investigators.
Steganography
for computer forensics can hide information inside
carriers like picture, audio, video, etc. Steganography comes
from the word "steganos" (hidden) and "graphy" (drawing).
It means a communication using a hidden drawing.
|
Western
Digital Hard
Drive |
Kruse and Heiser
note that “Computer
forensics involves the preservation, identification, extraction,
documentation and interpretation of computer data.” [from "Computer
Forensics: Incident Response Essentials", see Books
And Journals page]. In summary, and paraphrasing
McKemmish in his report
to the Australian
Institute
of Criminology, computer forensics encompasses four key elements:
the identification of digital evidence, the preservation of digital
evidence,
the analysis of digital evidence, and the presentation of digital evidence.
Broucek & Turner
note in Forensic
Computing, Developing a Conceptual Approach for an Emerging
Academic Discipline that this is a nascent
discipline that draws to varying degrees from a number of other disciplines
including
computer
science and law, and to a lesser extent information systems
and the social sciences.
Most fundamental of these is computer science, with the key technical
areas being: Operating Systems,
Systems Programming and Administration,
Computer Security (including cryptography and steganography),
Networking.
Concomitant with the above technical base, there exists an essential
requirement to be familiar with computer law, investigative
techniques, and how digital evidence must be gathered, documented, and
presented.
To clarify a few
common misconceptions: first, computer forensics is not the
use of computers within forensic science.
Such use is made up of all those activities where forensic scientists
employ computers to assist them in their work. Such tasks include:
the processing and analysis of traditional forensic data be it
physical, chemical, or biological in nature; the use of computers
to support
forensic databases; and the use of computers to cross-reference
different sources of forensic evidence. Proper term to descibe them is "forensic computing". These are all worthy tasks
but are
not the focus of this major. Second,
though computer forensics is often related to computer security
it is none the less distinct. It is quite possible for criminal
activity
(in the eyes of the law) to require forensic analysis without there
having been any breach of traditional computer security. Finally,
it is worth noting that a number of synonyms for computer forensics
exist, sometimes used incorrectly;
these include "forensic computing", "digital forensics",
and even "data recovery" in some circles.
See Online
Materials section:
"Publications About Computer Forensics, General" for more.
|
300447 Computer Forensics Workshop, University of Western Sydney, Australia |
University of Western Sydney, School of Computing and Information Technology offers Bachelor of Computer Science degree, course 3506.4 This course provides students with a thorough and in-depth technical understanding of modern networked computer systems - how they work and the principles that govern them. Based on this solid foundation students have the opportunity to learn the practical skills needed to design, develop and integrate the networked computer systems required by today's large companies and organisations. In addition to normal studies, students in their final year underake an industrially oriented team project in order to put their knowledge into practice and learn valuable team and project management skills. Graduates of this course are well prepared to enter the IT sector and take on technically challenging roles in a variety of areas including networking and web technologies, application development, systems programming, IT security and computer forensics. The Bachelor of Computer Science degree has been structured to accommodate Computer Forensics Major. A compulsory unit for this major is 300447 Computer Forensics Workshop
Also available to practising computing professionals as a non-award unit of study. Next delivery: August 2008. The format: 13 x 2 hour lectures and 10 x 4 hour workshops over 13 weeks. Both lecture and workshop are on the same day. General information about non-award study at UWS can be found here. Direct link to non-award admission application form in PDF format can be found here. For the content and the mode of delivery see a sample (older) unit outline (note: the unit outline is updated before every delivery). For more information please contact the unit coordinator, Derek Bem, email: computerforensics@scm.uws.edu.au |
To contact
Computer Forensics Group send email to: computerforensics@scm.uws.edu.au
|