View
225
Download
2
Category
Tags:
Preview:
Citation preview
Gerald M. Santoro, Ph.D. (gms@psu.edu)College of Information Sciences and Technology
The Pennsylvania State UniversityUniversity Park, PA 16802
(slides developed by Prof. Chao-Hsien Chu)
IST 454Computer and Cyber Forensics
LearningbyDoing
Theo
ry
Practi
ce
The Needs for Digital ForensicsThe Needs for Digital Forensics
• Incident handling• Identifying policy violations.• Auditing.• Investigating crimes.• Reconstructing computer security incidents.• Troubleshooting operational problems.• Log monitoring.• Recovering from accidental system damage.• Acquiring and retaining data for future use.• Exercising due diligence / regulatory compliance.• …
• Personnel Security• Physical and
Environmental Security• Procurement• Regulatory and
Standards• Risk Management• Strategic Management• System and
Application Security
• Data Security• Digital Forensics• Enterprise Continuity• Incident Management• IT Security Training
and Awareness• IT Systems Operations
and Maintenance• Network Security and
Telecommunications
IT Security EBK: 14 Competency AreasIT Security EBK: 14 Competency Areas
IT Security EBK: ModelIT Security EBK: Model
Knowledge and Skills NeededKnowledge and Skills Needed
• Critical thinking and judgment. 69%• Communications (verbal and written). 68%• Technical knowledge. 66%• Teamwork and collaboration. 52%• Ability to lead change. 52%• Business knowledge/acumen. 40%• Cross functional influence. 35%• Influence. 33%• Facilitation. 24%• Mentoring and coaching. 19%• Strategic business planning. 22%• Industry participation. 13%
SANSInstitute
2005 Survey
Prediction Detection Forensics Response
Defense In Depth of SecurityDefense In Depth of Security
Feedback
IST 451
SRA 111 SRA 468
• IST 451: Network Security
• IST 452: Legal & Regulatory Issues
• IST 453: Computer Forensics Law
• IST 454: Computer & Cyber Forensics
• IST 456: Security & Risk Management
• SRA 111: Security & Risk Analysis• SRA 211:Threats of Crime & Terrorism• SRA 221: Overview of Information Security• SRA 231: Decision Theory• SRA 311: Risk Management• SRA 472: Integration of Privacy & Security• SRA 468: Visual Analytics for Intelligence & Security
IST 453
IST 454 IST 456
IST 452
SRA 472
• Policy/Regulation• Firewall/DMZ• Access Control/VPN• …
• Qualitative models• Quantitative models• …
Prevention
• Plans• Risk analysis• …
• Scanner• IDS• Data mining• …
SRA 311SRA 221
SRA 211 SRA 231
• Computer crime• Economic crime• Policies violation• …
SRA Core CurriculumSRA Core Curriculum
111 Intro Security & Risk Analysis
211 Threat of Terrorism & Crime
231 Decision Theory & Analysis
Emergency PlanningCrisis Management
Internship, Guest, & field Experience
International CultureForeign Language
(Threats) (Modeling, Analysis)(Problem Solving)
Information, People & Technology 200 Statistics
(Vulnerabilities)(Techniques)
Risk Management:Assessment & Mitigation311
Legal, Ethical, and Regulatory Issues432
440
221 Overview ofInformation Security
110
SRA SRA MajorMajor - Cyber Security Option - Cyber Security Option
(Elective) (Elective) (Elective)
Support
Intro Security & Risk Analysis
Intro People,Information & Tech Statistics
Intro
Overview ofInformation Security
Threat of Terrorism& Crime
Decision Theory& Analysis
Core
Risk Management:Assessment & Mitigation
Legal, Ethical, and Regulatory Issues
Core
JuniorO
ption
Networking & Telecommunications
Computer & Cyber Forensics
Security &Risk ManagementNetwork Security
Emergency PlanningCrisis Management
Internship, Guest, & field Experience
International CultureForeign Language
Capstone
SRA SRA Minor (21 cr.)Minor (21 cr.)
SRA 111: Intro Security& Risk Analysis
IST 110: Intro People,Information & Tech Stat 200: Statistics
Intro
SRA 221: Overview ofInformation Security
SRA 211: Threat of Terrorism & Crime
Core
IST 452: Legal, Ethical, & Regulatory Issues
IST 220: Networking & Telecommunications
IST 451: NetworkSecurity
IST 454: Computer & Cyber Forensics
IST 453: Cyber Forensics Laws
SRA 231: Decision Theory & Analysis
SRA 311: Risk Mgmt:Assessment & Mitigation
IST 456: Security &Risk Management
IST 402: WirelessDesign & Security
Electives (6 cr.)
Cyber Security Digital Forensics
Risk Management
The Center for Information Assuranceat the Pennsylvania State University,
through its curricula, certify that
Your Name Here
has acquired the knowledge and skills that meet the National Training Standard NSTISSI-4011 for
the Information Systems Security (INFOSEC)
Professionals, established by the Committee on National Security Systems (CNSS) and the
National Security Agency (NSA),on December 2005
Dr. Hank Foleys, Dean College of Information Sciences and Technology
Certificate of Accomplishment
Dr. Chao H. Chu, Executive DirectorCenter for Information Assurance
IST 454 focuses on computer and
cyber forensics. Students will learn
different aspects of computer and cyber
crime and ways in which to uncover,
protect, exploit, and document digital
evidence. Students will be exposed to
different types of tools (both software
and hardware), techniques and
procedure, and be able to use them to
perform rudimentary forensic
investigations.
Course ObjectivesCourse Objectives
Understand the different aspects of computer and cyber crime.
Understand the basic concepts and issues of computer forensics
Understand what tools and techniques to use in computer and cyber crime investigations
Perform basic computer and cyber forensic investigations
Understand the documentation need in performing forensic investigations
TerminologyTerminology
• Computer Forensics
• Computer and Network Forensics
• Computer and Cyber Forensics
• Cyber Forensics
• Digital Forensics
• Digital Forensic Sciences
• Forensic Sciences
Modules
• Digital / Computer / Cyber Forensics• Context of Computer Forensics• Knowledge and Skills Needed
• Data Acquisition – Imaging / Tools• Data Authentication / Tools• Data Search & Analysis / Tools• Forensic Policies and Procedures
• Operating Systems / File Structure• Investigating Window Systems• Investigating Linux Systems• Data Hiding Techniques / Steganography
• Overview of Web Forensics• Spam, Phishing, E-mail Tracing• PDA Forensics
• Intrusion Detection• Honeynet / Network Monitoring• Worm Forensics
• Legal and Ethical Issues• Criminal Justice Systems• Expert Witness
Overview
Search,Seizure &
Investigation
Media &File Systems
Analysis
Web / InternetForensics
Network &MalwareForensics
Legal & Criminal Justice
Systems
8 Hands-on Exercises
18 Readings
11 Quizzes / Assignments
Term Project:Report &
Presentation
1-3 GuessLectures
Theory and PracticeTheory and Practice
Problem Solving Skills Interpersonal Skills Team Work Managerial Issues
TheoryPractice
Hand-
on E
xper
ienceLearning By Doing
Programming Skills Information Technology Technical Issues Emerging Information
Technologies
Learning By DoingLearning By Doing
I Hear and I Forget !
I see and I Remember !
I Do and I Understand !
Confucius (Kung Chiu)5th - 6th Century, B. C.Chinese Philosopher
Albert EinsteinAlbert Einstein
Imagination
is more important than
Knowledge
? ? ?? ? ?
Learning Capability
is more important than
Knowledge
Teaching Philosophy and Principles
Bridging the gaps between theory and practice
Learning by doing (hand-on experience)
Learning capability is more important than knowledge
Covering both technical and managerial aspects
Teamwork - The Key to WinningTeamwork - The Key to Winning
We Are All in the Same BoatWe Are All in the Same Boat
Recommended