COMPUTER FORENSICS STUDY - 16 SOURCES: INFOSECINSTITUTE.COM
NOTABLE COMPUTER FORENSICS CASES
MICHELLE THEER (2000):
On December 17th, 2000, John Diamond shot and killed Air Force Captain Marty Theer. The case took a trn as there were no eyewitnesses and no physical evidence. However, the prosecutors were able to get their hands on 88,000 emails and other messages on Michelle's computer including personal ads that Michelle had posted in 1999. They also found email responses by her for that ad which showed clear evidence of a sexual relationship between Michelle and Diamond. Furthermore, messages containing information about the conspiracy to murder captain Marty were also recovered. On December 3rd, 2004, Michelle Theer was found guilty of murder and conspiracy and sentenced to life imprisonment.
SCOTT TYREE (2002):
On January 1st, 2002, Scott Tyree has kidnapped a 13 year old girl name Alicia Kozakewicz. On the same night, Tyree sent a photograph of Alicia tied in his basement via Yahoo Messenger to someone in Tampa FL. The man from Tampa happened to check the Pittsburgh Post Gazette website and saw that the same girl was missing from her home. He then contacted the FBI on January 3rd and gave the FBI the Yahoo scren name of the person had sent him the IM: 'masterforteenslavegirls'. The FBI further contacted Yahoo and obtained IP address from where the image was sent. They then contacted Verizon to obtain the name and address of the Verizon subscriber to whorm the IP address was assigned. That person happened to be Scott Tyree.
DENNIS RADER (2005):
The famous 'BTK' serial killer was on the run for more than 30 years, and after years he re-emerged and took another victim in Kansas following which he sent a floppy disk to the police with a letter on it. Upon forensic investigation, the investigators found a deleted Microsoft Word file. The metadata recovered showed that the last person to edit the file was authored by "Dennis" along with a link to the Lutheran Church where Dennis Rader was a Deacon. Ironically, Rader had sent a floppy disk to the police because the police had previously told him that letters on floppy disks could not be traced.
COREY BEANTEE MELTON (2005):
In 2005 Melton found that his home computer had been infected with viruses, so he decided to take his computer to the Best Buy's Geek Squad to get it fixed. A number of different viruses were found on the computer. Upon further analysis by the Geek Squad, some viruses were found to be re-attacking themselves to movies. When the movies were looked at, it was found that Melton had CP stored on his computer. The store then contacted the police and Melton was found guilty and was sentenced to jail for 10 years.
JAMES KENT (2007):
Another case of CP took place in 2007 when James Kent, a professor of public administration at Maris College in Poughkeepsie, NY complained to the IT department of the university about his computer being problematic. Turns out that it all started in 1999 when he began watching such content. In 2005 the entire university had a technical upgrade in which the old computers were replaced by new ones. However, the data from the old hard disks was copied to the new hard disks. Now 2007, the IT department run an anti-virus software on the computer and CP is discovered.The university turns the contents to the police who then get in na forensic investigator to analyze the computer. The invstigator, Bary Friedman, used a software known as EnCase and found out that the files were downloaded from the cache of the old hard disk. Over 14,000 images were recovered along with a letter dated 1999 to PB stating that a cover-up should be made stating that Kent has been researching on the topic and all the material in his possession was for research purposes only. He was later charged with 141 counts and sent to prison in 2009 for 3 years.
BRAD COOPER (2008):
In 2008 Cooper was arrested for the murder of his wife, Nancy Cooper. During the trial, Detective Jim Young described to the court how Cooper attempted to acces text mssages on the phone but in an unsuccesful attempt, he deleted the phone's memory by entering the incorrect SIM lock codes and PUK codes multiple times. Cooper later plead guilty to the second-degree murder charge.
JAMES M. CAMERON (2009):
February 2009 was dark for James Cameron when he was indicated on 16 charges of trafficking in CP. Allegations were made that between July 2006 and January 2008 Cameron had uploaded various CP to a Yahoo photo album using various aliases. Yahoo too reported locating numerous images of CP in the photos section of a Yahoo account. The Maine State Police undertook an investigation and identified the owner of the account to be Barbara Cameron, his wife. James Cameron was an assistant attorney general for the state of Maine. On December 2007 a search warrant was executed and four computers were seized. Upon examination, CP was discovered along with conversation where the person indetified himself as a 45 year old married man with a daughter, description that fits Cameron.
COMPUTER FORENSIC RESOURCES
THE TOP DIGITAL FORENSIC BLOGS:
SANS DIGITAL FORENSIC AND INCIDENT RESPONSE
One of the most renowned IT content sources is that of the SANS Digital Forensics and Incident Response Blog. This is actually a part of the SANS Institut, one of the leading sources IT Security Training. Certs and Research. Because of this, they are able to offer one of the most popular blogs on digital forensic. This site is jam packed with content, which includes some of the following:
- Artifact analysis
- Cloud Forensics
- Browser Forensics
- Drive Encryption
- E-Discovery
- E-mail investigations
- Evidence analysis
- Memory analysis
- Network forensics
- Registry analysis
- Malware analysis
FORENSIC FOCUS
Another leading digital forensics blog site is that of the Forensic Focus. This blog contains timely information about the developments that are occuring in the filed. It is a much more focused blog and offers an array resources for the forensics investigator, or for that matter, any professional belonging in the IT security world.
TRAINING RESOURCES
INTRODUCTION
Over the past few years, computer forensics has become a professional field, but most well-trained experts in this area are self-taught. However, they need education and training to become a computer forensics professional. Law enforcement, private investigators, attorneys and network administrators rely on these professional forensic specialists to investigate the civil and criminal cases.
WHAT ARE THE BEST SOURCES OF TRAINING FOR COMPUTER FORENSICS?
COMPUTER FORENSICS DEGREE EDUCATION:
Computer forensics degree education is a rapidly growing and competitive field that helps aspirants gain the knowledge and skills needed to investigate computer crimes and to gain employment in digital forensics field. According to the US Bureau of Labor Statitstics the employment growth for forensic science experts will be 27% from 2014 to 2024, and this percentage is much faster than any other profession.
BACHELOR AND MASTER'S DEGREES
The master's degree in computer forensics is offered as a two-year program with 72 credit hours more or less, depending on the College/University program. The time frame can also vary among different institutions.
Many aspirants seek a four-year bachelor's degree in computer forensics, also referred to as a bachelor of science in computer information systems. This degree provides the necessary skills to collect and examine the digital evidence.
The subjects covered in computer forensics involve:
- Criminal law
- Criminal procedures
- Criminal scene investigation
- Database Management Systems
- Computer information systems
- Programming
BEST ENTRY-LEVEL BOOKS FOR COMPUTER FORENSICS
A GUIDE TO BASIC COMPUTER FORENSICS BY TOM CLOWARD AND FRANK SIMORJAY
The Windows PE CD-ROM
The external USB drive
Checking for malware
Running an investigation
Saving critical files
Gathering additional information
THE BASICS OF DIGITAL FORENSICS: THE PRIMER FOR GETTING STARTED IN DIGITAL FORENSICS BY JOHN SAMMONS
What methodologies are used?
Addressing technical points
How to collect digital evidence
How to recover deleted data
What tools are used to perform the investigation
The role of the internet, gps, cloud, network, mobile devices and computers are briefly discussed.
This book does not focus on powered-on devices
GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS, THIRD EDITION BY AMELIA PHILLIPS, BILL NELSON AND CHRISTOPHER STUART
Computer forensic and investigation as a profession
Understanding computer investigation
The office and laboratory of investigators
Data acquisition
Processing incident scenes and crime
Working with DOS systems and windows
Current forensic tools
Linux and macintosh file systems and boot processes
Computer forensics validation and analysis
Revering graphic files
Live acquisition, network forensic and virtual machines
Email investigation
Cell phone forensics
Report writing
Expert testimony
Ethics for the expert witness
BEST BOOKS FOR COMPUTER FORENSICS PRACTITIONERS
FORENSIC COMPUTING: A PRACTITIONER'S GUIDE BY TONY SAMES AND BRIAN JENKINSON
The procedures involved in data encryption and password protection
The evaluation principles used in deceiving the inernal security of the system
Full seizure and search protocols for police officers and experts
WINDOWS FORENSICS ANALYSIS TOOLKIT, THIRD EDITION INCLUDES ADVANCED ANALYSIS METHODOLOGIES FOR WINDOWS 7 - HARLAN CARWEU
Volume shadow copies for digital forensics
Data acquistion in VSCs without purchasing expensive solutions
Data and file structures
Malware analysis
Forensic tools
FILE SYSTEMS FORENSIC ANALYSIS BY BRIAN CARRIER
Discovery of hidden evidence
Recovery of deleted data
Validation of tools
Describing data structures
Analyzing GPT, Apple and DOS partitions
Investigating the content of multiple disk volumes such as disk spanning and RAID
Analyzing UFS2, UFS1, NTFS, FAT, EXT2, EXT3
Providing advanced investigation techniques
X-WAYS FORENSICS PRACTITIONER'S GUIDE BY BRETT SHAVERS AND ERIC ZIMMERMAN
Installation of the tool
Real-life examples
Documenting and reporting
Preview and triage methods
Cool X-ways apps and electronic discovery