Toriality's Blog

COMPUTER FORENSICS - 16

created_at:

June 4, 2024 at 5:35 PM

last_updated:

July 15, 2024 at 8:11 PM

COMPUTER FORENSICS STUDY - 16 SOURCES: INFOSECINSTITUTE.COM

NOTABLE COMPUTER FORENSICS CASES

MICHELLE THEER (2000):
    
    On December 17th, 2000, John Diamond shot and killed Air Force Captain Marty Theer. The case took a trn as there were no  eyewitnesses and no physical evidence. However, the prosecutors were able to get their hands on 88,000 emails and other messages on Michelle's computer including personal ads that Michelle had posted  in 1999. They also found email responses by her for that ad which showed clear evidence of a sexual relationship between Michelle and Diamond. Furthermore, messages containing information about the conspiracy to murder captain Marty were also recovered. On December 3rd, 2004, Michelle Theer was found guilty of murder and conspiracy and sentenced to life imprisonment.
    
SCOTT TYREE (2002):
    
    On January 1st, 2002, Scott Tyree has  kidnapped a 13 year old girl name Alicia Kozakewicz. On the same night, Tyree sent a photograph of Alicia tied in his basement via Yahoo Messenger to someone in Tampa FL. The man from Tampa happened to check the Pittsburgh Post Gazette website and saw that the same girl was missing from her home. He then contacted the FBI on January 3rd and gave the FBI the Yahoo scren name of the person had sent him the IM: 'masterforteenslavegirls'. The FBI further contacted Yahoo and obtained IP address from where the image was sent. They then contacted Verizon to obtain the name and address of the Verizon subscriber to whorm  the IP address was assigned. That person happened to be Scott Tyree.
    
DENNIS RADER (2005):
    
    The famous 'BTK' serial killer was on the run for more than 30 years, and after years he re-emerged and took another victim in Kansas following which he sent a floppy disk to the police with a letter on it. Upon forensic investigation, the investigators found a deleted Microsoft Word file. The metadata recovered showed that the last person to edit the file was authored by "Dennis" along with a link to the Lutheran Church where Dennis Rader was a Deacon. Ironically, Rader had sent a floppy disk to the police because the police had previously told him that letters on floppy disks could not be traced.
    
COREY BEANTEE MELTON (2005):
In 2005 Melton found that his home computer had been infected with viruses, so he decided to take his computer to the Best Buy's Geek Squad to get it fixed. A number of different viruses were found on the computer. Upon further analysis by the Geek Squad, some viruses were found to be re-attacking themselves to movies. When the movies were looked at, it was found that Melton had CP stored on his computer. The store then contacted the police and Melton was found guilty and was sentenced to jail for 10 years. 
    
JAMES KENT (2007):
    
    Another case of CP took place in 2007 when James Kent, a professor of public administration at Maris College in Poughkeepsie, NY complained to the IT department of the university about his computer being problematic. Turns out that it all started in 1999 when he began watching such content. In 2005 the entire university had a technical upgrade in which the old computers were replaced by new ones. However, the data from the old hard disks was copied to the new hard disks. Now 2007, the IT department run an anti-virus software on the computer and CP is discovered.The university turns the contents to the police who then get in na forensic investigator to analyze the computer. The invstigator, Bary Friedman, used a software known  as EnCase and found out that the files were downloaded from the cache of the old hard disk. Over 14,000 images were recovered along with a letter dated 1999 to PB stating that a cover-up should be made stating that Kent has been researching on the topic and all the material in his possession was for research purposes only. He was later charged with 141 counts and sent to prison in  2009 for 3 years.
    
BRAD COOPER (2008):
In 2008 Cooper was arrested for the murder of his wife, Nancy Cooper. During the trial, Detective Jim Young described to the court how Cooper attempted to acces text mssages on the phone but in an unsuccesful attempt, he deleted the phone's memory by entering the incorrect SIM lock codes and PUK codes multiple times. Cooper later plead guilty to the second-degree murder charge. 
    
JAMES M. CAMERON (2009):
February 2009 was dark for James Cameron when he was indicated on 16 charges of trafficking in CP. Allegations were made that between July 2006 and January 2008 Cameron had uploaded various CP to a Yahoo photo album using various aliases. Yahoo too reported locating numerous images of CP in the photos section of a Yahoo account. The Maine State Police undertook an investigation and identified the owner of the account to be Barbara Cameron, his wife. James Cameron was an assistant attorney general for the state of Maine. On December 2007 a search warrant was executed and four computers were seized. Upon examination, CP was discovered along with conversation where the person indetified himself as a 45 year old married man with a daughter, description that fits Cameron.

COMPUTER FORENSIC RESOURCES

THE TOP DIGITAL FORENSIC BLOGS:

SANS DIGITAL FORENSIC AND INCIDENT RESPONSE
One of the most renowned IT content sources is that of the SANS Digital Forensics and Incident Response Blog. This is actually a part of the SANS Institut, one of the leading sources IT Security Training. Certs and Research. Because of this, they are able to offer one of the most popular blogs on digital forensic. This site is jam packed with content, which includes some of the following: 
    
        - Artifact analysis
        
        - Cloud Forensics
        
        - Browser Forensics
        
        - Drive Encryption
        
        - E-Discovery
        
        - E-mail investigations
        
        - Evidence analysis
        
        - Memory analysis
        
        - Network forensics
        
        - Registry analysis
        
        - Malware analysis
FORENSIC FOCUS 
    Another leading digital forensics blog site is that of the Forensic Focus. This blog contains timely information about the developments that are occuring in the filed. It is a much more focused blog and offers an array resources for the forensics investigator, or for that matter, any professional belonging in the IT security world.

TRAINING RESOURCES

INTRODUCTION

Over the past few years, computer forensics has become a professional field, but most well-trained experts in this area are self-taught. However, they need education and training to become a computer forensics professional. Law enforcement, private investigators, attorneys and network administrators rely on  these professional forensic specialists to investigate the civil and criminal cases.

WHAT ARE THE BEST SOURCES OF TRAINING FOR COMPUTER FORENSICS?

COMPUTER FORENSICS DEGREE EDUCATION:
Computer forensics degree education is a rapidly growing and competitive field that helps aspirants gain the knowledge and skills needed to investigate computer crimes and to gain employment in digital forensics field. According to the US Bureau of Labor Statitstics the employment growth for forensic science experts will be 27% from 2014 to 2024, and this percentage is much faster than any other profession. 
    
BACHELOR AND MASTER'S DEGREES
The master's degree in computer forensics is offered as a two-year program with 72 credit hours more or less, depending on the College/University program. The time frame can also vary among different institutions. 
    
    Many aspirants seek a four-year bachelor's degree in computer forensics, also referred to as a bachelor of science in computer information systems. This degree provides the necessary skills to collect and examine the digital evidence.
    
    The subjects covered in computer forensics involve:
        
        - Criminal law
        
        - Criminal procedures
        
        - Criminal scene investigation
        
        - Database Management Systems
        
        - Computer information systems
        
        - Programming

BEST ENTRY-LEVEL BOOKS FOR COMPUTER FORENSICS

A GUIDE TO BASIC COMPUTER FORENSICS BY TOM CLOWARD AND FRANK SIMORJAY

  • The Windows PE CD-ROM

  • The external USB drive

  • Checking for malware

  • Running an investigation

  • Saving critical files

  • Gathering additional information

    THE BASICS OF DIGITAL FORENSICS: THE PRIMER FOR GETTING STARTED IN DIGITAL FORENSICS BY JOHN SAMMONS

  • What methodologies are used?

  • Addressing technical points

  • How to collect digital evidence

  • How to recover deleted data

  • What tools are used to perform the investigation

  • The role of the internet, gps, cloud, network, mobile devices and computers are briefly discussed.

  • This book does not focus on powered-on devices

    GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS, THIRD EDITION BY AMELIA PHILLIPS, BILL NELSON AND CHRISTOPHER STUART

  • Computer forensic and investigation as a profession

  • Understanding computer investigation

  • The office and laboratory of investigators

  • Data acquisition

  • Processing incident scenes and crime

  • Working with DOS systems and windows

  • Current forensic tools

  • Linux and macintosh file systems and boot processes

  • Computer forensics validation and analysis

  • Revering graphic files

  • Live acquisition, network forensic and virtual machines

  • Email investigation

  • Cell phone forensics

  • Report writing

  • Expert testimony

  • Ethics for the expert witness

    BEST BOOKS FOR COMPUTER FORENSICS PRACTITIONERS

    FORENSIC COMPUTING: A PRACTITIONER'S GUIDE BY TONY SAMES AND BRIAN JENKINSON

  • The procedures involved in data encryption and password protection

  • The evaluation principles used in deceiving the inernal security of the system

  • Full seizure and search protocols for police officers and experts

    WINDOWS FORENSICS ANALYSIS TOOLKIT, THIRD EDITION INCLUDES ADVANCED ANALYSIS METHODOLOGIES FOR WINDOWS 7 - HARLAN CARWEU

  • Volume shadow copies for digital forensics

  • Data acquistion in VSCs without purchasing expensive solutions

  • Data and file structures

  • Malware analysis

  • Forensic tools

    FILE SYSTEMS FORENSIC ANALYSIS BY BRIAN CARRIER

  • Discovery of hidden evidence

  • Recovery of deleted data

  • Validation of tools

  • Describing data structures

  • Analyzing GPT, Apple and DOS partitions

  • Investigating the content of multiple disk volumes such as disk spanning and RAID

  • Analyzing UFS2, UFS1, NTFS, FAT, EXT2, EXT3

  • Providing advanced investigation techniques

    X-WAYS FORENSICS PRACTITIONER'S GUIDE BY BRETT SHAVERS AND ERIC ZIMMERMAN

  • Installation of the tool

  • Real-life examples

  • Documenting and reporting

  • Preview and triage methods

  • Cool X-ways apps and electronic discovery