Spelling suggestions: "subject:"forensic computer""
1 |
Digital forensics : an integrated approach for the investigation of cyber/computer related crimesHewling, Moniphia Orlease January 2013 (has links)
Digital forensics has become a predominant field in recent times and courts have had to deal with an influx of related cases over the past decade. As computer/cyber related criminal attacks become more predominant in today’s technologically driven society the need for and use of, digital evidence in courts has increased. There is the urgent need to hold perpetrators of such crimes accountable and successfully prosecuting them. The process used to acquire this digital evidence (to be used in cases in courts) is digital forensics. The procedures currently used in the digital forensic process were developed focusing on particular areas of the digital evidence acquisition process. This has resulted in very little regard being made for the core components of the digital forensics field, for example the legal and ethical along with other integral aspects of investigations as a whole. These core facets are important for a number of reasons including the fact that other forensic sciences have included them, and to survive as a true forensics discipline digital forensics must ensure that they are accounted for. This is because, digital forensics like other forensics disciplines must ensure that the evidence (digital evidence) produced from the process is able to withstand the rigors of a courtroom. Digital forensics is a new and developing field still in its infancy when compared to traditional forensics fields such as botany or anthropology. Over the years development in the field has been tool centered, being driven by commercial developers of the tools used in the digital investigative process. This, along with having no set standards to guide digital forensics practitioners operating in the field has led to issues regarding the reliability, verifiability and consistency of digital evidence when presented in court cases. Additionally some developers have neglected the fact that the mere mention of the word forensics suggests courts of law, and thus legal practitioners will be intimately involved. Such omissions have resulted in the digital evidence being acquired for use in various investigations facing major challenges when presented in a number of cases. Mitigation of such issues is possible with the development of a standard set of methodologies flexible enough to accommodate the intricacies of all fields to be considered when dealing with digital evidence. This thesis addresses issues regarding digital forensics frameworks, methods, methodologies and standards for acquiring digital evidence using the grounded theory approach. Data was gathered using literature surveys, questionnaires and interviews electronically. Collecting data using electronic means proved useful when there is need to collect data from different jurisdictions worldwide. Initial surveys indicated that there were no existing standards in place and that the terms models/frameworks and methodologies were used interchangeably to refer to methodologies. A framework and methodology have been developed to address the identified issues and represent the major contribution of this research. The dissertation outlines solutions to the identified issues and presents the 2IR Framework of standards which governs the 2IR Methodology supported by a mobile application and a curriculum of studies. These designs were developed using an integrated approach incorporating all four core facets of the digital forensics field. This research lays the foundation for a single integrated approach to digital forensics and can be further developed to ensure the robustness of process and procedures used by digital forensics practitioners worldwide.
|
2 |
FORENSE COMPUTACIONAL EM AMBIENTE DE REDE BASEADO NA GERAÇÃO DE ALERTAS DE SISTEMAS DE DETECÇÃO DE INTRUSOS AUXILIADO PELA ENGENHARIA DIRIGIDA POR MODELOS / COMPUTATIONAL FORENSIC IN ENVIRONMENT OF NETWORK BASED ON GENERATING OF ALERTS OF INTRUDERS DETECTION SYSTEMS ASSISTED BY ENGINEERING DIRECTED BY MODELSDUARTE, Lianna Mara Castro 19 October 2012 (has links)
Made available in DSpace on 2016-08-17T14:53:23Z (GMT). No. of bitstreams: 1
Dissertacao Liana Mara.pdf: 7779999 bytes, checksum: eff54ba035aa6dab1569b8f121f7ee0a (MD5)
Previous issue date: 2012-10-19 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / Even the great progress of techniques used by protection systems as firewalls,
intrusion detection systems and antivirus to detect and prevent attacks are not
enough to eliminate the cyber-attacks threat. Known attacks for decades still achieve
success, and well-known vulnerabilities continue to exist and reappear on the Internet
and corporate networks [1]. The intrusion detection technologies we have today
provide rich information about attacks. However, the main focus of intrusion detection
focuses on the fact that security has been compromised. The computer forensics,
on the other hand, attempts to understand and explain what happened to the security
environment and how a security violation can happen [2]. However, there is a
lack of investigative mechanisms to work synergistically with these sensors and identify
not only the attackers, but the malicious actions that were performed. The lack
of standardization in the process of computer and network forensics [3], as well as
the heterogeneity of tools and the fact that the log/alert files depend on developers,
causes a large variety in the formats of these security alerts. Moreover, the knowledge
used in the incidents investigation still restricted to security analysts in each case. This
work proposes, the development of a model based on computer forensics that can be
applied in a network environment to work with IDS NIDIA [4] and heterogeneous
IDSs associating information to alerts about procedures that can be performed to investigate
the incident using existing tools. The methodology used to develop this was
initially use literature to achieve the proposed objectives, derived from books, theses,
dissertations, research papers and hypermedia documents, followed by the gathering
of information for the development of the solution and analysis tools that could assist
in the implementation and modeling the prototype, that was assisted by Model Driven
Architecture. / Mesmo o grande progresso das técnicas utilizadas pelos sistemas de proteção
como firewalls, sistemas de detecção de invasão e antivírus para detecção e prevenção
de ataques, não são suficientes para eliminar a ameaça dos ciberataques. Mesmo
ataques que existem há décadas ainda alcançam sucesso, e as vulnerabilidades bem conhecidas
continuam a existir e reaparecer na Internet e redes corporativas [1]. As tecnologias
de detecção de intrusão atuais fornecem informações ricas sobre um ataque. No
entanto, o principal foco de detecção de intrusão centra-se no fato da segurança ter sido
comprometida. A computação forense, por outro lado, tenta entender e explicar o que
aconteceu com o ambiente de segurança e como uma violação de segurança pode acontecer
[2]. No entanto, existe uma carência de mecanismos investigativos que possam
trabalhar em sinergia com estes sensores e identificar não só os atacantes, mas as ações
maliciosas que foram executadas. A falta de padronização no processo de realização
da forense computacional e de rede [3], assim como a heterogeneidade das ferramentas
e o fato de que os tipos de arquivos de logs dependem dos desenvolvedores, faz com
que haja uma grande variedade nos formatos destes alertas de segurança. Além disto,
o conhecimento empregado na investigação dos incidentes fica restrito aos analistas de
segurança de cada caso. Esta dissertação propõe, de forma geral, o desenvolvimento de
um modelo baseado na forense computacional que possa ser aplicado em ambiente de
rede para trabalhar em conjunto com o IDS NIDIA [4] e IDSs heterogêneos associando
aos alertas informações sobre procedimentos que podem ser executados para a investigação
dos incidentes utilizando ferramentas existentes. A metodologia empregada
para o desenvolvimento deste trabalho utilizou inicialmente de pesquisa bibliográfica
para atingir os objetivos propostos, oriundas de livros, teses, dissertações, artigos científicos
e documentos hipermídia, seguida de levantamento das informações para a
elaboração da solução e uma análise de ferramentas que pudessem auxiliar no processo
de modelagem e implementação do protótipo que foi auxiliado pela Arquitetura
Dirigida por Modelos.
|
3 |
A eficiência da descentralização na computação forense do Departamento de Polícia Técnica do Estado da BahiaPeixoto, Saulo Correa 20 April 2012 (has links)
Submitted by Saulo Correa Peixoto (saulopeixoto@hotmail.com) on 2012-04-27T19:07:35Z
No. of bitstreams: 1
DISSERTAÇÃO COMPLETA - SAULO 26-04-2012.pdf: 2276284 bytes, checksum: abb3608c7b05f31370d98593f219dcd0 (MD5) / Approved for entry into archive by ÁURA CORRÊA DA FONSECA CORRÊA DA FONSECA (aurea.fonseca@fgv.br) on 2012-05-11T19:55:06Z (GMT) No. of bitstreams: 1
DISSERTAÇÃO COMPLETA - SAULO 26-04-2012.pdf: 2276284 bytes, checksum: abb3608c7b05f31370d98593f219dcd0 (MD5) / Approved for entry into archive by Marcia Bacha (marcia.bacha@fgv.br) on 2012-05-16T20:08:27Z (GMT) No. of bitstreams: 1
DISSERTAÇÃO COMPLETA - SAULO 26-04-2012.pdf: 2276284 bytes, checksum: abb3608c7b05f31370d98593f219dcd0 (MD5) / Made available in DSpace on 2012-05-16T20:08:52Z (GMT). No. of bitstreams: 1
DISSERTAÇÃO COMPLETA - SAULO 26-04-2012.pdf: 2276284 bytes, checksum: abb3608c7b05f31370d98593f219dcd0 (MD5)
Previous issue date: 2012-04-20 / This study aimed to determine to what extent the process of decentralization adopted by the Department of Technical Police of Bahia (BA-DPT) was effective in meeting the Computing Forensic Expertise demands generated by Regional Coordination of Technical Police (CRPTs) in the state countryside. DPT-BA was restructured following the principles of administrative decentralization, following the progressive trend. It assumed with the decentralization the commitment to coordinate actions to empower units in the state, with the creation of minimal structures in all involved spheres, with ample capacity to articulate with each other and provide services aiming at a model of high performance public organization. Seeking to address the relationship between decentralization and efficiency in meeting the demand of expertise coming from the state of Bahia, the study, because of instrumental limitations, remained attached to the field of experts in Forensics Computer Science, which reflects and illustrates, in a significant way, the scenario occurred in other areas of expertise. Initially we identified the theoretical approaches on decentralization, showing the different dimensions of the concept, and then on the Forensics Computer Science. We carried out documentary research at the Institute of Criminology Afrânio Peixoto (Icap) and field research using semi-structured interviews with judges at the districts related to the research landscape, and with criminal experts of the Regional Coordination, of the CRPTs and from Icap Forensics Computer Science Coordination. Comparing the periods of service that include the concept of efficiency - defined by the law judges interviewed, criminal experts’ clients - and real terms - obtained through document research - data revealed a high degree of inefficiency, delays and defaults, and conflicting realities between capital and countryside. The analysis of interviews with criminal experts revealed a widespread dissatisfaction and demotivation, with almost absolute centralization of decision-making, demonstrating that the decentralization process served, paradoxically, as a tool enabling the centralization and its camouflage. / Este estudo teve como objetivo verificar até que ponto o processo de descentralização adotado pelo Departamento de Polícia Técnica da Bahia (DPT-BA) foi eficiente no atendimento às demandas de perícias de Computação Forense geradas pelas Coordenadorias Regionais de Polícia Técnica (CRPTs) do interior do Estado. O DPT-BA foi reestruturado obedecendo aos princípios da descentralização administrativa, seguindo a corrente progressista. Assumiu, com a descentralização, o compromisso de coordenar ações para dar autonomia às unidades do interior do Estado, com a criação de estruturas mínimas em todas as esferas envolvidas, com ampla capacidade de articulação entre si e com prestação de serviços voltados para um modelo de organização pública de alto desempenho. Ao abordar a relação existente entre a descentralização e a eficiência no atendimento à demanda de perícias oriundas do interior do estado da Bahia, o estudo, por limitações instrumentais, se manteve adstrito ao campo das perícias de Computação Forense, que reflete e ilustra, de forma expressiva, o cenário ocorrido nas demais áreas periciais. Inicialmente foram identificadas as abordagens teóricas sobre descentralização, evidenciando as distintas dimensões do conceito, e, em seguida, sobre a Computação Forense. Foram realizadas pesquisa documental no Instituto de Criminalística Afrânio Peixoto (Icap) e pesquisa de campo por meio de entrevistas semiestruturadas com juízes de direito lotados nas varas criminais de comarcas relacionadas ao cenário de pesquisa e com peritos criminais das Coordenações Regionais, das CRPTs e da Coordenação de Computação Forense do Icap. Correlacionando os prazos de atendimento que contemplam o conceito de eficiência definido pelos juízes de direito entrevistados, clientes finais do trabalho pericial e os prazos reais obtidos mediante a pesquisa documental os dados revelaram alto grau de ineficiência, morosidade e inadimplência, além de realidades discrepantes entre capital e interior. A análise das entrevistas realizadas com os peritos criminais revelou um cenário de insatisfação e desmotivação generalizadas, com a centralização quase absoluta do poder decisório, demonstrando que o processo de descentralização praticado serviu, paradoxalmente, como uma ferramenta de viabilização e camuflagem da centralização.
|
Page generated in 0.0835 seconds