COCS70704

Digital Forensic Fundamentals

(DFF)
Dr. Alexios Mylonas
 Module Instructor(s)
• Instructors
– Benham Bazli
– Dr. Alexios Mylonas

• Module Leader
– Benham Bazli
 Mylonas Alexios
• Lecturer in Computer Security and Digital
Forensics
• BSc (Hons), MSc, PhD, FHEA
• T: +44 (0) 1785 353647
• O: K224
• E: alexios.mylonas@staffs.ac.uk
 Students?
• You?
 Module Structure
• 12 weeks
• One hour lecture (Every Friday)
– C328
– Theory and literature review
– Rules, regulations, guidelines and proceses
• One 2 hour tutorial (After Lecture)
– Lab (k113)
– Research & Practical
• Book: Bill Nelson et al (Guide toComputer Forensics& Investigations), 5th Ed, 2015, CENGAGE
Publishers
What am I going to learn?
 How can I pass?
• Study hard!
– Practical in the lab
– Material per week
– Your own research
• Blackboard
– Assignment(s)
– Discussion forum
• Start the assignment early
 Coursework
• 50% coursework (~300 word) – do not write a
book
• 50% written exam (please check with your
module leader!)
• Deadline 18/12/2015
• You need to shows good skills in your
coursework;
– Report writing
– Research skills
– Problem solving
– Presentation skills
– And………Time Management
 What is Computer Crime?
• Breaches of Physical Security

• Breaches of Personnel Security

• Industrial Espionage

• Software Attacks

• Employee abuse of internet

• Cyber-bulleying
 Computer Forensics
A computer can be either:
• The target of an attack
• A repository of information
• A tool in the committing of a crime
 Computer as a target of an Attack

• This could be a Denial of service attack

• Someone trying to hack the machine
• Someone trying to steal resources
• Could even be physical and they could try to
steal the machine or damage it
• Computer could be attacked by a virus
 A repository of information

• Indecent images of children

• Pirated software or media
• Material for the commission of ID theft
• Manuals or instruction on hacking
• Virus
• Documents
• Pictures
• Maps
• Diaries
A tool in the committing of a crime

• Release a virus
• Hack a computer
• Download illegal material
• Collect sensitive information
 Digital Forensics
Definition: Investigative technique to identify, collect,
examine, preserve and present digital information
– A Forensic investigator may provide expert
analysis & testimony in court of justice
– May work with /as law enforcement or
Cybersecurity companies
– May work in corporate investigations
– Civil litigation
– …or just re-track lost information
 Computer Forensics Challenges

• Too much Evidence

• Very time consuming
• Digital data can easily be corrupted
• Difficult to explain technical terms to non-
technical audience
• Tools used for in criminal investigation need to be
approved
• Encryption is used by criminals
 The recovery of digital evidence
• Locards Exchange Principle

“Wherever he steps, whatever he touches, whatever he leaves, even unconsciously, will

serve as a silent witness against him. Not only his fingerprints or his footprints, but
his hair, the fibres from his clothes, the glass he breaks, the tool mark he leaves,
the paint he scratches, the blood or semen he deposits or collects. All of these and
more, bear mute witness against him. This is evidence that does not forget. It is not
confused by the excitement of the moment. It is not absent because human
witnesses are. It is factual evidence. Physical evidence cannot be wrong, it cannot
perjure itself, it cannot be wholly absent. Only human failure to find it, study and
understand it, can diminish its value.”

• Basically “Every contact leaves a trace”

 Case study - Justin Barber
The conviction of Justin Barber
Justin Barber and April Barber were shot whilst walking on a deserted beach in Florida, USA.
April died from gunshot wounds to the face and Justin was left with wounds to the base of the
neck, left hand, shoulder and chest.

They were temporarily living apart for genuine reasons and April’s house had been recently
broken into.

April’s family had suspicions that Justin was responsible, citing affairs and financial difficulties,
and the police decided to search Justin’s computer.

What they found was a number of Google searches made by Justin a few months before the
shooting, including “Florida & divorce” and “trauma, cases, gunshot, right chest”. In addition, a
Guns n Roses track named Used To Love Her was downloaded around the same time and deleted
after his wife’s death. It includes the lyrics “I used to love her, but I had to kill her. I had to put her
six feet under and I can still hear her complain.”

Justin Barber was convicted of first-degree murder and sentenced to life in prison.
He later made an unsuccessful appeal against his life sentence citing that the evidence was purely
circumstantial.
 Triage Vs. Traditional Forensics
• There is a trend within UK law enforcement
agencies towards triaging of devices at at
crime scene or prior to transfer of the device
Q/A