Tutorial M1 – Digital Forensics 1: Technology, Policy, and Countermeasures

Dr. Simson L. Garfinkel, Naval Postgraduate School

Monday, December 7th, Full Day

Computer forensics is the study of information stored in computer systems for the purpose of learning what happened to that computer at some point in the past-and for making a convincing argument about what was learned in a court of law. This day-long course includes basic information on a range of forensic topics, including forensics policy, law, and the forensic process, bulk data analysis, document forensics and file carving. This course will teach you how to recover photos and files from failing storage devices, and let you "prove" that somebody really did steal a document (or at least that they had part of the stolen document on their hard drive.) This class will teach you enough to be dangerous.

Students should bring laptops running either Windows, MacOS or Linux: forensic tools and data will be provided for several in-class exercises.

Outline

  1. Introduction to Digital Forensics: What is forensics, and why is information left behind on computer systems; Computer forensics vs. physical forensics; Forensics and the law; The C.S.I. effect; The federal rules of evidence; The forensic investigation. Understanding "residual" and "remnant" information.
  2. Data Analysis: Unicode; File Identification.
  3. Data Analysis: File carving, and data recovery; Bulk Data Analysis.
  4. Forensics: Residual data; Document Forensics.
  5. Memory Forensic.

Prerequisites

Basic understanding of operating systems and file systems.

About the Instructor

Dr. Simson L. Garfinkel is an Associate Professor at the Naval Postgraduate School in Monterey, CA. He is also the founder of Sandstorm Enterprises, a computer security firm that develops advanced computer forensic tools used by businesses and governments to audit their systems. Garfinkel has research interests in computer forensics, the emerging field of usability and security, information policy, and terrorism. He has actively researched and published in these areas for more than two decades. He is the author or co-author of fourteen books on computing. He is perhaps best known for Database Nation: The Death of Privacy in the 21st Century and for Practical UNIX and Internet Security.

Dr. Garfinkel holds a doctorate in computer science from MIT and a master's degree in journalism from Columbia University.