Network Investigations

by Dario Forte, Eoghan Casey

Description

Computing has become network-centered as more people rely on e-mail, e-Commerce, and other network resources. It is no longer adequate for digital investigators to think about computers in isolation since many of them are connected together using various network technologies.
This seminar goes beyond computer forensics and discusses evidence transfer on networks and the challenges of collecting and analyzing evidence stored on and transmitted using networks. Key concepts from forensic science are presented in the context of networks.
Digital evidence relating to routers, firewalls, authentication servers, e-mail servers, wireless systems, and other network elements are examined by looking at past cases.
Open Source and commercial tools that are commonly used to correlate logs and dissect network traffic are compared, highlighting their strengths and weaknesses.

In addition to course materials, each participant will receive a copy of the book "Digital Evidence and Computer Crime", 2nd Edition, by Eoghan Casey.

Main Topics

• Legal considerations, EU directives, and Italian privacy legislation
• Preparing for network incidents with policies, procedures and logging architecture
• Digital forensics and evidence on networks
• Business versus law enforcement needs
• Establishing continuity of offense
• Linking network activities with an individual
• Correlating evidence from multiple network sources to reconstruct incidents
• Using open source and commercial tools for processing evidence on networks
• Practical investigative exercises involving evidence from networks