HICSS-42

Program
* Keynote Address
* Distinguished Lecture
* Tracks and Minitracks
* Symposia, Workshops,
and Tutorials

Call for Papers

Author Instructions

Minitrack Chair Review Instructions

Minitrack Chair Responsibilities

Accommodation and Travel Arrangements

Registration

Contact

Return to HICSS Homepage

 


Tutorial: Computer Forensics Hardware and Software: Processing Hard
------------Drives, CDs, and Cell Phones (full-day)
Leaders: Gary C. Kessler

Undergraduate and graduate programs in digital forensics continue to emerge at colleges and universities around the globe. Even many educational institutions without formal programs in computer forensics have one or two courses, and other schools are considering adding such courses to their criminal justice or computer science curricula. This tutorial has two primary purposes. First, it is intended to further the understanding of digital forensics by demonstrating some of the hands-on skills that are essential for the computer forensics examiner and putting these skills into the context of the forensics and investigative process. Second, it is meant to provide educators with some additional teaching techniques and materials to use in computer forensics courses.

The primary purpose of this tutorial will be to describe and demonstrate actual tools and techniques used by computer forensics examiners for hard drive, compact disc (CD), random access memory (RAM), and cell phone forensics. Methods and procedures for the acquisition, preservation, analysis, and reporting phases of the digital forensics process will be described. Tools to be demonstrated will include hard drive write-blocking and cell phone acquisition hardware, drive imaging software (e.g., dd and FTK Imager), computer analysis software (e.g., Encase, Forensic Toolkit, Helix, ISObuster, and WinHex), and cell phone analysis software (e.g., Bitpim and MobilEDIT! Forensic).

Demonstrations will be live, employing pre-prepared evidence media that are in current use in undergraduate computer forensics courses. Therefore, there will not only be an overview of the computer forensics process and a demonstration of tools, but also course material that can be employed by other educators. Exercises will be made available to participants, as well as any free and demo software.

The primary topics to be addressed in the tutorial include:
* The digital forensics process
* Describing the role and function of hardware and software
* Identifying digital evidence
* Demonstration -- Sanitizing (wiping) the examination media
* Demonstration -- Preserving the evidence medium (imaging hard drives, CDs, and RAM)
* Demonstration -- Analyzing the evidence
* Demonstration -- Reporting the results of the examination
* Demonstration -- Cell phone analysis

Gary C. Kessler (gary.kessler@champlain.edu) EdS, Associate Professor of Computer & Digital Forensics and Director, Center for Digital Investigation, Champlain College, Burlington, Vermont. He is also a member of the Vermont Internet Crimes Against Children (ICAC) Task Force, a member of the High Technology Crime Investigation Association, a Certified Computer Examiner (CCE), an associate editor of the Journal of Digital Forensic Practice , and on the editorial board of the Journal of Digital Forensics, Security and Law .