Скачать презентацию Introduction to Computer Forensics The fundamental concern Скачать презентацию Introduction to Computer Forensics The fundamental concern

56a5710aa21ce82f787b576924d2efc5.ppt

  • Количество слайдов: 15

Introduction to Computer Forensics Introduction to Computer Forensics

The fundamental concern of forensic computing activity is for the accurate extraction of INFORMATION The fundamental concern of forensic computing activity is for the accurate extraction of INFORMATION from computerbased systems, such that it may be presented as admissible evidence in court (Sammes and Jenkinson 2000)

What is Information? Liebenau and Backhouse (1990), Understanding Information: n “Numerous definitions have been What is Information? Liebenau and Backhouse (1990), Understanding Information: n “Numerous definitions have been proposed for the term ‘information’, and most of them serve well the narrow interests of those defining it. ” n “These definitions are all problematic”

What is Information? Liebenau and Backhouse (1990), Understanding Information: “…information cannot exist independently of What is Information? Liebenau and Backhouse (1990), Understanding Information: “…information cannot exist independently of the receiving person who gives it meaning and somehow acts upon it. That action usually includes analysis or at least interpretation, and the differences between data and information must be preserved, at least in so far the information is data arranged in meaningful way to some perceived purpose ”

n Computer system holds data. n Any information that we (the receiving persons) may n Computer system holds data. n Any information that we (the receiving persons) may extract from this data is a result of our analysis or interpretation of it in some meaningful way for some perceived purposes. n We have to have a set of interpretative rules which we apply to the data in order to extract the information. (Sammes and Jenkinson 2000)

Computer • Electronic device • Accepts data - input • Processes it according to Computer • Electronic device • Accepts data - input • Processes it according to a given set of instructions • Produces results - output Computer input output

Input, Output, Computer Program Input – unprocessed data manipulated by the computer n Output Input, Output, Computer Program Input – unprocessed data manipulated by the computer n Output – processed information or results produced by the computer n n The set of instructions that the computer follows is called a computer program

Computer System hardware n the physical equipment used to process a data software n Computer System hardware n the physical equipment used to process a data software n computer programs

Hardware CPU 010 111. . . Main Memory Secondary Memory I/O Devices Hardware CPU 010 111. . . Main Memory Secondary Memory I/O Devices

Hardware Main Memory Output Devices Input Devices CPU Hardware Main Memory Output Devices Input Devices CPU

Input/Output Devices Input devices n keyboard, mouse enter data and programs into the computer Input/Output Devices Input devices n keyboard, mouse enter data and programs into the computer Output devices n printer, monitor display the results processed by the computer

Memory Main Memory Secondary Storage • Nonpermanent • Permanent • Rapid Access • Non Memory Main Memory Secondary Storage • Nonpermanent • Permanent • Rapid Access • Non Rapid • Low Capacity • High Capacity Bit - Binary Digit Byte = 8 bits KB = Kilo. Bytes = 1024 bytes =210 MB = Mega. Bytes = 1, 048, 576 bytes = 220 GB = Giga. Bytes = 230 bytes

CPU – Central Processing Unit n Control Unit ¨ Directs the processing operations ¨ CPU – Central Processing Unit n Control Unit ¨ Directs the processing operations ¨ Coordinates the flow of data to Main Memory and ALU n Arithmetic Logic Unit (ALU) performs ¨ Arithmetic operations ¨ Logic operations

Software n Operating Systems ¨ DOS ¨ UNIX ¨ Windows n Application Software ¨ Software n Operating Systems ¨ DOS ¨ UNIX ¨ Windows n Application Software ¨ Word ¨ Power Point ¨ Emacs, Pico

References Liebenau, J. and Backhouse, J. (1990) Understanding information : an introduction. London, Macmillan References Liebenau, J. and Backhouse, J. (1990) Understanding information : an introduction. London, Macmillan n Tony Sammes and Brian Jenkinson (2000), Forensic Computing: A Practitioner's Guide, Springer Verlag n