Corso di Alta Formazione in Indagini e Investigazioni Informatiche (in INGLESE)

logo formed                                   UNIVERSITA’

Digital forensics, Cyber Security and ELINT

CORSO IN PROGRAMMAZIONE

The rise in technology related crime – from criminal cases, civil disputes, employee misconduct, to acts of terrorism, etc. – has generated an urgent need for a new type of “skills”.

The usage of computer in everyday life means there is more digital (data, information, evidence) available, which can be used in civil and criminal cases, which requires appropriate technical knowledge and legal procedures.

The course is intended for those involved with, or wishing to be involved with, corporate computer forensics or law enforcement computer forensics. Successful graduates will be able to safeguard the chain of digital evidence from potentially illegal or improper activity, from detection, safe collection and preservation, through to analysis and presentation in a court of law.

The threat of cybercrime is increasingly apparent to individuals and organizations across the globe.

Understanding criminal acts committed on computers and by the use of computers requires knowledge of the technology as well as law on topics such as: international law of computer forensics, electronic documents and electronic signatures, electronic payment instruments, privacy and data retention, computer crimes, phishing, hacking, scamming, grooming,  botnets, cyber-terrorism, viruses, (virtual) child pornography and other illegal usage or content on the Internet, computer investigation.

Will be described the various investigation powers: from placing wiretaps and authorizing people to search data on computer systems and networks to find digital traces.

Special attention will be paid to the “Convention on Cybercrime of the Council of Europe” and will be analyzed the current National, European and International Law as well as its future developments, seeking gaps and dilemmas in the legislation.

In this context, we will analyze the system vulnerabilities and the prevention measures that may counter cybercrime including steps to repair systems weaknesses and avoid repeating occurrence of same damages.

Students will learn how to collect and examine digital evidence using Open Source Tools, in comparison with commercial software, and how to secure virtual crime scenes.

TARGET GROUP

The course is designed to meet the needs of:

  • information security professionals;
  • computer forensic professionals needing an advanced degree;
  • police officers;
  • public administrators;
  • diplomats;
  • bank employees;
  • security systems employees;
  • insurers;
  • military and intelligence forces agents;
  • individuals wanting to enter the growing field of high technology crime investigation;
  • lawyers specialized in computer law;
  • Internet, telecommunications networks, computer systems, embedded processors and controllers in critical industries employees;
  • judges and prosecutors.

ENTRY REQUIREMENTS 

A) Bachelor’s degree in law, computer science, information sciences

or alternatively

B) the candidate should belong to law enforcement agencies with work experience in one related field to the course’s matters. In this regard, candidates should expect to be evaluated on professional letters of reference.

C) Applicants who do not have an appropriate qualification but have appropriate work experience (at least 5 years) related to the subject of the course will also be considered.

OVERALL COURSE OBJECTIVES 

On completion of the Course, the student will be able to:

  • demonstrate a critical understanding of the concepts of information security;
  • demonstrate a critical understanding of the procedures and techniques to employ when investigating computer incidents and computer misuse;
  • demonstrate a critical understanding of computer security and hacking techniques;
  • demonstrate a critical understanding of  legal issues relating to: international law of computer forensics, electronic documents and electronic signatures, electronic payment instruments, privacy and data retention, computer crimes, computer investigation;
  • demonstrate a critical understanding of the use of cryptography-based electronic signatures for identification and confidentiality purposes, the legal and evidentiary force of electronic documents, electronic and optical archiving, electronic invoicing;
  • demonstrate a critical understanding of the  processing of personal data and protection of the privacy rights of natural and legal persons, data processing made through electronic means, security aspects and technological measures;
  • apply the basic procedures and technologies for conducting successful forensic examinations of digital media storage devices and computer networks;
  • design procedures at a suspected crime scene to ensure that the digital evidence obtained is not corrupted;
  • employ the rigorous procedures necessary to have forensic results stand up to scrutiny in a court;
  • understand the operation of the digital components handled (storage media, networks, etc.) so that all necessary forensic evidence can be extracted and validated.

COURSE OUTLINE

1. Computer Forensics – Information communication technology (ICT) base module;

2. Computer Forensics – Law base module;

3. Digital Forensics – Network forensics & CyberWar.

Computer Forensics – Information Communication Technology (ICT)

Base module

Learning Outcomes 

1.1 Introduction to Computer Forensics

1.2 The “four steps” of Incident Response

1.3 Ethical forensics

1.4 Understanding File Systems and Structures

1.5 Linux

1.6 Network Essentials and Internet Protocol

1.7 Client and Server Hardware Components

1.8 Forensic Tools and Incident Response

1.9 Operating System Forensics

1.10 Internet Forensics

1.11 Computer Forensics – Investigative Simulation

Skills – at the end of the module/unit the learner will be able to:

2.1. identify computer hardware components;

2.2. apply commands in Windows and Linux operating systems;

2.3. write grammatically correct, concise, clear, and objective technical report;

2.4. select the technology components for the task to be completed;

2.5. demonstrate an understanding of computer forensic concepts;

2.6. formulate an incident response plan;

2.7. discuss methods and techniques of forensic investigation;

2.8. use forensic software to secure and analyze various digital media;

2.9. evaluate and compare various forensic utilities and software;

2.10. describe and evaluate methods of hiding and accessing hidden data;

2.11. demonstrate an understanding of investigative techniques for various operating systems;

2.12. recognize investigative aspects relative to the legal integrity of the data analysis;

2.13. know current Internet protocol suite to understand concepts such as link layers, subnetting, logical addressing (IP), physical Address Resolution Protocol (ARP), Reverse Address Resolution Protocol (RARP), Internet Control Message Protocol (ICMP), logical address routing and Domain Name System (DNS);

2.14. know networking concepts as introduction to network engineering field. Switching, routing, cabling, TCP/IP, LAN, WAN, Wireless Lan, firewalling.

2.15. know component safety, processors, motherboards, computer memory, CMOS, typical IO ports, hard drive interfaces, system assembly, OS installation;

2.16. understand concepts of properly preserving computer or digital media evidence;

2.17. examine tools employed in a computer forensic investigation to develop a working knowledge of the Forensic Toolkit (FTK) and Open Source based tools and Linux distribution (CAINE and DEFT)

2.18. explore how to determine and investigate Internet and e-mail crimes;

2.19. know how to locate IP addresses, web page defacement and DNS compromises;

2.20. use software to create a live simulation of compromised system images to demonstrate the components inherent in forensic investigations.

Core Texts

1. Cory Altheide, Harlan Carvey, Digital Forensics with Open Source Tools, ISBN-10: 1597495867 | ISBN-13: 978-1597495868, 2011;

2. Brian Carrier, File System Forensic Analysis, 2005;

3. Eoghan Casey, Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet, ISBN-10: 0123742684 ISBN-13: 978-0123742681, 2011;

Recommended Texts

4. Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 7, ISBN-10: 1597497274 ISBN-13: 978-1597497275, 2014;

5. Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8, ISBN-10: 0124171575 ISBN-13: 978-0124171572, 2014.

Computer Forensics – Law base module

Learning Outcomes

1.1. The  international law of computer forensics

1.2. Electronic documents and electronic signatures

1.3. Electronic payment instruments

1.4. Privacy and data retention

1.5. Computer crimes

1.6. Computer investigation

Skills – at the end of the module/unit the learner will be able to:

1. examine the role of national, international legislation and frameworks in the prevention and combating of cybercrime and in the field of computer forensics and the relating rules;

2. demonstrate a critical understanding of the use of cryptography-based electronic signatures for identification and confidentiality purposes, the legal and evidentiary force of electronic documents, electronic and optical archiving, electronic invoicing;

3. demonstrate a critical understanding of technical issues and legal issues related to the use of electronic payment instruments in consideration of  a necessary revision of the traditional legal concepts of “money” and “payment”;

4. demonstrate a critical understanding of the  processing of personal data and protection of the privacy rights of natural and legal persons, data processing made through electronic means, security aspects and technological measures;

5. examine the effect of the global connectivity revolution on cybercrime and he will able to know the most common computer  crimes and the role of the Internet Service Providers;

6. apply the basic procedures and technologies for conducting successful forensic examinations of digital media storage devices and computer networks;

7. design procedures at a suspected crime scene to ensure that the digital evidence obtained is not corrupted;

8. employ the rigorous procedures necessary to have forensic results stand up to scrutiny in a court;

9. understand the operation of the digital components handled (storage media, networks, etc.) so that all necessary forensic evidence can be extracted and validated.

Core Texts

1. Cory Altheide, Harlan Carvey, Digital Forensics with Open Source Tools, ISBN-10: 1597495867 | ISBN-13: 978-1597495868, 2011;

2. United Nations Office on Drugs and Crime (UNODC), Comprehensive Study on Cybercrime, V.13-80699, February 2013-300 (http://www.unodc.org);

3. Gianpaolo Maria Ruotolo, Internet-ional law, Profili di diritto internazionale pubblico della Rete , Cacucci Editore, ISBN-978-88-6611-229-7, 2013;

4. G. Costabile – D. Rasetti, Scena criminis, tracce informatiche e formazione della prova, in Cyberspazio e diritto, 2003, vol. 4, n. 3/4, 273;

5. G. Costabile, Scena criminis, documento informatico e formazione della prova penale, in Il diritto dell’informazione e dell’informatica, 2005, 3;

6. A. Chelo Manchìa, Sequestro probatorio di computer: un provvedimento superato dalla tecnologia?, in Cass. pen., 2005, 5, 1634;

Recommended Texts

7. P. Perri, La computer forensics, in Manuale breve di informatica giuridica, a cura di G. Ziccardi, Milano, 2006, 199;

8. S. Aterno, La computer forensics tra teoria e prassi: elaborazioni dottrinali e strategie processuali, in Cyberspazio e diritto, 2006, 425 s;

9. Eoghan Casey, Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet,  ISBN-10: 0123742684 ISBN-13: 978-0123742681, 2011.

Digital Forensic – Network Forensic & CyberWar

Learning outcomes

1.1. Audio and video investigation

1.2. Special analysis of digital evidences

1.3. Image and Video Analysis in Geospatial  INTelligence

1.4. Introduction to Network security and incident response

1.5. Offensive Security

1.6. Cyber Crime: Hacking and Cracking

1.7. IP geolocation and investigation

1.8. Introduction to Malware Analysis

1.9. Network penetrating test

1.10. Network administration

1.11. Cyber  Defensive  Counterattack

Skills – at the end of the module/unit the learner will be able to:

2.1. Identify and collect a digital evidence from PC, Mobile, Recorder, Drive

2.2. Analyze a digital evidence with the most famous tools

2.3. Analyze and reverse engineering of malware image incorporated

2.4. Introduction to Understand a network concept: SSH, TCP/IP

2.5. Introduction to Use of Unix System for network analysis

2.6. Use of Programming Language for network security (Unix, Python, SQL)

2.7. Introduction to Forensic Analyze of malware code

2.8. Introduction to Use of Kali Linux and Back Track

2.9. Introduction to Metasploit Project

2.10. Understand hacking and cracking network attack technique

  1. DDoS and DoS
  2. SSH
  3. Router Bug
  4. Telnet
  5. Ram scraping
  6. Bruteforce
  7. SQL injection
  8. By-pass
  9. Botnet
  10. RAT
  11. Sniffing and Spoofing
  12. Scanning

2.11. Introduction to Recognize and response an attack

2.12. Stuck of Cyber Attack

2.13. Investigate a Cyber Crime: Incident Response, Live and Post-mortem Analysis

2.14. Understand a Cybersecurity and Cyber Intelligence: Echelon, Carnivore and other

2.15. Analyze a Major Gouvernment Cyberattack: Titan Rain, Moonlight Maze

Core Texts

1. Stuart McClure, George Kurtz, Joel Scambray  – Hacker 7.0 – Apogeo Ed. 2013;

2. Salvatore Aranzulla – Hacker contro Hacker. Manuale di controspionaggio informatico – Mondadori Ed. 2011;

3. Maurizio Cusimano – Immagini digitali per la giustizia. Procedure operative di analisi su immagini e video a scopo forense – Ed. 2012;

4. J.R. Vacca – Cybersecurity and IT infrastructure protection – Ed. 2013.

Workshop 

  1. Basic security programming in Visual Basic, C#, C++, Command Line, Python, Matlab
  2. Reverse Engineering of .exe compilated
  3. Use of MATLAB for image and signal analysis
  4. Network programming object oriented
  5. Malware analysis and reverse engineering
  6. Recognize and repair bug of a network
Questa voce è stata pubblicata in Corso di Alta Formazione in Indagini e Investigazioni Informatiche (in INGLESE). Contrassegna il permalink.

Rispondi

Inserisci i tuoi dati qui sotto o clicca su un'icona per effettuare l'accesso:

Logo WordPress.com

Stai commentando usando il tuo account WordPress.com. Chiudi sessione / Modifica )

Foto Twitter

Stai commentando usando il tuo account Twitter. Chiudi sessione / Modifica )

Foto di Facebook

Stai commentando usando il tuo account Facebook. Chiudi sessione / Modifica )

Google+ photo

Stai commentando usando il tuo account Google+. Chiudi sessione / Modifica )

Connessione a %s...