>> I will start with the forensic science.
>>我将从法医学开始。
Forensic science means the examination and the investigation of crime using scientific methods.
法医学是指用科学方法对犯罪进行检查和调查。
To ensure that evidence is admissible in court, forensic examiners have
to follow a legal proceeding when collecting and handling
evidence.
为了确保证据在法庭上可以受理,法医检查员在收集和处理证据时必须遵循法律程序。
For example, when collecting and examining blood samples, fingerprints, and other evidences,
forensic examiners document each step
to ensure
that the evidence is handled in a tamper proof manner.
例如,在收集和检查血液样本,指纹和其他证据时,法医检查员记录每个步骤,以确保以防篡改的方式处理证据。
Finally, they present their evidence and their findings along with their procedures in court.
最后,他们在法庭上提供他们的证据和调查结果以及他们的程序。
Digital forensics or computer forensics is a branch of forensic science primary focusing
on digital evidence such as a suspector's
computer
or network data, smartphone, USB, and GPS data.
数字取证或计算机取证是法医科学的一个分支,主要关注数字证据,如悬浮计算机或网络数据,智能手机,USB和GPS数据。
Recently, the police in Connecticut even used a woman's FitBit data, the steps log,
to disprove his husband's versions of events.
最近,康涅狄格州的警察甚至使用女人的FitBit数据,步骤记录,以反驳他丈夫的事件版本。
Subsequently the police arrested him for murdering his wife.
随后,警方以谋杀妻子的方式逮捕了他。
The incident response and the forensic investigation process starts
when a security breach is identified.
当发现安全漏洞时,事件响应和取证调查过程就开始了。
In a given incidence, investigators need to identify, recover,
and exam thousands possibly millions of digital artifacts in a
forensic sound manner.
在给定的发生率中,研究人员需要以法医声音方式识别,恢复和检查数千个可能数百万个数字工件。
Their final presentation of evidence and actions in court serves
to support or disprove case statements.
他们在法庭上对证据和诉讼的最终陈述有助于支持或反驳案件陈述。
Nowadays almost everyone uses one or more electronic devices such as computers,
smartphones, and wearable devices at home, school,
and work.
如今,几乎每个人都在家,学校和工作中使用一台或多台电子设备,如计算机,智能手机和可穿戴设备。
No matter how carefully someone plans a crime,
they often leave evidence behind on some of this devices.
无论人们如何谨慎地计划犯罪,他们往往会在某些设备上留下证据。
Forensic investigators exam this devices to uncover evidence.
法医调查员检查此设备以发现证据。
Since this devices store important digital information,
they can also be direct targets for cyber crimes.
由于这些设备存储重要的数字信息,因此它们也可以成为网络犯罪的直接目标。
For example, hackers hack into computers and networks
to access company's intellectual property or steal customer's credit card.
例如,黑客入侵计算机和网络以访问公司的知识产权或窃取客户的信用卡。
In this scenarios, forensic investigators collect and analyze digital evidence to identify
who hacked into the system and for what
purpose.
在这种情况下,法医调查员收集和分析数字证据,以确定谁入侵了系统以及出于何种目的。
They also try to determine the vulnerabilities that led to the security breach as well as types
of root kits or malware installed
on the system.
他们还尝试确定导致安全漏洞的漏洞以及系统上安装的根工具包或恶意软件的类型。
And they develop a timeline of criminal activities.
他们制定了犯罪活动的时间表。
Electronic devices may also contain information that is directly targeted to a case.
电子设备还可以包含直接针对案例的信息。
For example, in a corporate espionage case, steganography is often used
to conceal stolen intellectual property and the trade
secrets inside innocent looking images.
例如,在企业间谍案中,隐写术通常用于隐藏被盗知识产权以及无辜图像中的商业秘密。
Detecting and extracting hidden evidence
from steganographic images is a crucial step for this type of investigation.
从隐写图像中检测和提取隐藏证据是此类调查的关键步骤。
In most cases, electronic devices are not directly involved in an incident
but information stored in this devices provides crucial
evidence for investigation.
在大多数情况下,电子设备不直接参与事件,但存储在此设备中的信息为调查提供了重要的证据。
For example, in 2015, an aircraft operated by German wings crashed
and it killed all 144 passengers and the crew members.
例如,在2015年,一架由德国机翼操作的飞机坠毁,导致所有144名乘客和机组人员死亡。
Criminal investigators found that the co-pilot used his tablet computer to search for ways
to commit suicide and the cockpit doors
and their security provisions before the crash.
刑事调查人员发现,副驾驶使用他的平板电脑在坠机前搜寻自杀方式和驾驶舱门及其安全措施。
Leading to the conclusion that the crash was deliberately caused by the co-pilot.
得出的结论是,这次事故是由副驾驶故意造成的。
In this course, students will learn the fundamentals of computer forensic procedures
and the technologies used to identify,
preserve, analyze,
and present admissible evidence to court.
在本课程中,学生将学习计算机取证程序的基础知识以及用于识别,保存,分析和向法院提交可接受证据的技术。
They will learn the techniques investigators use to retrieve evidence
that is typically inaccessible through normal operations such
as data that has been deleted,
hidden, encrypted, or even partially overwritten.
他们将学习调查人员用于检索通常无法通过正常操作访问的证据的技术,例如已被删除,隐藏,加密或甚至部分覆盖的数据。
We will look at both Windows and the Linux Unix file systems and along various type
of system artifacts exempt to conduct effective
investigations.
我们将查看Windows和Linux Unix文件系统以及各种类型的系统工件,免除进行有效调查。
Additionally, student will learn how to use various forensic tools
through my lectures and the demonstrations.
此外,学生将通过我的讲座和演示学习如何使用各种取证工具。
They will also have opportunities to practice these tools themselves
which are highly recommended they try.
他们也有机会自己练习这些工具,强烈建议他们尝试。
I look forward to working with the students over the next eight weeks.
我期待在接下来的八周内与学生们一起工作。
70
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
