avoiding cybertraps
DESCRIPTION
A presentation that I gave to the San Diego Country Schools Risk Management JPA on October 29, 2013.TRANSCRIPT
![Page 1: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/1.jpg)
Avoiding Cybertraps
Incident Response, Computer Forensics,
and Risk Management
Frederick S. Lane
www.FrederickLane.com
Cybertraps.wordpress.com
San Diego County Office of Ed. JPA
San Diego, CA29 October 2013
![Page 2: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/2.jpg)
Background and Expertise• Attorney and Author of
7 Books• Computer Forensics
Expert -- 15 years• Over 100 criminal
cases• Lecturer on Computer-
Related Topics – 20+ years
• Computer user (midframes, desktops, laptops) – 35+ years
• 10 yrs on Burlington VT School Boardwww.FrederickLane.co
mCybertraps.wordpress.com
![Page 3: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/3.jpg)
Lecture Overview• Headache-Inducing Headlines• Common Types of Incidents• Electronic Evidence Is
Everywhere• Preparing for the Inevitable• Risks for Administrators and
Teachers• A Quick Intro to Computer
Forensicswww.FrederickLane.co
mCybertraps.wordpress.com
![Page 4: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/4.jpg)
Headache-Inducing Headlines
• “Parents Sue School District After Their 13-Year-Old's Suicide Following Sexting Bullying” – Hillsborough Cty., Florida• “Parents sue Lockhart school district after teacher charged with sexual assault” – Lockhart, TX• “School Cyberbullying Victims Fight Back In Lawsuits” – WV, PA, GA• “School Employees Sue Cyberbullying Students” – TX, PAwww.FrederickLane.co
mCybertraps.wordpress.com
![Page 5: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/5.jpg)
A Tangled Mobile Web
www.FrederickLane.com
Cybertraps.wordpress.com
![Page 6: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/6.jpg)
Common Types of Incidents
• Employment Issues• Harassment/Hostile Work Environment• Disciplinary Issues
• Student Misconduct• Cyberbullying & Cyberharassment• Sexting
• Teacher/Student Misconduct• Student Attacks on Teachers• Inappropriate Relationships
www.FrederickLane.com
Cybertraps.wordpress.com
![Page 7: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/7.jpg)
E-Evidence Is Everywhere
• Inventory Possible Devices• Computers (Desktops, Laptops, Servers)
• Mobile Devices (Phones, Tablets)
• Peripherals (USBs, CDs, external drives, etc.)
• Inventory Possible Types of Data• Communication (E-Mail, IMs, Texts, etc.)
• Social Media (Facebook, Twitter, etc.)
• Web Activity (URLs, cookies, bookmarks, etc.)
• Network Logs and Access Data
• Cloud Storage (Dropbox, Flickr, Boxy, etc.)
• Deleted Datawww.FrederickLane.co
mCybertraps.wordpress.com
![Page 8: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/8.jpg)
Whose Data Is It Anyway?
• Where Did the Incident Occur?• On-Campus vs. Off-Campus
• Zone of District Responsibility Is Growing
• Who Owns and Uses the Device?• Misconduct Using School-Owned Equipment
• Misconduct Using Privately-Owned Equipment
• Who Runs the Service?• Evidence Hosted by District
• Evidence Created by Teachers/Students
• Evidence Hosted by 3rd Partieswww.FrederickLane.co
mCybertraps.wordpress.com
![Page 9: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/9.jpg)
Pre-Incident Preparation
• Policies and Procedures• District Decisions re Access, Services, Storage• AUPs for Staff and Students• Data Handling and Response Protocols
• Professional Development for Teachers and Staff• Typically First Responders• Potential Legal Risks• Technology Is Continually Changing
• Student Education• Critical Component of K-12 Curricula
www.FrederickLane.com
Cybertraps.wordpress.com
![Page 10: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/10.jpg)
Response to Civil Litigation
• Preservation of Potentially Relevant Evidence• Adherence to Established Policies for
Handling Data• Notice of Litigation or Reasonable
Anticipation of Litigation
• Discovery Requests• Privacy Concerns• Burdensomeness of Requests• Production of Data Held by 3rd Parties
www.FrederickLane.com
Cybertraps.wordpress.com
![Page 11: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/11.jpg)
Response to Criminal Activity
• Anticipate Prosecution and/or Disciplinary Proceedings• Adherence to Policy/Process Is Critical• Involve Law Enforcement ASAP
• Protect and Preserve Data• Restrict Access to Potentially Relevant
Data• Hire a Computer Forensics Expert?• Some Evidence Is Radioactive
www.FrederickLane.com
Cybertraps.wordpress.com
![Page 12: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/12.jpg)
Risks for Admins. & Teachers
• Good Intentions, Bad Outcome• “Sherlock Holmes” Syndrome• Forwarding Content for Advice
• The Cover-Up Is Always Worse• Trying to Protect Colleagues and Friends• Desire to Protect District by Handling In-
House• “Delete” Is a Myth
www.FrederickLane.com
Cybertraps.wordpress.com
![Page 13: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/13.jpg)
A Cautionary Tale• Ting-Yi Oei, now 64• Assistant Principal at
Freedom HS in So. Riding, VA (Loudoun County)
• Told to investigate rumors of sexting at HS
• “Inappropriate” image was forwarded to Oei’s cellphone, then computer
• Charged with “failure to report,” then contributing to delinquency of a minor
• Charges ultimately dismissed
www.FrederickLane.com
Cybertraps.wordpress.com
![Page 14: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/14.jpg)
Computer Forensics 101
• Field Previews• Acquisition & Mirror Images• Some Data Are More Fragile Than
Others• Speed Is Of the Essence• Powerful Forensics Tools• Data Recovery and Analysis• IP Addresses Link to Real World• 4th Amendment and Privacy
Concernswww.FrederickLane.co
mCybertraps.wordpress.com
![Page 15: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/15.jpg)
Current Projects• Cybertraps for Educators (2014)• Safe Student and School Employee
Relationships (2014)• Cybertraps.wordpress.com• CPCaseDigest.com• MessageSafe.com• Informational Web Sites:• www.FrederickLane.com• www.ComputerForensicsDigest.com• www.CybertrapsfortheYoung.com
www.FrederickLane.com
Cybertraps.wordpress.com
![Page 16: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/16.jpg)
Contact Information
• E-Mail:• [email protected]
• Telephone:• 802-318-4604
• Twitter• @Cybertraps, @FSL3
• LinkedIn:• www.linkedin.com/in/fredericklane/
• SlideShare.net• www.slideshare.net/FSL3www.FrederickLane.co
mCybertraps.wordpress.com
![Page 17: Avoiding Cybertraps](https://reader036.vdocuments.us/reader036/viewer/2022081502/558e35661a28abe73f8b46c4/html5/thumbnails/17.jpg)
Avoiding Cybertraps
Incident Response, Computer Forensics,
and Risk Management
Frederick S. Lane
www.FrederickLane.com
Cybertraps.wordpress.com
San Diego County Office of Ed. JPA
San Diego, CA29 October 2013