computer forensics – what you don’t know can cost you
DESCRIPTION
At the 2013 Interface Security Conference, Tom Pruett, one of Centriq Trainings certified instructor, gave a presentation about Computer Forensics and how most companies are not prepared for a cyber-attack. Computer Forensics has a twofold objective. (1) To recover, analyze and preserve computer and related materials in such a way that they can be presented in a court of law. (2) To identify the evidence quickly, estimate the potential impact of the malicious activity on the victim and assess the intent and identify the perpetrator.TRANSCRIPT
Welcome
Process of Forensics:
Is Your Company on High Alert?
Tom PruettEducation & CertificationsM.A., Southwest Texas State UniversityB.S., Southeast Missouri StateCCSI#33112, CCNA, CTT+, MCT, MCP, MCSA, MCDA, MCTS SQL Server 2005, MCITP SQL 2005, MCSE, Certified Novell Administrator, A+, Network +, Security +, Certified Ethical Hacker, Certified Forensic Investigator, and CWNA
Number of Years in IT18 years
Number of Years in Training17 years
Areas of ExpertiseCiscoNetwork SecurityComputer ForensicsWirelessMicrosoft Operating Systems & Networking TechnologiesMicrosoft SQL Server 6.5, 7, 2000, 2005 & 2008Microsoft Server NT 4, 2000, Windows XP, 2003, Windows 7 & 2008
LinkedIn.com/in/TomPruett
Facebook.com/CentriqTraining
Process of Forensics: Is Your Company on High Alert?
Computer Forensics Objectives
Different Types of Forensic uses.
What are the Legal Ramifications?
It is About the Process More Than the Tools
Forensics - First Responder and Incident Response
Hardware and Software Tools Used in Forensics
The Computer Forensic Process
Process of Forensics: Is Your Company on High Alert? 3
Computer Forensics Objectives
To recover, analyze and preserve computer and related materials in such a way that they can be presented in a court of law.
To identify the evidence quickly, estimate the potential impact of the malicious activity on the victim and assess the intent and identify the perpetrator
Process of Forensics: Is Your Company on High Alert? 4
Different Types of Forensic Uses
Law Enforcement
Private Sector
Enterprise
Full Forensic Workups - Case
Partial Forensic Workups – Recover Deleted Files
Process of Forensics: Is Your Company on High Alert? 5
What Are the Legal Ramifications?
Law Enforcement Follows Strict Evidence Procedures
Private Sector Must Have a Consistent Evidence Procedures
Litigious Needs for Private Sector
2002 - Scientific Working Group on Digital Evidence (SWGDE) "Best practices for Computer Forensics“
2005 - ISO standard ISO 17025 - General requirements for the competence of testing and calibration laboratories
Process of Forensics: Is Your Company on High Alert? 6
Forensics - First Responder and Incident Response
First Responders and Incident Response is Where it Starts
Incident Response Plans need to have Forensic Procedures
First Responders Play a Crucial Role
Decide if a Crime has been Committed
Decide if a Forensic Process is Needed
Process of Forensics: Is Your Company on High Alert? 7
It is About the Process More Than the Tools
Break It and Fix
Troubleshooting
Looking for the Unknown
Patience
Never Exceed Your Knowledge Base
Process of Forensics: Is Your Company on High Alert? 8
Hardware and Software Tools Used in Forensics.
Forensic PC
Process of Forensics: Is Your Company on High Alert? 9
Hardware and Software Tools Used in Forensics.
Portable Forensic Kit
Process of Forensics: Is Your Company on High Alert? 10
Hardware and Software Tools Used in Forensics.
Software to Analyze Hosts and Networks
Encase
FTK
Process of Forensics: Is Your Company on High Alert? 11
Computer Forensic Process
Determine if a forensic workup is needed
Evidence collection techniques
Secure the evidence
Data Acquisition
Analyze Data
Forensic Reporting
Process of Forensics: Is Your Company on High Alert? 12
End
Process of Forensics: Is Your Company on High Alert? 13