Computer Forensics – What You Don’t Know Can Cost You

  • View
    103

  • Download
    0

Embed Size (px)

DESCRIPTION

At the 2013 Interface Security Conference, Tom Pruett, one of Centriq Trainings certified instructor, gave a presentation about Computer Forensics and how most companies are not prepared for a cyber-attack. Computer Forensics has a twofold objective. (1) To recover, analyze and preserve computer and related materials in such a way that they can be presented in a court of law. (2) To identify the evidence quickly, estimate the potential impact of the malicious activity on the victim and assess the intent and identify the perpetrator.

Text of Computer Forensics – What You Don’t Know Can Cost You

  • 1. Welcome Process of Forensics: Is Your Company on High Alert?

2. Education & Certifications M.A., Southwest Texas State University B.S., Southeast Missouri State CCSI#33112, CCNA, CTT+, MCT, MCP, MCSA, MCDA, MCTS SQL Server 2005, MCITP SQL 2005, MCSE, Certified Novell Administrator, A+, Network +, Security +, Certified Ethical Hacker, Certified Forensic Investigator, and CWNA Number of Years in IT 18 years Number of Years in Training 17 years Areas of Expertise Cisco Network Security Computer Forensics Wireless Microsoft Operating Systems & Networking Technologies Microsoft SQL Server 6.5, 7, 2000, 2005 & 2008 Microsoft Server NT 4, 2000, Windows XP, 2003, Windows 7 & 2008 LinkedIn.com/in/TomPruett Facebook.com/CentriqTraining 3. Computer Forensics Objectives Different Types of Forensic uses. What are the Legal Ramifications? It is About the Process More Than the Tools Forensics - First Responder and Incident Response Hardware and Software Tools Used in Forensics The Computer Forensic Process Process of Forensics: Is Your Company on High Alert? 3 4. To recover, analyze and preserve computer and related materials in such a way that they can be presented in a court of law. To identify the evidence quickly, estimate the potential impact of the malicious activity on the victim and assess the intent and identify the perpetrator Process of Forensics: Is Your Company on High Alert? 4 5. Law Enforcement Private Sector Enterprise Full Forensic Workups - Case Partial Forensic Workups Recover Deleted Files Process of Forensics: Is Your Company on High Alert? 5 6. Law Enforcement Follows Strict Evidence Procedures Private Sector Must Have a Consistent Evidence Procedures Litigious Needs for Private Sector 2002 - Scientific Working Group on Digital Evidence (SWGDE) "Best practices for Computer Forensics 2005 - ISO standard ISO 17025 - General requirements for the competence of testing and calibration laboratories Process of Forensics: Is Your Company on High Alert? 6 7. First Responders and Incident Response is Where it Starts Incident Response Plans need to have Forensic Procedures First Responders Play a Crucial Role Decide if a Crime has been Committed Decide if a Forensic Process is Needed Process of Forensics: Is Your Company on High Alert? 7 8. Break It and Fix Troubleshooting Looking for the Unknown Patience Never Exceed Your Knowledge Base Process of Forensics: Is Your Company on High Alert? 8 9. Forensic PC Process of Forensics: Is Your Company on High Alert? 9 10. Portable Forensic Kit Process of Forensics: Is Your Company on High Alert? 10 11. Software to Analyze Hosts and Networks Encase FTK Process of Forensics: Is Your Company on High Alert? 11 12. Determine if a forensic workup is needed Evidence collection techniques Secure the evidence Data Acquisition Analyze Data Forensic Reporting Process of Forensics: Is Your Company on High Alert? 12 13. Process of Forensics: Is Your Company on High Alert? 13