Post on 28-Jan-2015
description
transcript
Welcome
Process of Forensics:
Is Your Company on High Alert?
Tom PruettEducation & CertificationsM.A., Southwest Texas State UniversityB.S., Southeast Missouri StateCCSI#33112, CCNA, CTT+, MCT, MCP, MCSA, MCDA, MCTS SQL Server 2005, MCITP SQL 2005, MCSE, Certified Novell Administrator, A+, Network +, Security +, Certified Ethical Hacker, Certified Forensic Investigator, and CWNA
Number of Years in IT18 years
Number of Years in Training17 years
Areas of ExpertiseCiscoNetwork SecurityComputer ForensicsWirelessMicrosoft Operating Systems & Networking TechnologiesMicrosoft SQL Server 6.5, 7, 2000, 2005 & 2008Microsoft Server NT 4, 2000, Windows XP, 2003, Windows 7 & 2008
LinkedIn.com/in/TomPruett
Facebook.com/CentriqTraining
Process of Forensics: Is Your Company on High Alert?
Computer Forensics Objectives
Different Types of Forensic uses.
What are the Legal Ramifications?
It is About the Process More Than the Tools
Forensics - First Responder and Incident Response
Hardware and Software Tools Used in Forensics
The Computer Forensic Process
Process of Forensics: Is Your Company on High Alert? 3
Computer Forensics Objectives
To recover, analyze and preserve computer and related materials in such a way that they can be presented in a court of law.
To identify the evidence quickly, estimate the potential impact of the malicious activity on the victim and assess the intent and identify the perpetrator
Process of Forensics: Is Your Company on High Alert? 4
Different Types of Forensic Uses
Law Enforcement
Private Sector
Enterprise
Full Forensic Workups - Case
Partial Forensic Workups – Recover Deleted Files
Process of Forensics: Is Your Company on High Alert? 5
What Are the Legal Ramifications?
Law Enforcement Follows Strict Evidence Procedures
Private Sector Must Have a Consistent Evidence Procedures
Litigious Needs for Private Sector
2002 - Scientific Working Group on Digital Evidence (SWGDE) "Best practices for Computer Forensics“
2005 - ISO standard ISO 17025 - General requirements for the competence of testing and calibration laboratories
Process of Forensics: Is Your Company on High Alert? 6
Forensics - First Responder and Incident Response
First Responders and Incident Response is Where it Starts
Incident Response Plans need to have Forensic Procedures
First Responders Play a Crucial Role
Decide if a Crime has been Committed
Decide if a Forensic Process is Needed
Process of Forensics: Is Your Company on High Alert? 7
It is About the Process More Than the Tools
Break It and Fix
Troubleshooting
Looking for the Unknown
Patience
Never Exceed Your Knowledge Base
Process of Forensics: Is Your Company on High Alert? 8
Hardware and Software Tools Used in Forensics.
Forensic PC
Process of Forensics: Is Your Company on High Alert? 9
Hardware and Software Tools Used in Forensics.
Portable Forensic Kit
Process of Forensics: Is Your Company on High Alert? 10
Hardware and Software Tools Used in Forensics.
Software to Analyze Hosts and Networks
Encase
FTK
Process of Forensics: Is Your Company on High Alert? 11
Computer Forensic Process
Determine if a forensic workup is needed
Evidence collection techniques
Secure the evidence
Data Acquisition
Analyze Data
Forensic Reporting
Process of Forensics: Is Your Company on High Alert? 12
End
Process of Forensics: Is Your Company on High Alert? 13