Reviewing the Results of the Forensic Analysis
|
|
|
- Alexandra West
- 6 years ago
- Views:
Transcription
1 CYBERSECURITY FORENSICS WORKSHOP Reviewing the Results of the Forensic Analysis Ian M Dowdeswell Incident Manager, Q-CERT
2 2 CYBERSECURITY FORENSICS WORKSHOP Caveats This is not an actual crime it has been fabricated to illustrate a number of law enforcement and forensic processes and issues. The evidence and the case may not be sufficiently watertight to take to court. We are concerned primarily with collection of electronic evidence but it should be emphasised that law enforcement agencies will collect all relevant evidence such as paper documents and non-electronic items. In this example the analysts have accompanied the law enforcement officer this may not always be the case and analysis may need to be conducted off-site. This is an awareness and teaching case study, rather than a forensic lesson.
3 3 CYBERSECURITY FORENSICS WORKSHOP Remember the Scene of the Crime?
4 4 CYBERSECURITY FORENSICS WORKSHOP The exhibits at the scene of the crime On scoping the case and the IT at the scene the analysts focuses on : Office Administrator s workstation, including her hard drive. An additional hard-drive attached to the workstation. Office Administrator s USB stick (aka thumb drive or flash drive ), which she was given by the Network Administrator but was not reclaimed before she left the company (later found at OA s home).
5 5 CYBERSECURITY FORENSICS WORKSHOP Objective of the investigation Hostile takeover bid suggests that a rival company has been fed some confidential information. CCTV evidence suggests that confidential documents may have been shredded. (Issues of paper and electronic crimes, which may influence the search warrant) CCTV also suggests that inappropriate use of company IT may have occurred. Task of the investigator is to determine whether or not activity has taken place on the administrator s IT equipment that may have contributed towards criminal activity.
6 6 CYBERSECURITY FORENSICS WORKSHOP Forensic Procedures (1) The investigator makes a forensic copy of the hard drives and conducts an investigation of the discs, using standardised forensic investigation procedures and a tool such as FTK. He finds..
7 7 CYBERSECURITY FORENSICS WORKSHOP Forensic Procedures (1) Screen Shot A copy of an eraser software application (plus music files).
8 8 CYBERSECURITY FORENSICS WORKSHOP Forensic Procedures (2) Analysis of the hard disc also shows that a file was wiped, called: Khalid Acme s Widgets Limit - Annual Financial Report.pdf The file is recovered and verified as a true copy using an MD5 hash.
9 9 CYBERSECURITY FORENSICS WORKSHOP Forensic Procedures (2) screen shot Erased Annual Financial Report
10 10 CYBERSECURITY FORENSICS WORKSHOP Forensic Procedures (3) Analysis of the OS swapfile dump, using FTK AccessData, shows the following information...
11 11 CYBERSECURITY FORENSICS WORKSHOP Forensic Procedures (3) Screen Shot (1) SWAPFILE 4
12 12 CYBERSECURITY FORENSICS WORKSHOP Forensic Procedures (3) Screen Shot (2) SWAPFILE
13 13 CYBERSECURITY FORENSICS WORKSHOP Forensic Procedures (4) This clearly demonstrates that Ms. Gameova has offered to sell information to Moneer, who we can quickly identify as the CIO for Hamid s Widgets.
14 14 CYBERSECURITY FORENSICS WORKSHOP Forensic Procedures (5) We mentioned that investigation of the hard disc identified a number of MP3 files downloaded from the internet. The date and time of download is consistent with the CCTV footage of Raquel Moroni using the machine. Examination of these files reveals no further suspicious activity but it is in violation of the company policy what action needs to be taken depends on the Board. However, consider how actions may be different if these files implied further criminal activity such as resale of videos etc..
15 15 CYBERSECURITY FORENSICS WORKSHOP Forensic Procedures (5) screen shot MP3 files
16 16 CYBERSECURITY FORENSICS WORKSHOP Forensic Procedures (6) The investigator has shown that the AFR was ed to the OA s personal Yahoo address. He believes that the OA may have relevant information on her home IT. This information is handed to CID who take the decision to obtain a warrant and conduct an analysis at Ms. Gameova s home.
17 17 CYBERSECURITY FORENSICS WORKSHOP Home Forensic Investigation (1) Potential crime scene at Ms. Gameova s apartment:
18 18 CYBERSECURITY FORENSICS WORKSHOP Home Forensic Investigation (1) Fortuitously, the laptop is live and logged on to Yahoo mail. The investigators decide to conduct a live investigation
19 19 CYBERSECURITY FORENSICS WORKSHOP Home Forensic Investigation (2) They politely draw her away from her machine, while the investigator conducts a live investigation. He finds the following evidence.
20 20 CYBERSECURITY FORENSICS WORKSHOP Home Forensic Investigation (3) During the initial analysis of the laptop, an encrypted volume was identified. Live analysis of the memory dump produced a set of encryption password keys for the volume.
21 21 CYBERSECURITY FORENSICS WORKSHOP Home Forensic Investigation (3) screen shot Results from analysis looking for possible TrueCrypt passwords in a captured memory image.
22 22 CYBERSECURITY FORENSICS WORKSHOP Home Forensic Investigation (4) Further analysis of the encrypted volume identified the APR file. A copy of the financial report verified by MD5 hash as being a true copy.
23 23 CYBERSECURITY FORENSICS WORKSHOP Home Forensic Investigation (5) Analysis of the Yahoo inbox items folder screen shows that the Moneer has agreed to the transaction.
24 24 CYBERSECURITY FORENSICS WORKSHOP Home Forensic Investigation (6) inbox screen shot
25 25 CYBERSECURITY FORENSICS WORKSHOP Home Forensic Investigation (6) Similarly the Yahoo sent folder screen confirms the transfer of file and bank details. Note: even if the OA was logged out of Yahoo, it is possible to retrieve username and password and log back in.
26 26 CYBERSECURITY FORENSICS WORKSHOP Home Forensic Investigation (5) sent screen shot
27 27 CYBERSECURITY FORENSICS WORKSHOP Summary Investigation reveals: The OA (Ms. Gameova) made an unauthorised copy of the Annual Financial Report (AFR) on her workplace computer. She ed the document to her personal Yahoo account and made a further unauthorised copy on a USB stick, which she took home, contravening company security policy. She downloaded a copy of a software eraser from the software company s website and used it to delete the AFR file on her office workstation. This action is also in contravention of company policy.
28 28 CYBERSECURITY FORENSICS WORKSHOP Summary (2) Investigation reveals: The OA also copied the AFR on the USB stick to her home PC. This file was then sent to Hamid s Widgets Inc. (who may have used the information to decide to make a hostile bid for Khalid Acme s Widgets Limited). In return Ms. Gameova received a sum of QR 20k from Hamid s Widgets Inc..
29 29 CYBERSECURITY FORENSICS WORKSHOP Summary (3) Investigation further reveals: The OA workplace workstation has numerous MP3 music files, This is in contravention of company security policy. Furthermore, extensive periods have been spent browsing the internet from Ms. Gameova s machine, during working hours. During these periods, inappropriate files have been downloaded from the Internet. This is again in contravention of company policy. Neither of these activities are relevant to the investigation on behalf on CID, as they are not directly related to the actual criminal activity. They are of course indication of lax company enforcement of security policy and may, indirectly, have contributed to the decision by the perpetrator to take action.
30 30 CYBERSECURITY FORENSICS WORKSHOP Summary (4) CID now how sufficient electronic evidence to : Determine that criminal activity has taken place and coupled with other evidence, such as CCTV footage, papers, testimony from witnesses etc., they may decide to forward the case for prosecution.
31 31 CYBERSECURITY FORENSICS WORKSHOP Conclusions We have : Given a presentation of an Incident in the form of a structured walk-through of a modern office scenario, where a cybercrime may have occurred. Identified critical junctures in the investigation and which cyberforensics techniques are appropriate at each point, by description or by demonstration. Presented Forensically-Safe Techniques for Crime Scene Investigation Discussed Live Memory Acquisition and Analysis, where the crime scene contains evidence that can only be acquired while the machines are running, and file systems are open. Demonstrated Device Imaging and Analysis Discussed Cyber-Forensics and the Role of Expert Witnesses Emphasised engagement with Law Enforcement as one of the highest priorities for national incident response teams, worldwide.
32 32 CYBERSECURITY FORENSICS WORKSHOP Incident Management Points of Contact Report Incidents by: Website (using proforma): Phone: Fax:
33 33 CYBERSECURITY FORENSICS WORKSHOP Questions?
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)
Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI) Duration: 5 days You Will Learn How To Understand how perimeter defenses work Scan and attack you own networks, without actually harming
Certified Digital Forensics Examiner
Certified Digital Forensics Examiner Course Title: Certified Digital Forensics Examiner Duration: 5 days Class Format Options: Instructor-led classroom Live Online Training Prerequisites: A minimum of
Incident Response Data Acquisition Guidelines for Investigation Purposes 1
Incident Response Data Acquisition Guidelines for Investigation Purposes 1 1 Target Audience This document is aimed at general IT staff that may be in the position of being required to take action in response
ANALYSIS AND VALIDATION
UNIT V ANALYSIS AND VALIDATION Validating Forensics Objectives Determine what data to analyze in a computer forensics investigation Explain tools used to validate data Explain common data-hiding techniques
Certified Digital Forensics Examiner
Certified Digital Forensics Examiner ACCREDITATIONS EXAM INFORMATION The Certified Digital Forensics Examiner exam is taken online through Mile2 s Assessment and Certification System ( MACS ), which is
COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9
COMPUTER HACKING FORENSIC INVESTIGATOR (CHFI) V9 Course Code: 3401 Prepare for the CHFI certification while learning advanced forensics investigation techniques. EC-Council released the most advanced computer
Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1:
Cybercrime Question 1: What steps can organizations take to prevent incidents of cybercrime? Answer 1: Organizations can prevent cybercrime from occurring through the proper use of personnel, resources,
COMPUTER HACKING Forensic Investigator
COMPUTER HACKING Forensic Investigator H.H. Sheik Sultan Tower (0) Floor Corniche Street Abu Dhabi U.A.E www.ictd.ae ictd@ictd.ae Course Introduction: CHFIv8 presents a detailed methodological approach
Introduction to Computer Forensics
Introduction to Computer Forensics Subrahmani Babu Scientist- C, Computer Forensic Laboratory Indian Computer Emergency Response Team (CERT-In) Department of Information Technology, Govt of India. babu_sivakami@cert-in.org.in
Source: https://articles.forensicfocus.com/2018/03/02/evidence-acquisition-using-accessdata-ftk-imager/
by Chirath De Alwis Source: https://articles.forensicfocus.com/2018/03/02/evidence-acquisition-using-accessdata-ftk-imager/ Forensic Toolkit or FTK is a computer forensics software product made by AccessData.
Computer forensics Aiman Al-Refaei
Computer forensics Aiman Al-Refaei 29.08.2006 Computer forensics 1 Computer forensics Definitions: Forensics - The use of science and technology to investigate and establish facts in criminal or civil
When Recognition Matters WHITEPAPER CLFE CERTIFIED LEAD FORENSIC EXAMINER.
When Recognition Matters WHITEPAPER CLFE www.pecb.com CONTENT 3 4 5 6 6 7 7 8 8 Introduction So, what is Computer Forensics? Key domains of a CLFE How does a CLFE approach the investigation? What are the
C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR
Page: 1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 Page: 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge
Policy General Policy GP20
Email Policy General Policy GP20 Applies to All employees Committee for Approval Quality and Governance Committee Date of Approval September 2012 Review Date June 2014 Name of Lead Manager Head of Technology
EXPERT WITNESS: Completion of a perfect circle
An Agency Under MOSTI EXPERT WITNESS: Completion of a perfect circle Cyber Forensics Workshop, Doha,Qatar February 21, 2008 By R.Azrina R.Othman CyberSecurity Malaysia Copyright 2008 CyberSecurity Malaysia
Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT
Presentation to the ITU on the Q-CERT Incident Management Team Ian M Dowdeswell Incident Manager, Q-CERT 2 Q-CERT Mission The Mission of Q-CERT is to be a world-class center of excellence providing expert
Professional Training Course - Cybercrime Investigation Body of Knowledge -
Overview The expanded use of the Internet has facilitated rapid advances in communications, systems control, and information sharing. Those advances have created enormous opportunities for society, commerce
Cyber Incident Response: Step 1
Cyber Incident Response: Step 1 Mary McLaughlin Cybersecurity Analyst Florida Fusion Center - FDLE Product # 14-146 6 STAGES OF INCIDENT HANDLING Preparation Identification Containment Eradication Recovery
Remote Device Mounting Service
HOW TO USE REMOTE DEVICE MOUNTING SERVICES The Remote Data Mounting Services (RDMS) lets you acquire live evidence from active and remote network computers. You can gather many types of active information
Matt Danner Flashback Data
Preservation Strategies and Data Collection from a Forensic Expert's Point of View Best practices on executing preservation and administering collection protocols with emphasis on forensically sound methods
CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME
FACULTY OF LAW DEPARTEMENT: CIVIL LAW MASTER STUDY THEME: CYBERCRIME AS A NEW FORM OF CONTEMPORARY CRIME Mentor: Prof. Ass. Dr. Xhemajl Ademaj Candidate: Abdurrahim Gashi Pristinë, 2015 Key words List
Guide to Computer Forensics and Investigations Fourth Edition. Chapter 2 Understanding Computer Investigations
Guide to Computer Forensics and Investigations Fourth Edition Chapter 2 Understanding Computer Investigations Objectives Explain how to prepare a computer investigation Apply a systematic approach to an
This Policy applies to all staff and other authorised users in St Therese School.
St. Therese School Computer and Internet Policy STAFF Policy Statement All staff and other authorised users of St Therese information and communications technology are to use the technology only in a way
Identity Theft Prevention Policy
Identity Theft Prevention Policy Purpose of the Policy To establish an Identity Theft Prevention Program (Program) designed to detect, prevent and mitigate identity theft in connection with the opening
AccessData. Triage. Quick Start Guide
AccessData Triage Quick Start Guide 3 AccessData Legal and Contact Information Document date: October 16, 2013 Legal Information 2013 AccessData Group, Inc All rights reserved. No part of this publication
STRIPPING METADATA: WHAT EVERY ATTORNEY SHOULD KNOW-A WEBINAR
STRIPPING METADATA: WHAT EVERY ATTORNEY SHOULD KNOW-A WEBINAR Judith Germano, Esq. Member, New Jersey Supreme Court s Working Group on Ethical Issues Involving Metadata in Electronic Documents Germano
Understanding Computer Forensics
Understanding Computer Forensics also known as: How to do a computer forensic investigation... and not get burned Nick Klein SANS Canberra Community Night 11 February 2013 The scenario... Your boss tells
Overview Bank IT examination perspective Background information Elements of a sound plan Customer notifications
Gramm-Leach Bliley Act Section 501(b) and Customer Notification Roger Pittman Director of Operations Risk Federal Reserve Bank of Atlanta Overview Bank IT examination perspective Background information
Financial CISM. Certified Information Security Manager (CISM) Download Full Version :
Financial CISM Certified Information Security Manager (CISM) Download Full Version : http://killexams.com/pass4sure/exam-detail/cism required based on preliminary forensic investigation, but doing so as
Skout Collect Version 2.0.1
Skout Collect Version 2.0.1 Evaluation Report September 2012 NIJ Electronic Crime Technology Center of Excellence 550 Marshall St., Suite B Phillipsburg, NJ 08865 www.ectcoe.org NIJ ECTCoE Testing and
Trends in Mobile Forensics from Cellebrite
Trends in Mobile Forensics from Cellebrite EBOOK 1 Cellebrite Survey Cellebrite is a well-known name in the field of computer forensics, and they recently conducted a survey as well as interviews with
Responding to Cybercrime:
Responding to Cybercrime: Preserving Crucial Evidence for Law Enforcement RCMP National Division Integrated Technological Crime Unit (ITCU) Presented by : Sgt. Stéphane Turgeon Cpl. David Connors 2 Goals
Sample BYOD Policy. Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited.
Sample BYOD Policy Copyright 2015, PWW Media, Inc. All Rights Reserved. Duplication, Reproduction or Distribution by Any Means Prohibited. SAMPLE BRING YOUR OWN DEVICE POLICY TERMS OF USE This Sample Bring
Acceptable Use Policy
Acceptable Use Policy POLICY 07.01.01 Effective Date: 01/01/2015 The following are responsible for the accuracy of the information contained in this document Responsible Policy Administrator Information
Sage Data Security Services Directory
Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time
THE SOUTHEAST ASIA REGIONAL CENTRE FOR COUNTER-TERRORISM (SEARCCT)
ASEAN REGIONAL FORUM INTER-SESSIONAL SUPPORT GROUP MEETING ON CONFIDENCE BUILDING MEASURES (ISG on CBMs) Beijing, 20-22 November 2003 THE SOUTHEAST ASIA REGIONAL CENTRE FOR COUNTER-TERRORISM (SEARCCT)
Digital Forensics Mobile Device Data Extraction. Crime Scene/Digital and Multimedia Division
Mobile Device Data Extraction 12. MOBILE DEVICE DATA EXTRACTION PROCEDURE 12.1. Purpose 12.1.1. The purpose of this procedure is to extract data from mobile devices and/or removable media utilizing the
ANNUAL SECURITY AWARENESS TRAINING 2012
UMW Information Technology Security Program Annual Security Awareness Training for UMW Faculty and Staff ANNUAL SECURITY AWARENESS TRAINING 2012 NETWORK AND COMPUTER USE POLICY Users of information technology
DIS10.3:CYBER FORENSICS AND INVESTIGATION
DIS10.3:CYBER FORENSICS AND INVESTIGATION ABOUT DIS Why choose Us. Data and internet security council is the worlds top most information security certification body. Our uniquely designed course for information
Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form
Global Alliance Against Child Sexual Abuse Online 2014 Reporting Form MONTENEGRO Policy Target No. 1 Enhancing efforts to identify victims and ensuring that they receive the necessary assistance, support
FEATURES & BENEFITS. Key word search function both inside and outside projects. Intuitive application makes creating profiles quick and easy
R2S Forensic provides R2S software and media support capabilities that assist in effective law enforcement, criminal investigation and public protection. We work with police forces, legal bodies, government
COWLEY COLLEGE & Area Vocational Technical School
COWLEY COLLEGE & Area Vocational Technical School COURSE PROCEDURE FOR Student Level: This course is open to students on the college level in either the freshman or sophomore year. Catalog Description:
Employee Privacy, Digital Evidence, and the CFE. Kenneth C. Citarella, M.B.A., J.D., CFE Managing Director, Investigations Guidepost Solutions LLC
Employee Privacy, Digital Evidence, and the CFE Kenneth C. Citarella, M.B.A., J.D., CFE Managing Director, Investigations Guidepost Solutions LLC The Good Old Days CFE s Aerial View 1. What Information
Dr. Herbert Gustav Yankson GLACY+ Ghana National Team (Member)
Dr. Herbert Gustav Yankson GLACY+ Ghana National Team (Member) OUTLINE OF PRESENTATION Ghana GLACY+ National Team Criminal Justice System Cybercrime Criminal Justice Institutions Reporting & Recording
Investigation and Intelligence Framework. Alan Ho, Kelvin Wong, Anthony Lai, Zetta Ke VXRL
Investigation and Intelligence Framework Alan Ho, Kelvin Wong, Anthony Lai, Zetta Ke VXRL VXRL Valkyire-X Security Research Lab Non-profit Making group in HK Offensive, Creative and Fun Only one CTF team
Digital Forensics UiO
Digital Forensics UiO About Me I am: Eivind Utnes, M.Sc. I work for: Watchcom Security Group AS I work as: Information Security Consultant Security Audits Digital Forensics / Incident Response Education
New Model for Cyber Crime Investigation Procedure
New Model for Cyber Crime Investigation Procedure * *Dept. of IT & Cyber Police, Youngdong University, Rep. of Korea ydshin@youngdong.ac.kr doi:10.4156/jnit.vol2.issue2.1 Abstract In this paper, we presented
Digital Forensics at a University. Calvin Weeks Director, Oklahoma Digital Forensics Lab University of Oklahoma
Digital Forensics at a University Calvin Weeks Director, University of Oklahoma Calvin Weeks Director, Former Director of IT Security Certified EnCASE Examiner (EnCE) VP of the local chapter of HTCIA Co-Chair
Workshop on Cyber Security & Cyber Crime Policies. Policies for African Diplomats
Workshop on Cyber Security & Cyber Crime Policies Policies for African Diplomats ROLE OF INTERPOL IN FIGHTING CYBERCRIME IN AFRICA SRIAU Office Augusto de CARVALHO 12-13 APRIL 2018 ADDIS ABABA OVERVIEW
Credit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
Digital Forensics UiO. Digital Forensics in Incident Management. About Me. Outline. Incident Management. Finding Evidence.
Digital Forensics UiO Outline Incident Management Digital Forensics Finding Evidence 3 About Me I am: Eivind Utnes, M.Sc. I work for: Watchcom Security Group AS I work as: Information Security Consultant
Windows Forensics Advanced
Windows Forensics Advanced Index: CF102 Description Windows Forensics - Advanced is the next step for forensics specialists, diving deeper into diverse processes on Windows OS serving computer investigators.
Syllabus. Course Title: Cyber Forensics Course Number: CIT 435. Course Description: Prerequisite Courses: Course Overview
Syllabus Course Title: Cyber Course Number: CIT 435 Course Description: Introduces the principles and practices of digital forensics including digital investigations, data and file recovery methods, and
INFORMATION SECURITY-SECURITY INCIDENT RESPONSE
Information Technology Services Administrative Regulation ITS-AR-1506 INFORMATION SECURITY-SECURITY INCIDENT RESPONSE 1.0 Purpose and Scope The purpose of the Security Response Administrative Regulation
Computer Forensic Capabilities. Cybercrime Lab Computer Crime and Intellectual Property Section United States Department of Justice
Computer Forensic Capabilities Cybercrime Lab Computer Crime and Intellectual Property Section United States Department of Justice Agenda What is computer forensics? Where to find computer evidence Forensic
KNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer
KNOPPIX Bootable CD Validation Study for Live Forensic Preview of Suspects Computer By: Ernest Baca www.linux-forensics.com ebaca@linux-forensics.com Page 1 of 18 Introduction I have recently become very
ON THE SELECTION OF WRITE BLOCKERS FOR DISK ACQUISITION: A COMPARATIVE PRACTICAL STUDY
ON THE SELECTION OF WRITE BLOCKERS FOR DISK ACQUISITION: A COMPARATIVE PRACTICAL STUDY Mousa Al Falayleh College of Computer Info. Tech. American University in the Emirates Dubai, United Arab Emirates
PERSON SPECIFICATION. Cyber PROTECT Officer. Job Title: Status: Established
PERSON SPECIFICATION Area: Crime and Intelligence Directorate Job Title: Cyber PROTECT Officer Weekly Hours: Section: CAID Scale: Grade 6 Version: 1.2 Post No: GI080 Status: Established Version Date: 37
PROFILE: ACCESS DATA
COMPANY PROFILE PROFILE: ACCESS DATA MARCH 2011 AccessData Group provides digital investigations and litigation support software and services for corporations, law firms, law enforcement, government agencies
Chapter 13: The IT Professional
Chapter 13: The IT Professional IT Essentials v6.0 ITE v6.0 1 Chapter 13 - Sections & Objectives 13.1 Communication Skills and the IT Professional Explain why good communication skills are a critical part
CIS Business Computer Forensics and Incident Response. Lab Protocol 03: Acquisition
CIS 8630 Business Computer Forensics and Incident Response Lab Protocol 03: Acquisition Purpose: Ensure every student has experienced imaging digital storage media, hashing digital media, transferring
Digital Evidence: I know it s there, how do I get it?
: I know it s there, how do I get it? January 24, 2019 Matthew Rollins Senior Assistant District Attorney Paulding County Judicial Circuit Josh Reed Network Intrusion Forensic Analyst United States Secret
Cybercrime and Information Security for Financial Institutions. AUSA Jared M. Strauss U.S. Attorney s Office So. District of Florida
Cybercrime and Information Security for Financial Institutions AUSA Jared M. Strauss U.S. Attorney s Office So. District of Florida Defining Cybercrime Stealing and Monetizing Financial and Identity Data
Enterprise Income Verification (EIV) System User Access Authorization Form
Enterprise Income Verification (EIV) System User Access Authorization Form Date of Request: (Please Print or Type) PART I. ACCESS AUTHORIZATION * All required information must be provided in order to be
Legal Foundation and Enforcement: Promoting Cybersecurity
Legal Foundation and Enforcement: Promoting Cybersecurity Regional Workshop on Frameworks for Cybersecurity and Critical Information Infrastructure Protection February 19, 2008 Mark L. Krotoski Computer
Michigan State Police Cyber Computer Crimes Unit (CCU) & Michigan Cyber Command Center (MC3) Luke Thelen Ron Kraus, CFCE
Michigan State Police Cyber Computer Crimes Unit (CCU) & Michigan Cyber Command Center (MC3) Luke Thelen Ron Kraus, CFCE Topics To Be Covered MSP Cyber Section Internet Crimes Against Children Task Force
Social Security Number Protection Policy.
Privacy HIPAA Notice of Privacy Practices. Website Privacy Policy. Social Security Number Protection Policy. HIPAA Notice of Privacy Practices: To read more about our privacy practices regarding health
The Use of Technology to Enhance Investigation
The Use of Technology to Enhance Investigation Of High Profile Corruption Cases. Centre for Socio-Legal Studies Objectives By the end of this keynote, participants will be knowledgeable on: 1. Open Source
NMHC HIPAA Security Training Version
NMHC HIPAA Security Training 2017 Version HIPAA Data Security HIPAA Data Security is intended to provide the technical controls to ensure electronic Protected Health Information (PHI) is kept secure and
Designing Robustness and Resilience in Digital Investigation Laboratories
DIGITAL FORENSIC RESEARCH CONFERENCE Designing Robustness and Resilience in Digital Investigation Laboratories By Philipp Amann and Joshua James Presented At The Digital Forensic Research Conference DFRWS
EXAM - CFA-001. Certified Forensic Analyst (CFA) Buy Full Product.
GAQM EXAM - CFA-001 Certified Forensic Analyst (CFA) Buy Full Product http://www.examskey.com/cfa-001.html Examskey GAQM CFA-001 exam demo product is here for you to test the quality of the product. This
Elements of a Swift (and Effective) Response to a HIPAA Security Breach
Elements of a Swift (and Effective) Response to a HIPAA Security Breach Susan E. Ziel, RN BSN MPH JD Krieg DeVault LLP Past President, The American Association of Nurse Attorneys Disclaimer The information
Vendor: ECCouncil. Exam Code: EC Exam Name: Computer Hacking Forensic Investigator Exam. Version: Demo
Vendor: ECCouncil Exam Code: EC1-349 Exam Name: Computer Hacking Forensic Investigator Exam Version: Demo QUESTION 1 What is the First Step required in preparing a computer for forensics investigation?
Donor Credit Card Security Policy
Donor Credit Card Security Policy INTRODUCTION This document explains the Community Foundation of Northeast Alabama s credit card security requirements for donors as required by the Payment Card Industry
AccessData offers a broad array of training options.
Forensics Training AccessData offers a broad array of training options. Our trainers have more than two centuries of cumulative experience in their respective fields. Take Advantage of the All Access Pass
BIG DATA ANALYTICS IN FORENSIC AUDIT. Presented in Mombasa. Uphold public interest
BIG DATA ANALYTICS IN FORENSIC AUDIT Presented in Mombasa Uphold public interest Nasumba Kwatukha Kizito CPA,CIA,CISA,CISI,CRMA,CISM,CISSP,CFE,IIK Internal Audit, Risk and Compliance Strathmore University
COMPUTER FORENSICS (CFRS)
Computer Forensics (CFRS) 1 COMPUTER FORENSICS (CFRS) 500 Level Courses CFRS 500: Introduction to Forensic Technology and Analysis. 3 credits. Presents an overview of technologies of interest to forensics
Information Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
Data Breach Preparation and Response. April 21, 2017
Data Breach Preparation and Response April 21, 2017 King & Spalding Data, Privacy & Security King & Spalding s 60 plus lawyer Data, Privacy & Security ( DPS ) Practice is best known for: Experienced crisis
Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE
OHLONE COLLEGE Ohlone Community College District OFFICIAL COURSE OUTLINE I. Description of Course: 1. Department/Course: CNET - 174 2. Title: Computer Forensics 3. Cross Reference: 4. Units: 3 Lec Hrs:
Case 1:14-cr KBF Document 57 Filed 09/05/14 Page 1 of 10 : : : : : : : : : DECLARATION OF CHRISTOPHER TARBELL
Case 114-cr-00068-KBF Document 57 Filed 09/05/14 Page 1 of 10 UNITED STATES DISTRICT COURT SOUTHERN DISTRICT OF NEW YORK - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - UNITED STATES OF
COMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS. Frank Gearhart, ISSA Colorado Springs
COMPUTER FORENSICS THIS IS NOT CSI COLORADO SPRINGS Frank Gearhart, ISSA Colorado Springs TECHNOLOGY + INVESTIGATION + STORYTELLING Know the case Find the evidence Follow the facts Create the timeline
Digital Forensics on today s digital world
Digital Forensics on today s digital world D a v i d M a r q u e s E - m a i l : D M a r q u e s @ D R C. p t Morada: Rua Alexandre Herculano, Edifício Central Park, 1 - Piso 7, 2795-242 Linda-a-Velha
CYBERCRIME RESPONDERS TRAININGS
CYBERCRIME RESPONDERS TRAININGS PHILIPPINE DELEGATION International Workshop on Integrating the issues of Cybercrime and Electronic Evidence into Judicial Training Curricula 11-13 April 2016 Johannesburg,
Gujarat Forensic Sciences University
Gujarat Forensic Sciences University Knowledge Wisdom Fulfilment Cyber Security Consulting Services Secure Software Engineering Infrastructure Security Digital Forensics SDLC Assurance Review & Threat
Institute of Technology, Sligo. Information Security Policy. Version 0.2
Institute of Technology, Sligo Information Security Policy Version 0.2 1 Document Location The document is held on the Institute s Staff Portal here. Revision History Date of this revision: 28.03.16 Date
Digital Forensics Lecture 01- Disk Forensics
Digital Forensics Lecture 01- Disk Forensics An Introduction to Akbar S. Namin Texas Tech University Spring 2017 Digital Investigations and Evidence Investigation of some type of digital device that has
Data Security Policy for Research Projects
Data Security Policy for Research Projects Contents 1.0 Overview... 1 2.0 Purpose... 1 3.0 Scope... 1 4.0 Definitions, Roles, and Requirements... 1 5.0 Sources of Data... 2 6.0 Classification of Research
PROVIDING INVESTIGATIVE SOLUTIONS
PROVIDING INVESTIGATIVE SOLUTIONS Experienced Professionals Northeast Intelligence Group, Inc. (NEIG) has been helping clients meet challenges for more than twenty years. By providing meaningful and timely
Red Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
Trends in Electronic Evidence.
Trends in Electronic Evidence. Collecting and Processing Large Data Sets in Digital Forensic Investigations With Dr Allan Watt CFCE, CFE Webinar outline Authentication of electronic documents: contracts,
Virginia Commonwealth University School of Medicine Information Security Standard
Virginia Commonwealth University School of Medicine Information Security Standard Title: Scope: Removable Storage Media Security Standard This standard is applicable to all VCU School of Medicine personnel.
10 Cybersecurity Questions for Bank CEOs and the Board of Directors
4 th Annual UBA Bank Executive Winter Conference February, 2015 10 Cybersecurity Questions for Bank CEOs and the Board of Directors Dr. Kevin Streff Founder, Secure Banking Solutions 1 Board of Directors
TomTom GPS Device Forensics
TomTom GPS Device Forensics Written by Ben LeMere & Andy Sayers For more information visit GPSForensics.org blemere@gpsforensics.org asayers@gpsforensics.org Introduction: The sales of portable navigation
Digital Forensics UiO
Digital Forensics UiO About Me I am: Eivind Utnes, M.Sc. I work for: Watchcom Security Group AS I work as: Head of Security Senior Information Security Consultant Security Audits Digital Forensics / Incident
This is LAW ENFORCEMENT SENSITIVE information and is protected by Code of Virginia Title 52-48 and 52-49 unless otherwise noted. Further distribution of this document outside your organization is prohibited;
CERTIFIED FINANCIAL PLANNER BOARD OF STANDARDS, INC. ANONYMOUS CASE HISTORIES NUMBER 30648
CERTIFIED FINANCIAL PLANNER BOARD OF STANDARDS, INC. ANONYMOUS CASE HISTORIES NUMBER 30648 This is a summary of a decision issued following the October 2017 hearings of the Disciplinary and Ethics Commission
From the Lab to the Boardroom; Forensics goes mainstream
From the Lab to the Boardroom; Forensics goes mainstream Jim Butterworth, EWC USN (Ret.), EnCE & GCIA, Director of Incident Response, Guidance Software Definition: P A G E 1 Computer Forensics The Scientific
Enviro Technology Services Ltd Data Protection Policy
Enviro Technology Services Ltd Data Protection Policy 1. CONTEXT AND OVERVIEW 1.1 Key details Rev 1.0 Policy prepared by: Duncan Mounsor. Approved by board on: 23/03/2016 Policy became operational on: