computer forensics – what you don’t know can cost you
DESCRIPTION
At the 2013 Interface Security Conference, Tom Pruett, one of Centriq Trainings certified instructor, gave a presentation about Computer Forensics and how most companies are not prepared for a cyber-attack. Computer Forensics has a twofold objective. (1) To recover, analyze and preserve computer and related materials in such a way that they can be presented in a court of law. (2) To identify the evidence quickly, estimate the potential impact of the malicious activity on the victim and assess the intent and identify the perpetrator.TRANSCRIPT
![Page 1: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/1.jpg)
Welcome
Process of Forensics:
Is Your Company on High Alert?
![Page 2: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/2.jpg)
Tom PruettEducation & CertificationsM.A., Southwest Texas State UniversityB.S., Southeast Missouri StateCCSI#33112, CCNA, CTT+, MCT, MCP, MCSA, MCDA, MCTS SQL Server 2005, MCITP SQL 2005, MCSE, Certified Novell Administrator, A+, Network +, Security +, Certified Ethical Hacker, Certified Forensic Investigator, and CWNA
Number of Years in IT18 years
Number of Years in Training17 years
Areas of ExpertiseCiscoNetwork SecurityComputer ForensicsWirelessMicrosoft Operating Systems & Networking TechnologiesMicrosoft SQL Server 6.5, 7, 2000, 2005 & 2008Microsoft Server NT 4, 2000, Windows XP, 2003, Windows 7 & 2008
LinkedIn.com/in/TomPruett
Facebook.com/CentriqTraining
![Page 3: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/3.jpg)
Process of Forensics: Is Your Company on High Alert?
Computer Forensics Objectives
Different Types of Forensic uses.
What are the Legal Ramifications?
It is About the Process More Than the Tools
Forensics - First Responder and Incident Response
Hardware and Software Tools Used in Forensics
The Computer Forensic Process
Process of Forensics: Is Your Company on High Alert? 3
![Page 4: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/4.jpg)
Computer Forensics Objectives
To recover, analyze and preserve computer and related materials in such a way that they can be presented in a court of law.
To identify the evidence quickly, estimate the potential impact of the malicious activity on the victim and assess the intent and identify the perpetrator
Process of Forensics: Is Your Company on High Alert? 4
![Page 5: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/5.jpg)
Different Types of Forensic Uses
Law Enforcement
Private Sector
Enterprise
Full Forensic Workups - Case
Partial Forensic Workups – Recover Deleted Files
Process of Forensics: Is Your Company on High Alert? 5
![Page 6: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/6.jpg)
What Are the Legal Ramifications?
Law Enforcement Follows Strict Evidence Procedures
Private Sector Must Have a Consistent Evidence Procedures
Litigious Needs for Private Sector
2002 - Scientific Working Group on Digital Evidence (SWGDE) "Best practices for Computer Forensics“
2005 - ISO standard ISO 17025 - General requirements for the competence of testing and calibration laboratories
Process of Forensics: Is Your Company on High Alert? 6
![Page 7: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/7.jpg)
Forensics - First Responder and Incident Response
First Responders and Incident Response is Where it Starts
Incident Response Plans need to have Forensic Procedures
First Responders Play a Crucial Role
Decide if a Crime has been Committed
Decide if a Forensic Process is Needed
Process of Forensics: Is Your Company on High Alert? 7
![Page 8: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/8.jpg)
It is About the Process More Than the Tools
Break It and Fix
Troubleshooting
Looking for the Unknown
Patience
Never Exceed Your Knowledge Base
Process of Forensics: Is Your Company on High Alert? 8
![Page 9: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/9.jpg)
Hardware and Software Tools Used in Forensics.
Forensic PC
Process of Forensics: Is Your Company on High Alert? 9
![Page 10: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/10.jpg)
Hardware and Software Tools Used in Forensics.
Portable Forensic Kit
Process of Forensics: Is Your Company on High Alert? 10
![Page 11: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/11.jpg)
Hardware and Software Tools Used in Forensics.
Software to Analyze Hosts and Networks
Encase
FTK
Process of Forensics: Is Your Company on High Alert? 11
![Page 12: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/12.jpg)
Computer Forensic Process
Determine if a forensic workup is needed
Evidence collection techniques
Secure the evidence
Data Acquisition
Analyze Data
Forensic Reporting
Process of Forensics: Is Your Company on High Alert? 12
![Page 13: Computer Forensics – What You Don’t Know Can Cost You](https://reader035.vdocuments.net/reader035/viewer/2022062617/54c87e484a79598a6b8b45d8/html5/thumbnails/13.jpg)
End
Process of Forensics: Is Your Company on High Alert? 13