cyber security isaca bglr presentation 24th july
DESCRIPTION
cyber security isaca bangaloreTRANSCRIPT
Firoze Zia HussainCEO Totem International
Former Superintendent of Police Pondicherry
04/10/23 2
Criminals and Terrorists are increasingly
Tech-Savvy. Are We Ready?
04/10/23 3
The Ultimate Weapon …..Cyber Warfare
Collaboration,Communities of Interest
Competitive Weapons of 2000
Speed
Economy of Skill Speed
Openness Collaboration
Trust
Command and Control
Costs
Economy of Scale
Time Skills
Competitive Weapons of 1990’s
04/10/23 5
Digital Investigation
04/10/23 6
Cyber WeaponsEMAIL-An email that looks like it comes directly
from your bank.• Contains links could cause your machine to re-
boot, and then send out passwords and login information.
• It also usually says please click on this safe link VIRUS- A virus that is modifying commercial USB
drives. The virus on an infected computer modifies programs on USB drives.
• The infected USB drive, when connected to another computer, can automatically infect the computer and other drives.
04/10/23 7
What Is Electronic Evidence? Electronic evidence is information and data of
investigative valuea)that is stored on or transmitted by an electronic
device.b)is acquired when data or physical items are collected
andc)stored for examination purposes.d) Is often latent in the same sense as fingerprints or
DNA evidencee)Can transcend borders with ease and speed.f) Is fragile and can be easily altered, damaged, or
destroyed.g) Is sometimes time-sensitive.
04/10/23 8
ELECTRONIC Crime Scene Investigations
1. Examination of digital evidence.2. Investigative uses of technology.3. Investigating electronic technology
crimes.4. Creating a digital evidence forensic
unit.5. Courtroom presentation of digital
evidence04/10/23 9
Managing Digital Evidence in the 21st Century
04/10/23 10
04/10/23 11
Digital ForensicsDigital forensics is the application of science and
engineering to the recovery of digital evidence in a legally acceptable method.
Examiners use digital investigation and analysis techniques to determine potential legal evidence by applying their skills on a variety of software programs, different operating systems, varying hard drives sizes, and specific technologies such as personal digital assistants, cell phones, or video cameras.
Examiners are also capable of locating deleted, encrypted or damaged file information that may serve as evidence in a criminal investigation.
04/10/23 12
Global initiatives- California High-Technology Crime Task Forces• The design, development, and production of this
project utilizing grant funds made available from the Governor’s Office of Criminal Justice Planning.
• Help in achieving even greater levels of success in their prosecution and convictions of those who commit high-technology crimes.
• Legal transcripts, documents, and resource materials were selected and developed using the insight and professional experience of a team of prosecutors
04/10/23 13
Email Tracing and Prosecutorial Enforcement Tool a)Email step-by-step tracing methodology, b)Expert testimony, c)Jury presentation, d)Search warrants, and e)State and Federal guidelines. • Veteran who have successfully prosecuted high-
technology crimes cases instrumental in the strategy, selection of content, and production design used to address the scale and scope of this complex topic.
• Application of this product — Informative resource tool that can be applied to a variety of cases —
04/10/23 14
How email worksComputer Forensic Examiner
• How to Trace an Email ..Tracing methodology. • How an Email Travels the Internet . • How to Trace an IP Address . Proper IP address
tracing methods. • How email moves over the global Internet include
Anonymizers, Remailers, and Email Spoofing. • Request for Comments (RFCs) and other technical do
cuments that define protocols
• Digital Evidence Presenting an email case to a jury involving complex topics such as digital evidence.
• Expert testimony The following documents provide information regarding working with expert witnesses in technical cases.
04/10/23 15
Child Pornography CasesSample direct and cross-examination of a prosecution expert in the Westerfield case: State of California v. Westerfield trial (June 2002).
• Qualifying the expert• Imaging hard drives; an explanation of hard drives,
compact disks, zip disks, and how files are stored or copied to those media;
• Downloading images from the Internet; • Presenting still images and digital movies to a jury; • File extensions; allocated versus unallocated space
(deleted files); temporary Internet files; screen capture
• Reviewing email stored on a suspect's computer.
04/10/23 16
Hacking Case•
Sample direct and cross-examination of expert in a computer intrusion (hacking) case:
• The subject computer's clock; • Downloading groups of zipped files; access dates;• The retrieval of violent photos and poems vire programs
(programs that create viruses)• Expert opinion regarding surfing habits of "typical" teenagers• Whether the computer owner had superior knowledge of
computers and the Internet.
04/10/23 17
Cyber InvestigationSoftware/Tools • Steganography • Surveillance/Desktop Monitori
ng Programs • Security Information, Softwar
e and Utilities • Software Firewalls • Miscellaneous and Shareware • V. Technical Links• File Extensions and Formats • Hard Drive Removal • Hard Drives • CD-R • Drivers • VI. Internet Redirecting Sites/
Services (Web Forwarding)
IP Addresses • Whois Information (Domain N
ame Lookup)
• Country Codes • DNS Tools and More • Pings and Traceroutes • Person Searches • Software Links• Forensic Software
– Hard Drive Duplication/Examination
– PDA Duplication – Data Recovery Services – Hard Drive Wiping Utilities
04/10/23 18
Data Recovery-Forensics .
Recovers a corporation's data that was lost when a former employee launched a computer "time bomb" into the company's technology infrastructure.
Experts forensically investigated the source of the computer time bomb and offered expert testimony in a court of law.
leading provider of trial consulting and presentation services, to enable law firms and corporations to engage expert for their litigation consulting and technology needs from pre-litigation preparedness, through discovery and trial.
04/10/23 19
Cyber Forensic SoftwareProviding complete network visibility, immediate response and
comprehensive, forensic-level analysis of servers and workstations
Securely investigate/analyze over the LAN/WAN at the disk and memory level.
Limit incident impact and eliminate system downtime with immediate response capabilities.
Investigate and analyze multiple platforms — Windows, Linux, AIX, OS X, Solaris
Proactively audit systems for classified information, as well as unauthorized processes and network connections.
Identify fraud, security events and employee integrity issues wherever they are taking place — then investigate without alerting targets.
04/10/23 20
Mobile Forensics• Mobile devices are an integral part of an ever-
increasing number of investigations, • Need to acquire evidence from mobile devices has
created new and complex challenges for investigators.
• Overview of mobile phone networks • Identify mobile phones • Learn proper seizure techniques • Receive an overview of mobile phone data storage • Acquire and examine SIM cards • Examine Mobile Phone Acquisition Device
components • Acquire data from mobile devices • Examine the data that they have acquired
04/10/23 21
EnCase® Legal Hold Evidence will be preserved in Logical Evidence File,
built upon court-validated technology, hashed for full chain of custody.
By maintaining complete chain of custody from the moment the duty to preserve documents occurs
• a) Conduct Early Case Assessment through a network scan for responsive documents.b) Execute track and analyze custodian acknowledgments c) Execute an Interview regarding Responsive Data from your custodians to determine where their responsive data exists d) Collecting the potentially responsive data and preserving that data in a forensically sound manner
04/10/23 22
Image Scan Training
This software tool was created by members of the FBI’s Computer Analysis Response Team
Specifically for "knock & talk" situations relating to child exploitation investigations.
Once deployed, the software quickly identifies and isolates images on a suspect’s computer
Stores them on a thumb drive – without altering any files on the computer.
04/10/23 23
RCFLAn RCFL is a one stop, full service forensics laboratory and training center devoted entirely to the examination of digital evidence in support of criminal investigations such as—
Terrorism Child Pornography Crimes of Violence Trade secret theft Theft or destruction to intellectual property Financial crime /Property crime /Internet
crimes /Fraud. 04/10/23 24
Emerging RequirementsNew Initiatives RequiredComputer Forensic Science LaboratoryElectronic Crimes Task ForceDigital Evidence databankTraining in Cyber SecurityPersonnel------Cyber Security trained officersIntegrated Approach-Home land security
initiativeINTERPOL
04/10/23 25
INTEGRATED CYBER SECURITY APPROACH
STAFF TRAINING CYBER SECURITY
CENTRESINTEGRATION
RECRUITMENTMETHODOLOGY
ON SITE OFF SITE TRAINING
HARDWARE & SOFTWARE SHARING OF
CRIME DATA
MULTI DISCIPLINARY/
DIVERSITY
APTITUDE TEST
CONTINUOUS
GLOBAL APPROACH
DIGITAL EVIDENSE
COLLECTIONN
High Tech Crimes
Task Force
LEGISLATION/ENFORCEMENTPROSECUTION/
FUNCTIONALCONSULTANTS
FORINTEGRATION
CYBER SECURITY COMPETENCY MATRIX
TRAINING CYBER SECURITY
investigationGLOBAL
INTEGRATIONLEGISLATION
CASE Management
PUBLIC PRIVATE
PARTNERSHIPS Strategy
& Planning
PROSECUTION
PUBLIC AWARENESS INCYBER SECURITY INTEGRATION ACTIVITY
THE – VITAL LINK
PUBLIC AWARENESS INCYBER SECURITY INTEGRATION ACTIVITY
THE – VITAL LINK