d marques digital forensics 101
Post on 11-Sep-2014
402 views
DESCRIPTION
TRANSCRIPT
PowerPoint Presentation
David MarquesE-mail: [email protected] Morada: Rua Alexandre Herculano, Edifcio Central Park, 1 - Piso 7, 2795-242 Linda-a-Velha | Coordenadas GPS: 38o 43' 02.17'' N, 09o 14' 16.50'' O Telefone: 707 200 017 | Telefone: (+351) 214 146 810 | Servio de urgncia: (+351) 964 944 112 | Fax: (+351) 214 146 819 | Digital Forensics 101Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.1
25-Apr-13Agenda | Digital Forensics 101
Tools & TrainingDefinitionsHistoryPortuguese LawBranches & Methodologies
Future?
2Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.2
Digital Forensics (Computer Forensics)
Definition(Wikipdia): Digital forensics (sometimes known as digital forensic science) is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. The term digital forensics was originally used as a synonym for computer forensics but has expanded to cover investigation of all devices capable of storing digital data.Definition25-Apr-133Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012
David Marques 2012 | Todos os direitos reservados..: 3 :. Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
Digital Forensics (Computer Forensics)
Applications:Support or refute a hypothesis before criminal or civil court.Internal corporate investigations or intrusion investigation Definition25-Apr-134Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012
David Marques 2012 | Todos os direitos reservados..: 4 :. Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
HistoryForensicsDerived from the Latin forum and the requirement to present both sides of a case before the judges (or jury) appointed by the praetor.25-Apr-135Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.History1248 A Chinese treatise describes features allowing to destinguish between drowning and strangulation drawing on medical knowledge1609 F. Demelle (France) publishes a treatise on systematic document examination1686 M. Malpighi (Italy) noted fingerprint characteristics
25-Apr-136Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.History1810 First documented case of document analysis based on ink dyes.1813 M. Orfile (Spain) publishes a toxicology guide1823 J. Purkinje (Poland) publishes first systematic classification of fingerprints1835 H. Goddard (UK) uses bullet comparison to identify a murder weapon based on irregularities in a bullet mould25-Apr-137
Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
History25-Apr-1381870 Albert BertillonFirst technician at La Surete Nacionale (Paris)Recorded criminals by photographs and body measurementsTook photographs of victims, measured footprints, stains and tool marksSaid that no two human bodies were exactly alikeData Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
History1910 Edmond LocardFounded first Forensic Crime Laboratory in LyonLocards Exchange Principle: Every contact between individuals & objects results in a transfer of material between them925-Apr-13
925-Apr-139Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
History1970s First cases of crimes envolving computer systems.On the first documented cases using magnetic media and computers as evidence, they attempted to transfer the document analogy to the digital representations.The US FBI Laboratory started a formal programme to examine computer based evidence (CART Computer Analysis and Response Team)1025-Apr-13
1025-Apr-1310Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
History1989 Aids Diskette Case20.000 diskettes (supposed to contain medical research) contained a trojan used for blackmail, where shipped to medical clinics in 30 countriesEvidence was collected, and shipped to New Scotland Yard (using Interpol HQ (Lyon))Jim Bates, a programmer was asked to write a imaging tool (DIBS Data Image Backup System)25-Apr-1311Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.Portuguese Lawn Types of LawCivil LawCriminal LawCommercial LawCopyrightIntellectual Property Right
25-Apr-1312
Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
Portuguese Lawn Types of LawCivil Law: Each one of the parties can present evidenceCriminal Law: State has to investigate and present the evidence (Ministrio Pblico)
25-Apr-1313Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
Portuguese LawCourtsTribunal de Primeira Instncia (1 for each 7 county)Tribunal de Segunda Instncia (Tribunal da Relao) (4 in Portugal?)Tribunal de Terceira Instncia (Supremo Tribunal 1)
25-Apr-131425-Apr-13
1425-Apr-1314Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
Portuguese LawJurisprudence: Previous decisions of courts on certain interpretations of laws.1525-Apr-13
1525-Apr-1315Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
LegalMindsetLegal vs Technical1625-Apr-13
1625-Apr-1316Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
LegalJudgeIt will not decide if IP is good or not to prove an identityIt will not decide if a port scan can leak informationHe will decide if any law has been violatedHe will decide if someone is responsible for the action hes accused1725-Apr-13
1725-Apr-1317Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
Branches (Areas)ComputerMobileNetworkSoftwareVideoAudioEtc.1825-Apr-13
1825-Apr-1318Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
Digital Forensics19
25-Apr-13
1925-Apr-1319Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
Digital Forensics25-Apr-1320
25-Apr-13
2025-Apr-1320Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
Why?25-Apr-132125-Apr-1321
David Marques 2012 | Todos os direitos reservados..: 21 :. Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
Why?25-Apr-132225-Apr-1322
David Marques 2012 | Todos os direitos reservados..: 22 :. Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
25-Apr-13Why?
23Exponential growth in security incidents and cybercrime.25-Apr-1323Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
David Marques 2012. Todos os direitos reservados.Digital evidence can be unique and determinant for the resolution of a dispute. Unique use of digital evidence without compromising the integrity of it.25-Apr-1324Why?Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
25-Apr-1325
David Marques 2012 | Todos os direitos reservados.Digital Evidence25-Apr-1325
Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
25-Apr-1326Digital Evidence
Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
25-Apr-1327Digital Evidence
1243PhysicalLogicalLogsBackupsData Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
25-Apr-1328Digital EvidenceHashingData Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
25-Apr-1329
David Marques 2012 | Todos os direitos reservados.Methodology25-Apr-1329
Pre-Analisys
Evidence CollectionInvestigationReports / CourtData Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
David Marques 2012. Todos os direitos reservados.Open SourceHelixDEFTSleuth KitAutopsyTons of others25-Apr-1330ToolsData Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
David Marques 2012. Todos os direitos reservados.Closed SourceEncaseFTKX-WaysParabensSome others25-Apr-1331ToolsData Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
David Marques 2012. Todos os direitos reservados.Closed Source (Mobile)XRYCellebrite UFEDOxygen ForensicsSome others25-Apr-1332ToolsData Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.David Marques 2012. Todos os direitos reservados.Open Source vs Closed SourceCost Command Line vs GUISupport quality and modelTraining plansDocumentation (Manuals, etc)Source code is availableAcceptance in courts25-Apr-1333ToolsData Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.David Marques 2012. Todos os direitos reservados.Product Specific vs General25-Apr-1334TrainingData Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.David Marques 2012. Todos os direitos reservados.Product Specific EncaseFTKParabenCellebriteOther25-Apr-1335TrainingData Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.David Marques 2012. Todos os direitos reservados.GeneralSANS (FOR408; FOR508; FOR526; FOR610)EC Council (CHFI; CIH)25-Apr-1336TrainingData Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.David Marques 2012. Todos os direitos reservados.Cloud StorageLegalSSDEncryptionAnti-ForensicsStandards and ProceduresAccreditation
25-Apr-1337FutureData Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.
Q & A Thanks!
David [email protected] www.drc.pt
25-Apr-1338
David Marques 2012 | Todos os direitos reservados.Data Recovery Center Company | All Rights Reserved. Corporate Presentation 2012David Marques 2012 | Todos os direitos reservados.