Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.

Slides:

Advertisements

Similar presentations

Computer Systems Networking. What is a Network A network can be described as a number of computers that are interconnected, allowing the sharing of data.

Advertisements

BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?

PPB Forensics – May 2010 IP Theft IT Forensic Solutions Chris Hatfield Senior Manager, IT Forensics.

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

COMPUTER FORENSICS Aug. 11, 2000 for Cambridge, Massachusetts.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.

Applications with Warrants In Mind. The Law  Why are there laws specifically for computer crimes?  A persons reasonable right to privacy  The nature.

PMI Inventory Tracker™

By Drudeisha Madhub Data Protection Commissioner Date:

Data Acquisition Chao-Hsien Chu, Ph.D.

Summary Notes TERM TWO BASIC SEVEN 7 Prepared by Sir Lexis Oppong Prepared by Sir Lexis Oppong ACADEMIC YEAR 2013/2014 ACADEMIC YEAR 2013/2014.

Capturing Computer Evidence Extracting Information.

Guide to Computer Forensics and Investigations, Second Edition

Software. stands for electronic mail. software enables you to send an electronic message to another person anywhere in the world. The message.

New Data Regulation Law 201 CMR TJX Video.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

Data Security GCSE ICT.

Protecting ICT Systems

Guide to Computer Forensics and Investigations, Second Edition

© Pearson Education Limited, Chapter 5 Database Administration and Security Transparencies.

General Purpose Packages

Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.

Disaster Recovery Strategies & criteria for evaluation of information management strategies.

7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.

Computer Forensics Iram Qureshi, Prajakta Lokhande.

Asset & Security Management Chapter 9. IT Asset Management (ITAM) Is the process of tracking information about technology assets through the entire asset.

Dr Richard Overill Department of Informatics King’s College London Cyber Sleuthing or the Art of the Digital Detective.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

COEN 252 Computer Forensics Collecting Network-based Evidence.

CS526: Information Security Chris Clifton December 4, 2003 Forensics.

Important points and activities.  The objective is to secure life, property, information in the event of a disaster and to facilitate business continuity.

Computer Forensics Principles and Practices

An Introduction to Computer Forensics Jim Lindsey Western Kentucky University.

Introduction to Digital Forensics Florian Buchholz.

Backup Procedure  To prevent against data loss, computer users should have backup procedures  A backup is a copy of information stored on a computer.

PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.

Technology Lab Rules, Procedures, Acceptable Use Policy Review Kindergarten-Second Grade This PowerPoint is meant to be used as a quick review! Students.

Chapter 8 Computers and Society, Security, Privacy, and Ethics

Types of Electronic Infection

XP Practical PC, 3e Chapter 6 1 Protecting Your Files.

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #4 Data Acquisition September 8, 2008.

Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.

Joel Rosenblatt Director, Computer and Network Security September 10, 2013.

Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.

 Forensics  Application of scientific knowledge to a problem  Computer Forensics  Application of the scientific method in reconstructing a sequence.

Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.

Forensics Jeff Wang Code Mentor: John Zhu (IT Support)

SAFEGUARDING YOUR ASSETS AND PREVENTING FRAUD

Title of Presentation Technology and the Attorney-Client Relationship: Risks and Opportunities Jay Glunt, Ogletree DeakinsJohn Unice, Covestro LLC Jennifer.

Computer Systems Networking. What is a Network A network can be described as a number of computers that are interconnected, allowing the sharing of data.

Information Security Everyday Best Practices Lock your workstation when you walk away – Hit Ctrl + Alt + Delete Store your passwords securely and don’t.

Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.

ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

By: Jeremy Henry. Road Map  What is a cybercrime?  Statistics.  Tools used by an investigator.  Techniques and procedures used.  Specific case.

This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.

Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.

Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.

Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.

Section 4 Policies and legislation AQA ICT A2 Level © Nelson Thornes Section 4: Policies and Legislation Legislation – practical implications.

Intrusion Detection MIS ALTER 0A234 Lecture 12.

CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.

Alicia A. Coon COSC 480 October 27, 2006

Guide to Computer Forensics and Investigations Fifth Edition

CHFI & Digital Forensics [Part.1] - Basics & FTK Imager

Computers: Tools for an Information Age

Presentation transcript:

Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to proceed with an investigation.

Forensic Procedures 3. Carry out procedures to “freeze” audit trail, e.g., sending a court order to the Internet service provider (ISP) to provide access to the suspect’s Internet data, copying s, imaging hard disks, identifying remote storages and imaging the relevant disks and RAM. In some cases, a warrant is necessary. The organization’s lawyers should be consulted with respect to police involvement.

Forensic Procedures 4. Apply packet sniffing. 5. Review system logs. 6. Determine other equipment and software needed to carry out the investigation. 7Apply special software like Encase to recover erased data.

Forensic Procedures 8. Avoid shutting down the suspected computers, connect uninterrupted power supply (UPS) to keep the computer on, so as to prevent loss of data or system audit trail. If UPS is not available and the computer has to be moved, unplug it instead of using the operating system to shut it down; unplugging will involve less interference with the audit trail.

Forensic Procedures 9. Scan imaged drives and copied s for viruses. 10. Back up the evidence. 11. Use the organization’s PKI key recovery process to decrypt files. If that does not work, use password cracking software to obtain the password for the encryption key.

Forensic Procedures 12. Boot the captured or suspected computers with an external boot disk instead of using the computer’s operating system to avoid loss of audit tra 13. Document all sequence of events, all interviews, time spent by each investigator and the work performed by each investigator. 14. Maintain arm’s length with the people being investigated, the requester of the investigation, the approver of the investigation and people who provide information to investigators, to avoid conflict of interest.

Forensic Procedures 15. Continuously assess the need to communicate with the law department, senior management and the police. 16. Do not communicate information about the investigation using post mail or an unencrypted electronic medium. 17. Be a patient listener, ask open questions, make others comfortable in talking to you, take copious notes.

18. Safeguard the investigation files with encryption and physical measures. 19. Keep all evidence, including electronic media for a case all together as complete audit trail, with proper cross references to source, date, sequence of events etc. 20. Dispose of unneeded electronic evidence by using the organization’s approved data wiping software and standard procedures, including if necessary, corporate approved vendors for media storage, backup and destruction.