Presentation is loading. Please wait.

Presentation is loading. Please wait.

Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.

Published byOwen Ray Modified over 8 years ago

Similar presentations

Presentation on theme: "Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to."— Presentation transcript:

1 Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to proceed with an investigation.

2 Forensic Procedures 3. Carry out procedures to “freeze” audit trail, e.g., sending a court order to the Internet service provider (ISP) to provide access to the suspect’s Internet data, copying emails, imaging hard disks, identifying remote storages and imaging the relevant disks and RAM. In some cases, a warrant is necessary. The organization’s lawyers should be consulted with respect to police involvement.

3 Forensic Procedures 4. Apply packet sniffing. 5. Review system logs. 6. Determine other equipment and software needed to carry out the investigation. 7Apply special software like Encase to recover erased data.

4 Forensic Procedures 8. Avoid shutting down the suspected computers, connect uninterrupted power supply (UPS) to keep the computer on, so as to prevent loss of data or system audit trail. If UPS is not available and the computer has to be moved, unplug it instead of using the operating system to shut it down; unplugging will involve less interference with the audit trail.

5 Forensic Procedures 9. Scan imaged drives and copied emails for viruses. 10. Back up the evidence. 11. Use the organization’s PKI key recovery process to decrypt files. If that does not work, use password cracking software to obtain the password for the encryption key.

6 Forensic Procedures 12. Boot the captured or suspected computers with an external boot disk instead of using the computer’s operating system to avoid loss of audit tra 13. Document all sequence of events, all interviews, time spent by each investigator and the work performed by each investigator. 14. Maintain arm’s length with the people being investigated, the requester of the investigation, the approver of the investigation and people who provide information to investigators, to avoid conflict of interest.

7 Forensic Procedures 15. Continuously assess the need to communicate with the law department, senior management and the police. 16. Do not communicate information about the investigation using post mail or an unencrypted electronic medium. 17. Be a patient listener, ask open questions, make others comfortable in talking to you, take copious notes.

8 18. Safeguard the investigation files with encryption and physical measures. 19. Keep all evidence, including electronic media for a case all together as complete audit trail, with proper cross references to source, date, sequence of events etc. 20. Dispose of unneeded electronic evidence by using the organization’s approved data wiping software and standard procedures, including if necessary, corporate approved vendors for media storage, backup and destruction.

Download ppt "Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to."

Similar presentations

Computer Systems Networking. What is a Network A network can be described as a number of computers that are interconnected, allowing the sharing of data.

Computer Systems Networking. What is a Network A network can be described as a number of computers that are interconnected, allowing the sharing of data.
BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?

BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?
PPB Forensics – May 2010 IP Theft IT Forensic Solutions Chris Hatfield Senior Manager, IT Forensics.

PPB Forensics – May 2010 IP Theft IT Forensic Solutions Chris Hatfield Senior Manager, IT Forensics.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
COMPUTER FORENSICS Aug. 11, 2000 for Cambridge, Massachusetts.

COMPUTER FORENSICS Aug. 11, 2000 for Cambridge, Massachusetts.
ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.

Chapter 16 Security. 2 Chapter 16 - Objectives u The scope of database security. u Why database security is a serious concern for an organization. u The.
COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.

COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.
Applications with Warrants In Mind. The Law  Why are there laws specifically for computer crimes?  A persons reasonable right to privacy  The nature.

Applications with Warrants In Mind. The Law  Why are there laws specifically for computer crimes?  A persons reasonable right to privacy  The nature.
PMI Inventory Tracker™

PMI Inventory Tracker™
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
Data Acquisition Chao-Hsien Chu, Ph.D.

Data Acquisition Chao-Hsien Chu, Ph.D.
Summary Notes TERM TWO BASIC SEVEN 7 Prepared by Sir Lexis Oppong Prepared by Sir Lexis Oppong ACADEMIC YEAR 2013/2014 ACADEMIC YEAR 2013/2014.

Summary Notes TERM TWO BASIC SEVEN 7 Prepared by Sir Lexis Oppong Prepared by Sir Lexis Oppong ACADEMIC YEAR 2013/2014 ACADEMIC YEAR 2013/2014.
Capturing Computer Evidence Extracting Information.

Capturing Computer Evidence Extracting Information.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Software. E-mail stands for electronic mail. E-mail software enables you to send an electronic message to another person anywhere in the world. The message.

Software. stands for electronic mail. software enables you to send an electronic message to another person anywhere in the world. The message.
New Data Regulation Law 201 CMR 17.00. TJX Video.

New Data Regulation Law 201 CMR TJX Video.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

Similar presentations

Ads by Google