SlideShare une entreprise Scribd logo

The Realm Of Digital Forensics

Donald Tabone
Donald Tabone

26th March 2009, The Realm of Digital Forensics, Educational Seminar, ISACA Malta

TechnologieÉconomie & finance
1  sur  17
Télécharger pour lire hors ligne
The Realm of Digital Forensics ISACA – Malta Chapter 26th March 2009 Donald Tabone
Agenda Introducing Computer Forensics Computer Forensics in the Real World The cost vs. benefit perspective Modern day challenges
Digital Forensics Where do we begin?
Introducing Computer Forensics..1 Defining Computer Forensics Is the systematic accumulation of digital evidence More than Investigating computer-related incidents Incident Response But Collecting evidence and building a story that can be used in court – and if necessary lead to a conviction
Introducing Computer Forensics..1 Laws for digital evidence were established in the late 1980’s Identification, collection, preservation and analysis of digital information Information class: stored, transmitted and produced
Introducing Computer Forensics..2 Defining the scope for CF Disaster recovery vs. computer forensics Fraud, embezzlement, pedophilia, harassment, industrial espionage, policy breaches Email recovery and analysis Preservation of evidence Analysis of user activity Password recovery Tracing web browsing activities
Four Major Stages Acquisition Admissible, Authentic, Complete, Reliable, Believable Identification Cataloguing Digital Evidence, Bag-and-tag Evaluation Searching for keywords, detecting file signatures, steganography, sector level analysis Presentation Reporting without making assumptions, Producing chain of custody log documentation, Presentation in a court of law as an expert / technical witness
Computer Forensics in the real world Real world examples TJX The hackers who ransacked TJX Companies Inc.'s computer network and exposed at least 45.7 million credit and debit card holders to identity fraud reportedly began their assault by exploiting Wi-Fi weaknesses at a Marshalls clothing store near St. Paul, Minn. Heartland Payment Systems Heartland Payment Systems, a credit card processor, on January 20th, that up to 100 Million credit cards may have been disclosed in what is likely the largest data breach in history. If accurate, such figures may make the Heartland incident one of the largest data breaches ever reported. State Bank of India (SBI) Mumbai: The State Bank of India, the country’s largest bank,
The Cost vs. Benefit perspective Conducting digital forensics is expensive and time consuming and not always conclusive Companies must stand to gain from CF Reputation. Bad publicity? e.g. credit card rating Justice through the legal system for fraud Reducing liability Political reasons Official recording of events Bottom line – how much do you stand to
The Cost vs. Benefit perspective “When it comes to creating adequate security incident response procedures, creating a feedback link that will lead to improving existing security practices and closing the gap between security policy creation and its enforcement, the answer is yes – investing in an enterprise electronic forensics program is probably the right thing to do.” Milen Nikolov, IT consultant and trainer, Etisalat Academy
Modern day challenges..1 Time is money! And hard drives are becoming huge Technology evolutions MD5 hash algorithm cracked! The move to smarter mobile devices The cost of keeping abreast with investigation hardware & software Multiple writes to secure delete, a myth? Craig Wright, a forensics expert, claims to have put this legend finally to rest Anti-forensics groups and software People are becoming a lot smarter as anti-forensic
Modern day challenges..2 Finding the right skills for an investigator Intuitive and able to think outside the box Technical expertise – a jack of all trades Legal term understanding Being a technical / expert witness in court Discretion Ethical The ability to convey the concept to various individuals Full Disk Encryption (FDE) Microsoft Bitlocker / PGP WDE Security concerns Plausible Deniability e.g. Truecrypt
The keys to successful Computer Forensics Informative documentation throughout Transparent forensic procedures Accuracy of process and content Preservation of evidence and chain of custody Continual research An aptitude towards being dynamic TIME!
Conclusion.. The word ‘forensics’ literally means A science that deals with the relation and application of a particular field Computer forensics is the science and discipline that is concerned with the relation and application of computers and legal issues The computer forensic professional… … is a cross between technician, programmer and investigator – a curiosity-oriented person who determines why and how past events occurred Computer forensics is used to uncover the proverbial ‘smoking-gun’ Changes to technology will cause growing pains
Food for thought.. As the digital evolution becomes ever more predominant in today's world, can companies afford to not be diligent about evaluating risk? How much does your company stand to lose? Understanding how records can be retrieved is instrumental in reducing the risk from unwanted discovery. Can you anticipate your companies reaction?
Questions? Thank you!
References (Craig Wright, Dave Kleiman, Shyaam Sundhar R. S.: Overwriting Hard Drive Data: The Great Wiping Controversy) http://www. springerlink.com/content/408263ql11460147/ http://www.h-online.com/security/Secure-deletion-a-single-overwrite- will-do-it--/news/112432 Digital Forensics Handout – Dr. Guillermo Francia III – Jacksonville State University Community of Computer Forensic Professionals http://www. computerforensicsworld.com Introducing Digital Forensics – Peter Sommer, London School of Economics Law, investigations and ethics – Kelly J Kuchta http://www. lazarusalliance.com/horsewiki/images/d/d4/Computer-Forensics- Today.pdf Is it really worth it? - Milen Nikolov, IT consultant and trainer, Etisalat Academy, 2007 http://www.cpilive.net/v3/print.aspx?NID=1872

Recommandé

BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Reportprashant3535
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
Electronic files are records too
Electronic files are records tooElectronic files are records too
Electronic files are records tooBob Larrivee
 
Who's Afraid of eDiscovery?
Who's Afraid of eDiscovery?Who's Afraid of eDiscovery?
Who's Afraid of eDiscovery?CallPM
 
Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011Atlantic Security Conference
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 

Recommandé

BYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereBYOD - Bringing Technology to work | Sending Data Everywhere
BYOD - Bringing Technology to work | Sending Data EverywhereJim Brashear
 
Digital Crime & Forensics - Report
Digital Crime & Forensics - ReportDigital Crime & Forensics - Report
Digital Crime & Forensics - Reportprashant3535
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentationprashant3535
 
Electronic files are records too
Electronic files are records tooElectronic files are records too
Electronic files are records tooBob Larrivee
 
Who's Afraid of eDiscovery?
Who's Afraid of eDiscovery?Who's Afraid of eDiscovery?
Who's Afraid of eDiscovery?CallPM
 
Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011Dean carey - data loss-prevention - atlseccon2011
Dean carey - data loss-prevention - atlseccon2011Atlantic Security Conference
 
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...
Encryption and Key Management: Ensuring Compliance, Privacy, and Minimizing t...IBM Security
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyersNicole Black
 
Digital forensics intro 20151123
Digital forensics intro 20151123Digital forensics intro 20151123
Digital forensics intro 20151123Kevin Schlottmann
 
What is I2 Final-Approved
What is I2 Final-ApprovedWhat is I2 Final-Approved
What is I2 Final-ApprovedDuane Blackburn
 
Protecting the Information Infrastructure
Protecting the Information InfrastructureProtecting the Information Infrastructure
Protecting the Information InfrastructureJay McLaughlin
 
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Vivastream
 
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Vivastream
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Damir Delija
 
(Alexa 09) chap.2 lab 1
(Alexa 09) chap.2 lab 1(Alexa 09) chap.2 lab 1
(Alexa 09) chap.2 lab 1maranan_alexa
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...REVULN
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyNetwork Intelligence India
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital ForensicAung Thu Rha Hein
 
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI"
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI"Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI"
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI"Stanislav Bachmann
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsdentpress
 
Bridging the gap between mobile and computer forensics
Bridging the gap between mobile and computer forensicsBridging the gap between mobile and computer forensics
Bridging the gap between mobile and computer forensicsNina Ananiasvili
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threatillustro
 
Electronic evidence
Electronic evidenceElectronic evidence
Electronic evidenceRonak Karanpuria
 
Mjtanasas2
Mjtanasas2Mjtanasas2
Mjtanasas2mj tanasas
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small BusinessJulius Clark, CISSP, CISA
 
What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And SecurityConstantine Karbaliotis
 

Contenu connexe

Tendances

Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyersNicole Black
 
Digital forensics intro 20151123
Digital forensics intro 20151123Digital forensics intro 20151123
Digital forensics intro 20151123Kevin Schlottmann
 
What is I2 Final-Approved
What is I2 Final-ApprovedWhat is I2 Final-Approved
What is I2 Final-ApprovedDuane Blackburn
 
Protecting the Information Infrastructure
Protecting the Information InfrastructureProtecting the Information Infrastructure
Protecting the Information InfrastructureJay McLaughlin
 
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Vivastream
 
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Vivastream
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Damir Delija
 
(Alexa 09) chap.2 lab 1
(Alexa 09) chap.2 lab 1(Alexa 09) chap.2 lab 1
(Alexa 09) chap.2 lab 1maranan_alexa
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedurenewbie2019
 
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...REVULN
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital ForensicAung Thu Rha Hein
 
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI"
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI"Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI"
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI"Stanislav Bachmann
 
Digital forensics
Digital forensicsDigital forensics
Digital forensicsdentpress
 
Bridging the gap between mobile and computer forensics
Bridging the gap between mobile and computer forensicsBridging the gap between mobile and computer forensics
Bridging the gap between mobile and computer forensicsNina Ananiasvili
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11pdewitte
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threatillustro
 

Tendances (20)

Cloud and mobile computing for lawyers
Cloud and mobile computing for lawyersCloud and mobile computing for lawyers
Cloud and mobile computing for lawyers
 
Digital forensics intro 20151123
Digital forensics intro 20151123Digital forensics intro 20151123
Digital forensics intro 20151123
 
What is I2 Final-Approved
What is I2 Final-ApprovedWhat is I2 Final-Approved
What is I2 Final-Approved
 
Protecting the Information Infrastructure
Protecting the Information InfrastructureProtecting the Information Infrastructure
Protecting the Information Infrastructure
 
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
 
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
Fighting Fraud and Cyber Crime: WTF ... "Where's the Fraud"
 
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
Concepts and Methodology in Mobile Devices Digital Forensics Education and Tr...
 
(Alexa 09) chap.2 lab 1
(Alexa 09) chap.2 lab 1(Alexa 09) chap.2 lab 1
(Alexa 09) chap.2 lab 1
 
Digital forensic principles and procedure
Digital forensic principles and procedureDigital forensic principles and procedure
Digital forensic principles and procedure
 
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
Dr. Da-Yu Kao - The Investigation, Forensics, and Governance of ATM Heist Thr...
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. Mookhey
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital Forensic
 
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI"
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI"Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI"
Dinis Guarda "Hacking the DNA of Humanity with Blockchain and AI"
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Bridging the gap between mobile and computer forensics
Bridging the gap between mobile and computer forensicsBridging the gap between mobile and computer forensics
Bridging the gap between mobile and computer forensics
 
Protecting Client Data 11.09.11
Protecting Client Data 11.09.11Protecting Client Data 11.09.11
Protecting Client Data 11.09.11
 
The Insider Threat
The Insider ThreatThe Insider Threat
The Insider Threat
 
Electronic evidence
Electronic evidenceElectronic evidence
Electronic evidence
 
Mjtanasas2
Mjtanasas2Mjtanasas2
Mjtanasas2
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 

Similaire à The Realm Of Digital Forensics

What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docxAliAshraf68199
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortressSTO STRATEGY
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)Andris Soroka
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College WorkshopRahul Nayan
 
Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028Renub Research
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce securitypolitegcuf
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital ForensicsManik Bhola
 
Dungogan chap2 lab 1
Dungogan chap2 lab 1Dungogan chap2 lab 1
Dungogan chap2 lab 1ricky098
 
Zamayla chap2 lab 1
Zamayla chap2 lab 1Zamayla chap2 lab 1
Zamayla chap2 lab 1zamayla143
 
Stream Computing: Defrag Conference
Stream Computing: Defrag ConferenceStream Computing: Defrag Conference
Stream Computing: Defrag ConferenceJonathan Yarmis
 
Brua computer forensics specialist
Brua computer forensics specialistBrua computer forensics specialist
Brua computer forensics specialistfernando_bruaj
 
Conference on Digital Forensics & Cyber Security 2016
Conference on Digital Forensics & Cyber Security 2016Conference on Digital Forensics & Cyber Security 2016
Conference on Digital Forensics & Cyber Security 2016Kayisa Herman Dube
 
The final section of the Digital Forensics journal article by Ga.pdf
The final section of the Digital Forensics journal article by Ga.pdfThe final section of the Digital Forensics journal article by Ga.pdf
The final section of the Digital Forensics journal article by Ga.pdfjyothimuppasani1
 
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull.com
 

Similaire à The Realm Of Digital Forensics (20)

What is Digital Forensics.docx
What is Digital Forensics.docxWhat is Digital Forensics.docx
What is Digital Forensics.docx
 
Data Safety And Security
Data Safety And SecurityData Safety And Security
Data Safety And Security
 
To get round to the heart of fortress
To get round to the heart of fortressTo get round to the heart of fortress
To get round to the heart of fortress
 
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
2015 Cyber security solutions vs cyber criminals @WOHIT2015 (EU eHealth week)
 
Cyber Security College Workshop
Cyber Security College WorkshopCyber Security College Workshop
Cyber Security College Workshop
 
Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028Digital Forensics Market, Size, Global Forecast 2023-2028
Digital Forensics Market, Size, Global Forecast 2023-2028
 
Ecommerce security
Ecommerce securityEcommerce security
Ecommerce security
 
A brief Intro to Digital Forensics
A brief Intro to Digital ForensicsA brief Intro to Digital Forensics
A brief Intro to Digital Forensics
 
Dungogan chap2 lab 1
Dungogan chap2 lab 1Dungogan chap2 lab 1
Dungogan chap2 lab 1
 
Zamayla chap2 lab 1
Zamayla chap2 lab 1Zamayla chap2 lab 1
Zamayla chap2 lab 1
 
Stream Computing: Defrag Conference
Stream Computing: Defrag ConferenceStream Computing: Defrag Conference
Stream Computing: Defrag Conference
 
Mary hankins fernando br ua
Mary hankins fernando br uaMary hankins fernando br ua
Mary hankins fernando br ua
 
Cataluña mary hapkins
Cataluña mary hapkinsCataluña mary hapkins
Cataluña mary hapkins
 
Brua computer forensics specialist
Brua computer forensics specialistBrua computer forensics specialist
Brua computer forensics specialist
 
Digital forensics
Digital forensicsDigital forensics
Digital forensics
 
Conference on Digital Forensics & Cyber Security 2016
Conference on Digital Forensics & Cyber Security 2016Conference on Digital Forensics & Cyber Security 2016
Conference on Digital Forensics & Cyber Security 2016
 
Cybersecurity - Sam Maccherola
Cybersecurity - Sam MaccherolaCybersecurity - Sam Maccherola
Cybersecurity - Sam Maccherola
 
The final section of the Digital Forensics journal article by Ga.pdf
The final section of the Digital Forensics journal article by Ga.pdfThe final section of the Digital Forensics journal article by Ga.pdf
The final section of the Digital Forensics journal article by Ga.pdf
 
R15 a0533 cf converted
R15 a0533 cf convertedR15 a0533 cf converted
R15 a0533 cf converted
 
Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk Logikcull Webinar: Preventing the #1 Litigation Risk
Logikcull Webinar: Preventing the #1 Litigation Risk
 

Plus de Donald Tabone

Manning Information Security Strategy
Manning Information Security StrategyManning Information Security Strategy
Manning Information Security StrategyDonald Tabone
 
ISACA_21st century technologist
ISACA_21st century technologistISACA_21st century technologist
ISACA_21st century technologistDonald Tabone
 
MARM State of Security v2
MARM State of Security v2MARM State of Security v2
MARM State of Security v2Donald Tabone
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-levelDonald Tabone
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDonald Tabone
 

Plus de Donald Tabone (8)

Manning Information Security Strategy
Manning Information Security StrategyManning Information Security Strategy
Manning Information Security Strategy
 
ICTSA v2
ICTSA v2ICTSA v2
ICTSA v2
 
ISACA_21st century technologist
ISACA_21st century technologistISACA_21st century technologist
ISACA_21st century technologist
 
ELPUB_2015
ELPUB_2015ELPUB_2015
ELPUB_2015
 
MARM State of Security v2
MARM State of Security v2MARM State of Security v2
MARM State of Security v2
 
Selling security to the C-level
Selling security to the C-levelSelling security to the C-level
Selling security to the C-level
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
Mca Erg Oct 09
Mca Erg Oct 09Mca Erg Oct 09
Mca Erg Oct 09
 

Dernier

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 

Dernier (20)

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 

The Realm Of Digital Forensics

  • 1. The Realm of Digital Forensics ISACA – Malta Chapter 26th March 2009 Donald Tabone
  • 2. Agenda Introducing Computer Forensics Computer Forensics in the Real World The cost vs. benefit perspective Modern day challenges
  • 4. Introducing Computer Forensics..1 Defining Computer Forensics Is the systematic accumulation of digital evidence More than Investigating computer-related incidents Incident Response But Collecting evidence and building a story that can be used in court – and if necessary lead to a conviction
  • 5. Introducing Computer Forensics..1 Laws for digital evidence were established in the late 1980’s Identification, collection, preservation and analysis of digital information Information class: stored, transmitted and produced
  • 6. Introducing Computer Forensics..2 Defining the scope for CF Disaster recovery vs. computer forensics Fraud, embezzlement, pedophilia, harassment, industrial espionage, policy breaches Email recovery and analysis Preservation of evidence Analysis of user activity Password recovery Tracing web browsing activities
  • 7. Four Major Stages Acquisition Admissible, Authentic, Complete, Reliable, Believable Identification Cataloguing Digital Evidence, Bag-and-tag Evaluation Searching for keywords, detecting file signatures, steganography, sector level analysis Presentation Reporting without making assumptions, Producing chain of custody log documentation, Presentation in a court of law as an expert / technical witness
  • 8. Computer Forensics in the real world Real world examples TJX The hackers who ransacked TJX Companies Inc.'s computer network and exposed at least 45.7 million credit and debit card holders to identity fraud reportedly began their assault by exploiting Wi-Fi weaknesses at a Marshalls clothing store near St. Paul, Minn. Heartland Payment Systems Heartland Payment Systems, a credit card processor, on January 20th, that up to 100 Million credit cards may have been disclosed in what is likely the largest data breach in history. If accurate, such figures may make the Heartland incident one of the largest data breaches ever reported. State Bank of India (SBI) Mumbai: The State Bank of India, the country’s largest bank,
  • 9. The Cost vs. Benefit perspective Conducting digital forensics is expensive and time consuming and not always conclusive Companies must stand to gain from CF Reputation. Bad publicity? e.g. credit card rating Justice through the legal system for fraud Reducing liability Political reasons Official recording of events Bottom line – how much do you stand to
  • 10. The Cost vs. Benefit perspective “When it comes to creating adequate security incident response procedures, creating a feedback link that will lead to improving existing security practices and closing the gap between security policy creation and its enforcement, the answer is yes – investing in an enterprise electronic forensics program is probably the right thing to do.” Milen Nikolov, IT consultant and trainer, Etisalat Academy
  • 11. Modern day challenges..1 Time is money! And hard drives are becoming huge Technology evolutions MD5 hash algorithm cracked! The move to smarter mobile devices The cost of keeping abreast with investigation hardware & software Multiple writes to secure delete, a myth? Craig Wright, a forensics expert, claims to have put this legend finally to rest Anti-forensics groups and software People are becoming a lot smarter as anti-forensic
  • 12. Modern day challenges..2 Finding the right skills for an investigator Intuitive and able to think outside the box Technical expertise – a jack of all trades Legal term understanding Being a technical / expert witness in court Discretion Ethical The ability to convey the concept to various individuals Full Disk Encryption (FDE) Microsoft Bitlocker / PGP WDE Security concerns Plausible Deniability e.g. Truecrypt
  • 13. The keys to successful Computer Forensics Informative documentation throughout Transparent forensic procedures Accuracy of process and content Preservation of evidence and chain of custody Continual research An aptitude towards being dynamic TIME!
  • 14. Conclusion.. The word ‘forensics’ literally means A science that deals with the relation and application of a particular field Computer forensics is the science and discipline that is concerned with the relation and application of computers and legal issues The computer forensic professional… … is a cross between technician, programmer and investigator – a curiosity-oriented person who determines why and how past events occurred Computer forensics is used to uncover the proverbial ‘smoking-gun’ Changes to technology will cause growing pains
  • 15. Food for thought.. As the digital evolution becomes ever more predominant in today's world, can companies afford to not be diligent about evaluating risk? How much does your company stand to lose? Understanding how records can be retrieved is instrumental in reducing the risk from unwanted discovery. Can you anticipate your companies reaction?
  • 16. Questions? Thank you!
  • 17. References (Craig Wright, Dave Kleiman, Shyaam Sundhar R. S.: Overwriting Hard Drive Data: The Great Wiping Controversy) http://www. springerlink.com/content/408263ql11460147/ http://www.h-online.com/security/Secure-deletion-a-single-overwrite- will-do-it--/news/112432 Digital Forensics Handout – Dr. Guillermo Francia III – Jacksonville State University Community of Computer Forensic Professionals http://www. computerforensicsworld.com Introducing Digital Forensics – Peter Sommer, London School of Economics Law, investigations and ethics – Kelly J Kuchta http://www. lazarusalliance.com/horsewiki/images/d/d4/Computer-Forensics- Today.pdf Is it really worth it? - Milen Nikolov, IT consultant and trainer, Etisalat Academy, 2007 http://www.cpilive.net/v3/print.aspx?NID=1872