Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC"

Transcription

1 Digital Forensics: The aftermath of hacking attacks AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

2 Topics Digital Forensics: Brief introduction Case Studies Case I: Data Theft investigations Case II: Disaster Recovery Challenges

3 A brief about Digital Forensics Wikipedia Definition DF is a branch of forensic science encompassing the recovery and investigation of material found in digital devices, often in relation to computer crime. Importance facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions. Digital Forensics Branches Computer Mobile devices Network Databases

4 DF Process Collection Extracting Analysis Reporting

5 Topics Digital Forensics: Brief introduction Case Studies Case 1: Data Theft investigations Case 2: Disaster Recovery Challenges

6 Case I: Data Theft A cyber-attacks has been carried out, leading to 2 catastrophic results: Deletion of critical data Theft of critical information. Discovery of the attack... Data loss recovery was done using disaster recovery techniques Theft of critical information was overwhelming!

7 Case I: Data Theft Questions to be answered: What was the attack source For how long the organization have been under attack What data was leaked

8 Case I: Collection Collection Extract Analysis Reporting Utilizing court-accepted network DF tools to monitor and log the traffic. The data was ready to be collected from the network forensics server farm The data collected from the Storage using bit stream image, and digitally signed.

9 Case I: Extract Collection Extract Analysis Reporting The data was fed to a big-data analysis forensics toolkit to be prepared for analysis After 24 hours of data digestion, the data was indexed and ready to be viewed by the specialized teams

10 Case I: Analysis Collection Extract Analysis Reporting Network Team: identifying the source and destination of the suspected traffic Management/Legal Team: to identify the interesting information of the data collected

11 Case I: General Outcome Network Investigation Team Results The initiation of the attack was due an sent from an anonymous to an employee in the IT department containing a photo in the signature. Steganography is used to unhide hidden TOR URL in the Photo, leading to backdoor toolkit. The backdoor toolkit was downloaded and activated by a Trojan horse that was received in an earlier Management/Legal Investigation Team Results Successfully identified all the files used in the transfer. wellknown keywords and phrases are used to identify the data that was illegally transferred the employee who received the files was identified and was referred to the administrative investigation

12 Case I: Reporting and Action Taken Collection Extract Analysis Reporting A legal case filed, and the supporting evidences were transferred to the local court custody Competition is the drive! The competitor organization was prosecuted, case closed in the customers favor.

13 Case I: Computer Sub-investigation The hard disk was extracted from the employee s Computer and placed the in an anti-static bag A two bit-stream images of the hard disk was created using tools such as FTK, MD5 hashes are generated for the bitstream images. Retrieve related data Identifying a relation between the employee and a main competitor company. Case File reports were generated and added to the documents in the lawsuit.

14 Case II: Virus Attack A private bank was infected with MaWin.w32 virus, deleting 1 week of non-backed up sensitive data from 400 computers. Virus formatted Hard disks Digital forensics team is hired to recover the data from all the 400 computers

15 Case II: Methodology Collection Extract Analysis Reporting Imaging 400 infected PCs, storage required is about 80 Terabyte The forensics team removed the infected hard disks, and placed them in anti-static bags and transported them to the forensics laboratory

16 Case II: Extract Collection Extract Analysis Reporting The team of forensics investigators made bitstream images of all the hard disks using tools such as FTK and EnCase.

17 Case II: Analysis Collection Extract Analysis Reporting Data recover possibility analysis Actual Data Recovery. Job done! The team restored all the 5 partitions along with the deleted files to their local C: drive. all recovered files in good condition.

18 Case II: Outcome Collection Extract Analysis Reporting Success of restoration reasons. Restoring all disks following the same procedure. The investigation team investigated the data related to the virus, to identify the source of the virus, and tracked the infection process

19 Case II: Reporting Collection Extract Analysis Reporting The team sent back the hard drives to the bank, along with the report of restoration process, and the report of the infection which showed that it was due to an attachment, which actually was a Trojan horse.

20 Topics Digital Forensics: Brief introduction Case Studies Case 1: Data Theft investigations Case 2: Disaster Recovery Challenges

21 Challenges Technical issues Encryption Increasing storage space New technologies Anti-forensic techniques Accepted standards and legal issues.

22 Jamal Abdulhaq Mobile:

Certified Cyber Security Analyst VS-1160

Certified Cyber Security Analyst VS-1160 VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The

More information

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC

Digital Forensics. Tom Pigg Executive Director Tennessee CSEC Digital Forensics Tom Pigg Executive Director Tennessee CSEC Definitions Digital forensics Involves obtaining and analyzing digital information as evidence in civil, criminal, or administrative cases Analyze

More information

Certified Cyber Security Analyst VS-1160

Certified Cyber Security Analyst VS-1160 VS-1160 Certified Cyber Security Analyst Certification Code VS-1160 Vskills certification for Cyber Security Analyst assesses the candidate as per the company s need for cyber security and forensics. The

More information

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1

MSc Computer Security and Forensics. Examinations for 2009-2010 / Semester 1 MSc Computer Security and Forensics Cohort: MCSF/09B/PT Examinations for 2009-2010 / Semester 1 MODULE: COMPUTER FORENSICS & CYBERCRIME MODULE CODE: SECU5101 Duration: 2 Hours Instructions to Candidates:

More information

EC-Council Ethical Hacking and Countermeasures

EC-Council Ethical Hacking and Countermeasures EC-Council Ethical Hacking and Countermeasures Description This class will immerse the students into an interactive environment where they will be shown how to scan, test, hack and secure their own systems.

More information

Concepts of digital forensics

Concepts of digital forensics Chapter 3 Concepts of digital forensics Digital forensics is a branch of forensic science concerned with the use of digital information (produced, stored and transmitted by computers) as source of evidence

More information

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065

Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation

More information

To Catch a Thief: Computer Forensics in the Classroom

To Catch a Thief: Computer Forensics in the Classroom To Catch a Thief: Computer Forensics in the Classroom Anna Carlin acarlin@csupomona.edu Steven S. Curl scurl@csupomona.edu Daniel Manson dmanson@csupomona.edu Computer Information Systems Department California

More information

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft)

10- Assume you open your credit card bill and see several large unauthorized charges unfortunately you may have been the victim of (identity theft) 1- A (firewall) is a computer program that permits a user on the internal network to access the internet but severely restricts transmissions from the outside 2- A (system failure) is the prolonged malfunction

More information

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

Information Technology Audit & Forensic Techniques. CMA Amit Kumar Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques

More information

CHFI v8(computer Hacking Forensics Investigator)

CHFI v8(computer Hacking Forensics Investigator) CHFI v8(computer Hacking Forensics Investigator) Course Description & Overview Overview CHFIv8 Course Description EC-Council releases the brand new Version 8 of the Computer Hacking Forensics Investigator

More information

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Digital Forensics Tutorials Acquiring an Image with FTK Imager Digital Forensics Tutorials Acquiring an Image with FTK Imager Explanation Section Digital Forensics Definition The use of scientifically derived and proven methods toward the preservation, collection,

More information

Computer Intrusion Forensics Literature Review

Computer Intrusion Forensics Literature Review Computer Intrusion Forensics Literature Review Nathan Balon CIS 544 October 20, 2003 Title Computer Forensics: Incident Response Essentials by Warren G. Kruse II and Jay G. Heiser Reviewed by Nathan Balon

More information

Computer Forensics. Computer Forensics: History, Tools and Outlooks. By John Burns IT-103-002. Research Paper

Computer Forensics. Computer Forensics: History, Tools and Outlooks. By John Burns IT-103-002. Research Paper 1 Computer Forensics: History, Tools and Outlooks By John Burns IT-103-002 Research Paper 02/25/2012 "By placing this statement on my webpage, I certify that I have read and understand the GMU Honor Code

More information

Computer Hacking Forensic Investigator v8

Computer Hacking Forensic Investigator v8 CÔNG TY CỔ PHẦN TRƯỜNG CNTT TÂN ĐỨC TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC LEARN MORE WITH LESS! Computer Hacking Forensic Investigator v8 Course Description: EC-Council releases the most advanced Computer

More information

Robotics Core School 1

Robotics Core School 1 Robotics Core School 1 Robotics Core School 2 Cyber Forensics & Crime Investigation This workshop is dedicated on Cyber Forensics & Crime Investigation. Computer Forensics is a detailed and scientific

More information

Computer Forensics as an Integral Component of the Information Security Enterprise

Computer Forensics as an Integral Component of the Information Security Enterprise Computer Forensics as an Integral Component of the Information Security Enterprise By John Patzakis 10/28/03 I. EXECUTIVE SUMMARY In addition to fending off network intrusions and denial of service attacks,

More information

Incident Response and Computer Forensics

Incident Response and Computer Forensics Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident

More information

Course Title: Computer Forensic Specialist: Data and Image Files

Course Title: Computer Forensic Specialist: Data and Image Files Course Title: Computer Forensic Specialist: Data and Image Files Page 1 of 9 Course Description The Computer Forensic Series by EC-Council provides the knowledge and skills to identify, track, and prosecute

More information

Network Incident Report

Network Incident Report To submit copies of this form via facsimile, please FAX to 202-406-9233. Network Incident Report United States Secret Service Financial Crimes Division Electronic Crimes Branch Telephone: 202-406-5850

More information

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations

More information

"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure

This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure ICPAK ANNUAL FORENSIC AUDIT CONFERENCE Digital Forensics in Fraud & Corruption Investigations 9 October 2014 Leisure Lodge Hotel, Diani Kenya Faith Basiye, CFE Head Group Forensic Services KCB Banking

More information

INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION

INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION " - * INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION CHRIS PROSISE KEVIN MANDIA McGraw-Hill /Osborne New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul

More information

Cloud Computing Architecture and Forensic Investigation Challenges

Cloud Computing Architecture and Forensic Investigation Challenges Cloud Computing Architecture and Forensic Investigation Challenges Ghania Al Sadi Sohar University, Computing Department Sohar, University Rd, 311 Sultanate of Oman ABSTRACT Contrasting to traditional

More information

Digital Forensics. General Terms Cyber Crime, forensics models, Investigation, Analysis, digital devices.

Digital Forensics. General Terms Cyber Crime, forensics models, Investigation, Analysis, digital devices. Digital Forensics Ravneet Kaur, Amandeep Kaur Assistant Professor in Computer Science SDSPM College for Women, Rayya (Asr) Guru Nanak Dev University, India International Journal of Computer Applications

More information

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević, DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE Vahidin Đaltur, Kemal Hajdarević, Internacional Burch University, Faculty of Information Technlogy 71000 Sarajevo, Bosnia

More information

AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS

AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS AN INVESTIGATION INTO COMPUTER FORENSIC TOOLS K.K. Arthur 1 H.S. Venter 2 Information and Computer Security Architectures (ICSA) Research Group University of Pretoria Pretoria Department of Computer Science

More information

Overview of Computer Forensics

Overview of Computer Forensics Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National

More information

Taxonomy of Anti-Computer Forensics Threats

Taxonomy of Anti-Computer Forensics Threats 1 Taxonomy of Anti-Computer Forensics Threats Joseph C. Sremack & Alexandre V. Antonov 12 September 2007 2 Overview 1. Introduction 2. Problem Statement 3. High-Level Overview of Investigation Phases 4.

More information

"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure

This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure ICPAK ANNUAL FORENSIC AUDIT CONFERENCE Digital Forensics in Fraud & Corruption Investigations 9 October 2014 Leisure Lodge Hotel, Diani Kenya Faith Basiye, CFE Head Group Forensic Services KCB Banking

More information

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd.

2! Bit-stream copy. Acquisition and Tools. Planning Your Investigation. Understanding Bit-Stream Copies. Bit-stream Copies (contd. Acquisition and Tools COMP 2555: Principles of Computer Forensics Autumn 2014 http://www.cs.du.edu/2555 1 Planning Your Investigation! A basic investigation plan should include the following activities:!

More information

Digital Forensics Fundamentals

Digital Forensics Fundamentals Digital Forensics Fundamentals 1 P a g e Table of Contents 1. Overview of Digital Forensics... 3 2. Evaluation of Digital forensic tools... 5 2.1 Encase Digital forensic tool... 5 2.1.1 Benefits with Encase

More information

Technical Procedure for Evidence Search

Technical Procedure for Evidence Search Technical Procedure for Evidence Search 1.0 Purpose - The purpose of this procedure is to provide a systematic means of searching digital evidence in order to find data sought by the search authorization.

More information

Computer Forensics. Securing and Analysing Digital Information

Computer Forensics. Securing and Analysing Digital Information Computer Forensics Securing and Analysing Digital Information Aims What is a computer? Where is the evidence? Why is digital forensics important? Seizing evidence Encryption Hidden files and folders Live

More information

Modern Digital Forensics!!

Modern Digital Forensics!! ISA 785 Research in Digital Forensics Modern Digital Forensics!! ISA 785! Angelos Stavrou, George Mason University! Modern Digital Forensics What s New 2! New Intellectual property concerns! IP/Brand related

More information

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL)

COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COMPUTER FORENSICS (EFFECTIVE 2013-14) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE 2013-14 CATE STUDENT REPORTING PROCEDURES MANUAL) COURSE DESCRIPTION: Computer Forensics is focused on teaching

More information

Chapter 7 Securing Information Systems

Chapter 7 Securing Information Systems 1 Chapter 7 Securing Information Systems LEARNING TRACK 3: COMPUTER FORENSICS For thirty years, a serial murderer known as the BTK killer (standing for bind, torture, and kill) remained at large in Wichita,

More information

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications Learning objectives E-commerce Security Threats and Protection Mechanisms. This lecture covers internet security issues and discusses their impact on an e-commerce. Nov 19, 2004 www.dcs.bbk.ac.uk/~gmagoulas/teaching.html

More information

Forensics on the Windows Platform, Part Two

Forensics on the Windows Platform, Part Two 1 of 5 9/27/2006 3:52 PM Forensics on the Windows Platform, Part Two Jamie Morris 2003-02-11 Introduction This is the second of a two-part series of articles discussing the use of computer forensics in

More information

Hands-On How-To Computer Forensics Training

Hands-On How-To Computer Forensics Training j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE

More information

What are Viruses, Trojans, Worms & Spyware:

What are Viruses, Trojans, Worms & Spyware: What are Viruses, Trojans, Worms & Spyware: There are many different types of computer viruses circulating in the cyber world, including regular Computer Viruses, Worms, Trojans, and Spyware. Each is different

More information

Code of Connection (CoCo) for Devices Connected to the University s Network

Code of Connection (CoCo) for Devices Connected to the University s Network Code of Connection (CoCo) for Devices Connected to the University s Author Information Security Officer (Technical) Version V1.1 Date 23 April 2015 Introduction This Code of Connection (CoCo) establishes

More information

Cloud Forensics. 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu

Cloud Forensics. 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu Cloud Forensics Written & Researched by: Maegan Katz & Ryan Montelbano 175 Lakeside Ave, Room 300A Phone: 802/865-5744 Fax: 802/865-6446 http://www.lcdi.champlin.edu November 4, 2013 Disclaimer: This document

More information

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution PARTNER BRIEF: IS ONLINE BACKUP RIGHT FOR YOUR BUSINESS?........................................ Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid Who

More information

(b) slack file space.

(b) slack file space. Hidden Files A Computer Forensics Case Study Question Paper 1. Outline the meaning of the following terms: (a) cookie, [2 marks] A cookie is data stored locally that is used by some websites for data that

More information

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR 1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge skills in computer

More information

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014

Introduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014 Introduction to Data Forensics Jeff Flaig, Security Consultant January 15, 2014 WHAT IS COMPUTER FORENSICS Computer forensics is the process of methodically examining computer media (hard disks, diskettes,

More information

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM) s Unix Definition of : Computer Coherent application of a methodical investigatory techniques to solve crime cases. Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM) s Unix

More information

CYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad.

CYBER FORENSICS. KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad. CYBER FORENSICS KRISHNA SASTRY PENDYALA Cyber Forensic Division Central Forensic Science Laboratory Hyderabad. 11 DIGITAL EVIDENCE? Cyber crimes Digital evidence Digital evidence is any information of

More information

Computer Anti-forensics Methods and Their Impact on Computer Forensic Investigation

Computer Anti-forensics Methods and Their Impact on Computer Forensic Investigation Computer Anti-forensics Methods and Their Impact on Computer Forensic Investigation Przemyslaw Pajek and Elias Pimenidis School of Computing IT and Engineering, University of East London, United Kingdom

More information

Design and Implementation of Digital Forensics Labs:

Design and Implementation of Digital Forensics Labs: Design and Implementation of Digital Forensics Labs: A Case Study for Teaching Digital Forensics to Undergraduate Students Hongmei Chi, Christy Chatmon, Edward Jones, and Deidre Evans Computer and Information

More information

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR

C HFI C HFI. EC-Council. EC-Council. Computer Hacking Forensic Investigator. Computer. Computer. Hacking Forensic INVESTIGATOR Page: 1 TM C HFI Computer C HFI Computer Hacking Forensic INVESTIGATOR Hacking Forensic INVESTIGATOR TM v8 v8 Page: 2 Be the leader. Deserve a place in the CHFI certified elite class. Earn cutting edge

More information

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING

ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING ENTERPRISE COMPUTER INCIDENT RESPONSE AND FORENSICS TRAINING MODULE A INTRODUCTION TO COMPUTER FORENSICS AND NVESTIGATIONS A1.0 Explain concepts related to computer forensics. A1.1 This module is measured

More information

Case Study: Hiring a licensed Security Provider

Case Study: Hiring a licensed Security Provider Case Study: Hiring a licensed Security Provider Company Profile McCann Investigations is a full service private investigation firm providing complete case solutions by employing cutting-edge computer forensics

More information

Introduction. IMF Conference September 2008

Introduction. IMF Conference September 2008 Live Forensic Acquisition as Alternative to Traditional Forensic Processes Marthie Lessing* Basie von Solms Introduction The Internet and technology developments introduced a sharp increase in computer

More information

Digital Forensics Services

Digital Forensics Services Digital Forensics Services A KPMG SERVICE FOR G-CLOUD VII October 2015 kpmg.co.uk Digital Forensics Services KPMG PROVIDES RELIABLE END TO END COMPUTER FORENSIC AND EXPERT WITNESS SERVICES We bring together

More information

Universität Mannheim Praktische Informatik I

Universität Mannheim Praktische Informatik I Universität Mannheim Praktische Informatik I 21.03.2007 Examining and imaging data on running systems using LiveWire" Steven W. Wood Master of Science (Florida Institute of Technology) ALSTE Technologies

More information

information security and its Describe what drives the need for information security.

information security and its Describe what drives the need for information security. Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.

More information

Introduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics

Introduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics Introduction to Network Security Comptia Security+ Exam Domain 5 Computer Forensics Computer Forensics Forensics relates to the application of scientific knowledge and method to legal problems Investigating

More information

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT Appendix A to 11-02-P1-NJOIT NJ OFFICE OF INFORMATION TECHNOLOGY P.O. Box 212 www.nj.gov/it/ps/ 300 Riverview Plaza Trenton, NJ 08625-0212 NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT The Intent

More information

To Catch a Thief II: Computer Forensics in the Classroom

To Catch a Thief II: Computer Forensics in the Classroom To Catch A Thief II: Computer Forensics in the Classroom Anna Carlin Computer Information Systems Department, California State Polytechnic University Pomona, CA 91768, USA acarlin@csupomona.edu Steven

More information

Digital Evidence Search Kit

Digital Evidence Search Kit Digital Evidence Search Kit K.P. Chow, C.F. Chong, K.Y. Lai, L.C.K. Hui, K. H. Pun, W.W. Tsang, H.W. Chan Center for Information Security and Cryptography Department of Computer Science The University

More information

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic I Digital Forensic A newsletter for IT Professionals Education Sector Updates Issue 10 I. Background of Digital Forensic Definition of Digital Forensic Digital forensic involves the collection and analysis

More information

State of the art of Digital Forensic Techniques

State of the art of Digital Forensic Techniques State of the art of Digital Forensic Techniques Enos K. Mabuto 1, H. S Venter 2 Department of Computer Science University of Pretoria, Pretoria, 0002, South Africa Tel: +27 12 420 3654 Email: nasbutos@yahoo.co.uk

More information

Digital Forensics & e-discovery Services

Digital Forensics & e-discovery Services Digital Forensics & e-discovery Services U.S. Security Associates Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Certified Digital Forensics Examiner Course Name: CDFE V6.0 Duration: Language: 5 days English Format: Instructor-led (Lecture and Lab) Prerequisite: Experience in using a computer Student Materials: Student

More information

Computer Forensics Preparation

Computer Forensics Preparation Computer Forensics Preparation This lesson covers Chapters 1 and 2 in Computer Forensics JumpStart, Second Edition. OBJECTIVES When you complete this lesson, you ll be able to Discuss computer forensics

More information

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster Security Standards Symantec shall maintain administrative, technical, and physical safeguards for the Symantec Network designed to (i) protect the security and integrity of the Symantec Network, and (ii)

More information

Digital Forensics & e-discovery Services

Digital Forensics & e-discovery Services Digital Forensics & e-discovery Services Andrews International Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities

More information

Forensic Toolkit. Sales and Promotional Summary ACCESSDATA, ON YOUR RADAR

Forensic Toolkit. Sales and Promotional Summary ACCESSDATA, ON YOUR RADAR Forensic Toolkit Sales and Promotional Summary ACCESSDATA, ON YOUR RADAR What is AccessData s Forensic Toolkit? Also known as FTK, this application enables you to perform complete and thorough computer

More information

Digital Forensic Techniques

Digital Forensic Techniques Digital Forensic Techniques Namrata Choudhury, Sr. Principal Information Security Analyst, Symantec Corporation Professional Techniques T23 CRISC CGEIT CISM CISA AGENDA Computer Forensics vs. Digital Forensics

More information

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro) Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro) NICE Conference 2014 CYBERSECURITY RESILIENCE A THREE TIERED SOLUTION NIST Framework for Improving Critical Infrastructure Cybersecurity

More information

Information Technologies and Fraud

Information Technologies and Fraud Information Technologies and Fraud Florin Gogoasa CISA, CFE, CGEIT, CRISC ACFE Romania - Founder and Board member Managing Partner Blue Lab Consulting Information Technologies for Fraud investigation A.

More information

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation Computer Forensics and Digital Investigation Computer Security EDA263, lecture 14 Ulf Larson Lecture outline! Introduction to Computer Forensics! Digital investigation! Conducting a Digital Crime Scene

More information

A Practical Approach for Evidence Gathering in Windows Environment

A Practical Approach for Evidence Gathering in Windows Environment A Practical Approach for Evidence Gathering in Windows Environment Kaveesh Dashora Department of Computer Science & Engineering Maulana Azad National Institute of Technology Bhopal, India Deepak Singh

More information

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?

7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security? 7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk

More information

Nationwide Cyber Security Survey

Nationwide Cyber Security Survey Research Nationwide Cyber Security Survey Presented by Harris Poll Executive Summary: Cyber-Security Cyber-security is a low priority for many because the threat is not palpable Eight in ten (79%) have

More information

The Information Security Problem

The Information Security Problem Chapter 10 Objectives Describe the major concepts and terminology of EC security. Understand phishing and its relationship to financial crimes. Describe the information assurance security principles. Identify

More information

Disaster Recovery Planning Save Your Business

Disaster Recovery Planning Save Your Business Disaster Recovery Planning Save Your Business Your business at risk! Your company is at risk for failure in the event of disaster Your data is at risk for costly loss Your revenue is at risk with lack

More information

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN. 1250 Siskiyou Boulevard Ashland OR 97520 AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN 1250 Siskiyou Boulevard Ashland OR 97520 Revision History Revision Change Date 1.0 Initial Incident Response Plan 8/28/2013 Official copies

More information

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project

WEB SECURITY. Oriana Kondakciu 0054118 Software Engineering 4C03 Project WEB SECURITY Oriana Kondakciu 0054118 Software Engineering 4C03 Project The Internet is a collection of networks, in which the web servers construct autonomous systems. The data routing infrastructure

More information

When you listen to the news, you hear about many different forms of computer infection(s). The most common are:

When you listen to the news, you hear about many different forms of computer infection(s). The most common are: Access to information and entertainment, credit and financial services, products from every corner of the world even to your work is greater than ever. Thanks to the Internet, you can conduct your banking,

More information

CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS

CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS Chapter 22 CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS April Tanner and David Dampier Abstract Research in digital forensics has yet to focus on modeling case domain information involved in investigations.

More information

Term Report. Forensics for IT

Term Report. Forensics for IT Term Report Forensics for IT Trisia Yung ACC 626 Professor Malik Datardina June 28, 2012 Introduction Technology has enhanced the operational aspects of today s businesses by improving productivity and

More information

Computer Forensics Principles and Practices

Computer Forensics Principles and Practices Computer Forensics Principles and Practices by Volonino, Anzaldua, and Godwin Chapter 7: Investigating Windows, Linux, and Graphics Files Objectives Conduct efficient and effective investigations of Windows

More information

Certified Digital Forensics Examiner

Certified Digital Forensics Examiner Cyber Security Training & Consulting Certified Digital COURSE OVERVIEW 5 Days 40 CPE Credits $3,000 Digital is the investigation and recovery of data contained in digital devices. This data is often the

More information

Ovation Security Center Data Sheet

Ovation Security Center Data Sheet Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations

More information

Simple Storage Service (S3)

Simple Storage Service (S3) Simple Storage Service (S3) Amazon S3 is storage for the Internet. It is designed to make web-scale computing easier for developers. Amazon S3 provides a simple web services interface that can be used

More information

Research on Digital Forensics Based on Private Cloud Computing

Research on Digital Forensics Based on Private Cloud Computing Research on Digital Forensics Based on Private Cloud Computing Gang Zeng Police Information Technology Department, Liaoning Police Academy, Liaoning, China ABSTRACT With development of network, massive

More information

Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition Guide to Computer Forensics and Investigations, Second Edition Chapter 9 Data Acquisition Objectives Determine the best acquisition method Plan data-recovery contingencies Use MS-DOS acquisition tools

More information

Digital Forensics. Module 4 CS 996

Digital Forensics. Module 4 CS 996 Digital Forensics Module 4 CS 996 Hard Drive Forensics Acquisition Bit for bit copy Write protect the evidence media EnCase for DOS Safeback (NTI: www.forensics-intl.com) Analysis EnCase FTK (www.accessdata.com)

More information

Significance of Hash Value Generation in Digital Forensic: A Case Study

Significance of Hash Value Generation in Digital Forensic: A Case Study International Journal of Engineering Research and Development e-issn : 2278-067X, p-issn : 2278-800X, www.ijerd.com Volume 2, Issue 5 (July 2012), PP. 64-70 Significance of Hash Value Generation in Digital

More information

Keywords: Computers, digital evidence, digital evidence bags, forensics, forensics tools

Keywords: Computers, digital evidence, digital evidence bags, forensics, forensics tools Computer Forensics Procedures, Tools, and Digital Evidence Bags 1 Computer Forensic Tools Keywords: Computers, digital evidence, digital evidence bags, forensics, forensics tools Computer Forensics Procedures,

More information

https://agency.governmentjobs.com/dakota/job_bulletin.cfm?jobid=1017820

https://agency.governmentjobs.com/dakota/job_bulletin.cfm?jobid=1017820 Page 1 of 5 DAKOTA COUNTY Employee Relations Administration Center, 1590 Highway 55 Hastings, MN 55033-2372 651.438.4435 http://www.dakotacounty.us INVITES APPLICATIONS FOR THE POSITION OF: Electronic

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

An ICT ConsultingCompany

An ICT ConsultingCompany An ICT ConsultingCompany About Us Innovation Experience Market leader technologies Solutions that ensure the best performance through efficiency An ICT Consulting Company 2 Our Mission Improvement of business

More information

InfoSec Academy Forensics Track

InfoSec Academy Forensics Track Fundamental Courses Foundational Courses InfoSec Academy Specialized Courses Advanced Courses Certification Preparation Courses Certified Information Systems Security Professional (CISSP) Texas Security

More information

An overview of IT Security Forensics

An overview of IT Security Forensics An overview of IT Security Forensics Manu Malek, Ph.D. Stevens Institute of Technology mmalek@ieee.org www.cs.stevens.edu/~mmalek April 2008 IEEE Calif. 1 Outline Growing Threats/Attacks Need for Security

More information