Garage Sale Forensics: Data Discovery Through Discarded Devices

Transcription

1 Garage Sale Forensics: Data Discovery Through Discarded Devices John Michael Wright Mike County of Butte Session ID: DAS-403 Session Classification: Intermediate

2 Objectives - What I hope you take away Better awareness of media device threats 2

3 Objectives - What I hope you take away Better awareness of media device threats The Importance of a policy 3

4 Objectives - What I hope you take away Better awareness of media device threats The Importance of a policy Understanding that devices are easy to get 4

5 Objectives - What I hope you take away Better awareness of media device threats The Importance of a policy Understanding that devices are easy to get Introduction to cheap and free tools and methods 5

6 Objectives - What I hope you take away Better awareness of media device threats The Importance of a policy Understanding that devices are easy to get Introduction to cheap and free tools and methods Preventing data loss is easy and fun 6

7 The Data 7

8 The Data Electronic Data Storage Devices Defined 8

9 The Data Electronic Data Storage Devices Defined Statistics 9

10 The Data Electronic Data Storage Devices Defined Statistics Where 10

11 The Data Electronic Data Storage Devices Defined Statistics Where Who 11

12 The Data Electronic Data Storage Devices Defined Statistics Where Who What 12

13 The Data Electronic Data Storage Devices Defined Statistics Where Who What Passwords 13

14 The Data Electronic Data Storage Devices Defined Statistics Where Who What Domain Information 14

15 The Data Electronic Data Storage Devices Defined Statistics Where Who What Domain Information 15

16 The Data Electronic Data Storage Devices Defined Statistics Where Who What Financial Data 16

17 The Data Electronic Data Storage Devices Defined Statistics Where Who What Health 17

18 The Data Electronic Data Storage Devices Defined Statistics Where Who What Other 18

19 The Data Electronic Data Storage Devices Defined Statistics Where Who What Value 19

20 The Data Electronic Data Storage Devices Defined Statistics Where Who What Value Legal 20

21 The Data Electronic Data Storage Devices Defined Statistics Where Who What Value Legal 21

22 Policy 22

23 Policy Importance 23

24 Policy Importance Education 24

25 Policy Importance Education Management 25

26 Policy Importance Education Management Policy Design 26

27 Policy Importance Education Management Policy Design Purpose Why? 27

28 Policy Importance Education Management Policy Design Purpose Scope Who? 28

29 Policy Importance Education Management Policy Design Purpose Scope Policy How? 29

30 Policy Importance Education Management Policy Design Purpose Scope Policy Training 30

31 The Hunt for Devices 31

32 The Hunt for Devices Devices are Cheap and Easy to Find 32

33 The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices Garage Sales 33

34 The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices Thrift Shops Second Hand Goodwill 34

35 The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices ebay 35

36 The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices Craigslist 36

37 The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices Recycle Centers Recycle Drives 37

38 The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices Dumpster Diving 38

39 The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices 39

40 The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices Does it Even Matter? 40

41 Device Analysis & Data Recovery 41

42 Device Analysis & Data Recovery Organization 42

43 Device Analysis & Data Recovery Organization Where 43

44 Device Analysis & Data Recovery Organization Where Tools 44

45 Device Analysis & Data Recovery Organization Where Tools Software 45

46 Proper Disposal Methods 46

47 Proper Disposal Methods Format 47

48 Proper Disposal Methods Format DoD M 48

49 Proper Disposal Methods Format DoD M NIST Pub

50 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe Degauss Destroy 50

51 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe 51

52 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe Degauss 52

53 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe Degauss 53

54 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe Degauss Destroy 54

55 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe Degauss Destroy 55

56 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe Degauss Destroy 56

57 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe Degauss Destroy 57

58 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe Degauss Destroy 58

59 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe Degauss Destroy 59

60 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe Degauss Destroy 60

61 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe Degauss Destroy 61

62 Proper Disposal Methods Format DoD M NIST Pub Sanitization Wipe Degauss Destroy 62

63 Apply 63

64 How to Apply What You Have Learned Today In the first three months following this presentation you should: Identify Current Policy and Procedures Identify Devices (Threats) 64

65 How to Apply What You Have Learned Today In the first three months following this presentation you should: Identify Current Policy and Procedures Identify Devices (Threats) Within six months you should: Identify Workflow Create or Update Policy and Procedures Educate Staff 65

66 Conclusion 66

67 Conclusion Devices may contain data 67

68 Conclusion Devices may contain data Devices are cheap and easy to find 68

69 Conclusion Devices may contain data Devices are cheap and easy to find Device owners don t understand the risk 69

70 Conclusion Devices may contain data Devices are cheap and easy to find Device owners don t understand the risk Tools are easy to find and use 70

71 Conclusion Devices may contain data Devices are cheap and easy to find Device owners don t understand the risk Tools are easy to find and use Tools can be used to sanitize 71

72 Conclusion Devices may contain data Devices are cheap and easy to find Device owners don t understand the risk Tools are easy to find and use Tools can be used to sanitize Physical destruction is better (more fun) 72

73 Thank You John Michael Wright Mike (work) (not work) (Links & References) March 2, 2012 DAS

74 References Bar-Yosef, N. (2011). The commodities of underground markets. Retrieved on April 19, 2011 from California v. Greenwood. (1988). 486 U.S. 35 California v. Greenwood et.al. Certiorari to the Court of Appeal of California, Fourth Appellate District, No Retrieved on April 15 from CCC. (n.d.). California civil code section Retrieved on April 19, 2011 from CCISDA. (2011). Program best practices. Retrieved on June 3, 2011 from CMRR. (2011). Secure erase. Retrieve on April 19, 2011 from Desai, A. (2011). Commercial hacking: The mafia returns. Retrieved on April 19, 2011 fromhttp:// Mafia-Returns/

75 References Continued DoD M. (2006). National industry security program, operating manual. Retrieved on April 19, 2011 from Messmer, E. (2010). Data breach costs top $200 per customer record. Retrieved on June 7, 2011 from Mitnick, K. D. (2003). The art of deception controlling the human element of security. Hoboken, NJ: John Wiley & Sons Inc. NIST Pub (2006). NIST special publication , guidelines for media sanitation. Retrieved on April 19, 2011 from Perna, G. (2011). Black market prices: The low cost of stolen credit cards. Retrieved on April 19, 2011 from Wei, M., Grupp, L. M., Spada, F. E., & Swanson, S. (2011). Reliably erasing data from flash-based solid state drives. Retrieved on April 19, 2011 from 75

76 Tools Access Data: FTK Imager 2.5.3: Darik s Boot and Nuke: DiskInternals Uneraser: Disk Wipe: Helix 2009 R1: Identity Finder: Kon-Boot: NirSoft: Recuva: Secure Erase: Trinity Rescue Kit (TRK): WinTaylor: 76