Using Computer Forensics in your Investigations
|
|
- Theodora Owen
- 8 years ago
- Views:
Transcription
1 Deloitte Financial Advisory Services LLP Using Computer Forensics in your Investigations Presented to: ISACA Los Angeles Chapter Dave Nardoni January 12 th, 2010
2 Agenda Introduction Analytic & Forensic Technology Dave Nardoni Dave Nardoni Q & A 1
3 Who are we? Analytic & Forensic Technology (AFT) group Experienced team of analytic and forensic professionals Computer forensics labs throughout the US Access to labs throughout the globe within the Deloitte Touche Tohmatsu member firms and their affiliates 2
4 AFT International group 9 Labs in the US 16 International Labs Approximately 250 professionals in the U.S. Federal government Law enforcement Information technologists Business development Unique background and experience Certified Public Accountants, Certified Fraud Examiners, statisticians, online and Internet research professionals and computer forensic specialists Former senior law enforcement officials and agents from the FBI, Justice Department and other government agencies Former prosecutors, MBA s, JD 3
5 Where does the trash go? Recycle bin Unallocated space Swap file and Memory/RAM Slack space 4
6 Problems with deleted files Physical disk failure Software failure Deleted files, missing metadata How to really delete data? 5
7 How do files get deleted? User deleted Recycle bin Proof of deletion Unallocated space C\RECYCLER\S \INFO2 Index Date Deleted path 1 06/30/06 12:05:09PM C:\Documents and Settings\dnardoni\My Documents\Secret\Stock Options\Stock Options Grants.doc 6
8 How do files get deleted? Computer deleted Unallocated space Time is of the essence! 7
9 The clock is ticking Success is partially predicated on time that elapses between when the incident happens and when the data is preserved Electronic evidence is latent (similar to a fingerprint) Startup and shutdown (creates and deletes files) Temporary internet files 8
10 Deleted Files A Forensic Practitioner s Point of View 9
11 Logical View 10
12 Forensic View of Logical Files 11
13 Deleted Files 12
14 Recovered Deleted Files What can we say about these files that were previously deleted? When were they deleted? Who deleted them? 13
15 Forensic View of Deleted Files 14
16 File carving Looking for file signatures JPG file Picture File Signature: Unique bytes at the beginning of a file that identify the file. These bytes constitute a signature for the file. The first 4 bytes of the JPG file are ÿøÿà or FF D8 FF E0 15
17 Recovering data File carving 16
18 Recovering data Keyword searches Keyword search of the word hacking 17
19 Understanding the swap file Memory/RAM = Desk Swap/Page file = File cabinet Swap file often > RAM 18
20 Reviewing the file cabinet pagefile.sys We are looking for evidence of the custodian searching for how to use PDA as a modem. Here is what we found in the pagefile.sys I've mentioned to a couple of people that the BB can be used as a modem. Here is info on how to configure your BB as a modem so you can get your laptop online anywhere you have a cell signal: Also useful is Google Maps for your BB: ùÿôýcom/blackberry-guides/2019-user-howto-use-blackberry-modemlaptop.html?highlight=blackberry+modem rdoni, David (US Los Angeles)0 19
21 Slack space Collection of empty VHS tapes 20
22 Slack space (continued) One program on a tape but program may use several tapes 24 News Sopranos Sopranos Continued NBA Finals 21
23 Slack space (continued) Collection of half hour video tapes CSI The UNIT 60 Min Remains of Sopranos Myth Busters More Remains of Sopranos 24 Episode two Remains of NBA Finals 22
24 Preservation Considerations When to Ghost? Major differences between a ghost image and a forensic image bit-stream versus logical file copy Larger drives = more free space More usage = less chance of recovery 23
25 Metadata - What it isn t Metadata Who, What, When, Where Why do I care? Inadvertent disclosure What s available How can it be used 24
26 Types of Metadata Application System 25
27 Application Metadata Microsoft Word Novell WordPerfect Microsoft Excel Microsoft Outlook Adobe Acrobat Portable Document Format (PDF) Exchangeable Image File Format (EXIF) 26
28 Hidden data in MS Word 27
29 Hidden data in MS Word 28
30 Hidden data in MS Word 29
31 Metadata Report Analyzing hiddent data sample from Deloitte Letter Template.doc Document Name: hidden data sample from Deloitte Letter Template.doc Path: C:\Documents and Settings\tcastrejon\My Documents\MetaData Deck Document Format: Word Document Built-in document properties: Built-in Properties Containing Metadata: 2 Title: Deloitte Letter.dot Comments: Deloitte Word Template v /22/2004 Document Statistics: Document Statistics Containing Metadata: 6 Creation Date: 7/18/ :16:00 PM Last Save Time: 7/18/ :29:00 PM Time Last Printed: 5/1/2002 4:04:00 PM Last Saved By: Deloitte & Touche Revision Number: 5 Total Edit Time (Minutes): 13 Minutes Custom document properties: No Custom Document Properties Last 10 authors: NOT PROCESSED Attached Template (Convert to Normal): Attached Template: C:\Program Files\Microsoft Office\Templates\Deloitte\Deloitte Letter.dot Routing slip: No Routing Slip Versions: No Versions Track Changes: Tracked Changes: 5. Tracked Changes are On. 1 Type: Delete Author: Deloitte & Touche 30
32 Metadata Report cont, 4 Type: Paragraph Number Author: Deloitte & Touche allows you to see how the document would look if you accepted all changes. Showing Markup shows deleted text in balloons in the margin of the document, while inserted text and formatting changes are shown inline. shows the original, unchanged document so that you can see how the document would look if you rejected all changes. Showing Markup shows the inserted text and formatting changes in balloons, while the deleted text remains inline. [Carriage Return] Location: Main Text 5 Type: Delete Author: Deloitte & Touche Final allows you to see how the document would look if you accepted all changes. Showing Markup shows deleted text in balloons in the margin of the document, while inserted text and formatting changes are shown inline. shows the original, unchanged document so that you can see how the document would look if you rejected all changes. Showing Markup shows the inserted text and formatting changes in balloons, while the deleted text remains inline. Location: Main Text Fast Saves: Fast Saves is Off Hidden text: Blocks of Hidden Text: 1 HiddenText 1 Text: Hidden text within a Word doc. While this technique is uncommon, it is mentioned to raise awareness that it does exist. Location: Main Text Comments: Comments: 1 Comment 1 Author: Deloitte & Touche Comment: This picture is cool. Location: Main Text Graphics: NoObjects to be converted to Pictures 31
33 Outlook 32
34 Outlook Metadata From: To: Subject: deleted J Castrejon, Tomas (US - San Francisco) </O=DELOITTE/OU=US/CN=RECIPIENTS/CN=TCASTREJON> FTP and Password Info Created: 06/13/06 12:55:20 Sent: 06/13/06 12:55:09 Header: Microsoft Mail Internet Headers Version 2.0 Received: from usndc0480.us.deloitte.com ([ ]) by uscnt0413.us.deloitte.com with Microsoft SMTPSVC( ); Tue, 13 Jun :55: Received: from atl1.deloitte.com ([ ]) by usndc0480.us.deloitte.com with Microsoft SMTPSVC( ); Tue, 13 Jun :55: Return-Path: <southwestcfce@gmail.com> Received: from nmp3.deloitte.com ([ ] [ ]) by atl1.deloitte.com with ESMTP for tcastrejon@deloitte.com; Tue, 13 Jun :55:19 Z Received: from wr-out-0506.google.com (wr-out-0506.google.com [ ]) by nmp3.deloitte.com with ESMTP for tcastrejon@deloitte.com; Tue, 13 Jun :55:19 Z Received: by wr-out-0506.google.com with SMTP id i31so878769wra for <tcastrejon@deloitte.com>; Tue, 13 Jun :55: (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type; 33
35 Outlook Metadata 34
36 PDF 35
37 PDF Metadata 36
38 EXIF 37
39 EXIF Metadata 38
40 System Metadata 39
41 Issues to avoid Don t Snoop Locard s principal Don t try to hide images (Examples) Don t shrink images or fonts (Examples) Don t use same color text as background (Examples) 40
42 Ways to minimize exposure Change default settings Word PDF 41
43 Minimize exposure, cont. PDF Settings 42
44 Removing metadata Use a meta data scrubbing tool Save original, remove sensitive data, copy out, PDF Microsoft Metadata Office removal tool 42ca-bc7b-5446d34e5360&displaylang=en Metadata Assistant 43
45 Using it to your advantage Identify potential metadata , Office files, system What is relevant Example (PDF version and producer) Preservation Example (NTFS v. CD) Presentation Native format needed? 44
46 Questions?
47 Contact Information Deloitte Financial Advisory Services LLP 350 South Grand Ave Los Angeles, CA USA David Nardoni, EnCE, CISSP Senior Manager Tel: (213) Analytic & Forensic Technology Cell: (626) Fax: (213)
48 About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu, a Swiss Verein, its member firms, and their respective subsidiaries and affiliates. Deloitte Touche Tohmatsu is an organization of member firms around the world devoted to excellence in providing professional services and advice, focused on client service through a global strategy executed locally in nearly 140 countries. With access to the deep intellectual capital of approximately 150,000 people worldwide, Deloitte delivers services in four professional areas audit, tax, consulting, and financial advisory services and serves more than 80 percent of the world s largest companies, as well as large national enterprises, public institutions, locally important clients, and successful, fast-growing global companies. Services are not provided by the Deloitte Touche Tohmatsu Verein, and, for regulatory and other reasons, certain member firms do not provide services in all four professional areas. As a Swiss Verein (association), neither Deloitte Touche Tohmatsu nor any of its member firms has any liability for each other s acts or omissions. Each of the member firms is a separate and independent legal entity operating under the names Deloitte, Deloitte & Touche, Deloitte Touche Tohmatsu, or other related names. In the United States, Deloitte & Touche USA LLP is the U.S. member firm of Deloitte Touche Tohmatsu and services are provided by the subsidiaries of Deloitte & Touche USA LLP (Deloitte & Touche LLP, Deloitte Consulting LLP, Deloitte Financial Advisory Services LLP, Deloitte Tax LLP, and their subsidiaries), and not by Deloitte & Touche USA LLP. The subsidiaries of the U.S. member firm are among the nation s leading professional services firms, providing audit, tax, consulting, and financial advisory services through nearly 40,000 people in more than 90 cities. Known as employers of choice for innovative human resources programs, they are dedicated to helping their clients and their people excel. For more information, please visit the U.S. member firm s Web site at
Moving Forward with IT Governance and COBIT
Moving Forward with IT Governance and COBIT Los Angeles ISACA COBIT User Group Tuesday 27, March 2007 IT GRC Questions from the CIO Today s discussion focuses on the typical challenges facing the CIO around
More informationJust EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012
Just EnCase Presented By Larry Russell CalCPA State Technology Committee May 18, 2012 What is e-discovery Electronically Stored Information (ESI) Discover or Monitor for Fraudulent Activity Tools used
More informationE-discovery: Federal Rules of Civil Procedure and their Implications for Public Sector Corrections Departments
E-discovery: Federal Rules of Civil Procedure and their Implications for Public Sector Corrections Departments Andres De Aguero, Senior Lead, Deloitte Consulting LLP David F. Axelrod, Director, Deloitte
More informationDiscovery of Electronically Stored Information ECBA conference Tallinn October 2012
Discovery of Electronically Stored Information ECBA conference Tallinn October 2012 Jan Balatka, Deloitte Czech Republic, Analytic & Forensic Technology unit Agenda Introduction ediscovery investigation
More informationComputer Forensics. Securing and Analysing Digital Information
Computer Forensics Securing and Analysing Digital Information Aims What is a computer? Where is the evidence? Why is digital forensics important? Seizing evidence Encryption Hidden files and folders Live
More informationBDO CONSULTING FORENSIC TECHNOLOGY SERVICES
BDO CONSULTING FORENSIC TECHNOLOGY SERVICES MARCH 2013 AGENDA Introduction About BDO Consulting Computer Forensics & E-Discovery Practice Current Trends Case Studies Q&A Page 2 Michael Barba Managing Director,
More informationEnCase 7 - Basic + Intermediate Topics
EnCase 7 - Basic + Intermediate Topics Course Objectives This 4 day class is designed to familiarize the student with the many artifacts left behind on Windows based media and how to conduct a forensic
More informationTalent Management in U.S. Financial Services: Attracting and Engaging Generation Y
Financial Services Presents: Talent Management in U.S. Financial Services: Attracting and Engaging Generation Y Andrew Liakopoulos March, 2007 Agenda What is generational talent management? The scenario
More informationIdentity and Access Management Point of View
Identity and Access Management Point of View Agenda What is Identity and Access Management (IAM)? Business Drivers and Challenges Compliance and Business Benefits IAM Solution Framework IAM Implementation
More informationediscovery 101 Myth Busting October 29, 2009 Olivia Gerroll ediscovery Solutions Group Director
ediscovery 101 Myth Busting October 29, 2009 Olivia Gerroll ediscovery Solutions Group Director Background Olivia Gerroll, ediscovery Solutions Group Director Over sixteen years of experience in litigation
More informationQuickstart Tutorial. Bradford Technologies, Inc. 302 Piercy Road, San Jose, California 95138 800-622-8727 fax 408-360-8529 www.bradfordsoftware.
Quickstart Tutorial A ClickFORMS Tutorial Page 2 Bradford Technologies. All Rights Reserved. No part of this document may be reproduced in any form or by any means without the written permission of Bradford
More informationHow to Avoid The Biggest Electronic Evidence Mistakes. Ken Jones Senior Technology Architect Pileum Corporation
How to Avoid The Biggest Electronic Evidence Mistakes Ken Jones Senior Technology Architect Pileum Corporation Why is Proper Handling of Electronic Data Important? Most of the evidence in your case isn
More informationBest Practices in Incident Response. SF ISACA April 1 st 2009. Kieran Norton, Senior Manager Deloitte & Touch LLP
Best Practices in Incident Response SF ISACA April 1 st 2009 Kieran Norton, Senior Manager Deloitte & Touch LLP Current Landscape What Large scale breaches and losses involving credit card data and PII
More informationComputer Forensic Capabilities
Computer Forensic Capabilities Agenda What is computer forensics? Where to find computer evidence Forensic imaging Forensic analysis What is Computer Forensics? The preservation, identification, extraction,
More informationRedacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF
Report # I333-015R-2005 Date 12/13/2005 Redacting with Confidence: How to Safely Publish Sanitized Reports Converted From Word to PDF Architectures and Applications Division of the Systems and Network
More informationHands-On How-To Computer Forensics Training
j8fm6pmlnqq3ghdgoucsm/ach5zvkzett7guroaqtgzbz8+t+8d2w538ke3c7t 02jjdklhaMFCQHihQAECwMCAQIZAQAKCRDafWsAOnHzRmAeAJ9yABw8v2fGxaq skeu29sdxrpb25zidxpbmznogtheories...ofhilz9e1xthvqxbb0gknrc1ng OKLbRXF/j5jJQPxXaNUu/It1TQHSiyEumrHNsnn65aUMPnrbVOVJ8hV8NQvsUE
More informationHow To Use Sharepoint Online On A Pc Or Macbook Or Macsoft Office 365 On A Laptop Or Ipad Or Ipa Or Ipo On A Macbook (For A Laptop) On A Desktop Or Ipro (For An Ipro
Getting Started with SharePoint Online for Small Business By Robert Crane Computer Information Agency http://www.ciaops.com Terms This Guide from the Computer Information Agency is provided as is. Every
More informationMetadata, Electronic File Management and File Destruction
Metadata, Electronic File Management and File Destruction By David Outerbridge, Torys LLP A. Metadata What is Metadata? Metadata is usually defined as data about data. It is a level of extra information
More informationDigital Forensic Techniques
Digital Forensic Techniques Namrata Choudhury, Sr. Principal Information Security Analyst, Symantec Corporation Professional Techniques T23 CRISC CGEIT CISM CISA AGENDA Computer Forensics vs. Digital Forensics
More informationThe Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices
The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices Introduction As organizations rely more heavily on technology-based methods of communication, many corporations
More informationBusiness Ethics and Compliance in the Sarbanes-Oxley Era A Survey by Deloitte and Corporate Board Member Magazine
Business Ethics and Compliance in the Sarbanes-Oxley Era A Survey by Deloitte and Corporate Board Member Magazine Methodology The ethics and compliance survey was jointly conducted by Deloitte and Corporate
More information2013 Boston Ediscovery Summit. Computer Forensics for the Legal Issue-Spotter
2013 Boston Ediscovery Summit Computer Forensics for the Legal Issue-Spotter 2006-2013 James Berriman CEO, Evidox Corporation A Preliminary Comment Issue spotting applies to the practice of ediscovery
More informationWhat Am I Looking At? Andy Kass
Concordance Tip Sheet August 2013 What Am I Looking At? Andy Kass Discovery is the process of requesting, producing and gleaning documents to substantiate assertions of fact in a case. Review is a deep,
More informationEnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection
GUIDANCE SOFTWARE EnCase Portable EnCase Portable Extend Your Forensic Reach with Powerful Triage & Data Collection GUIDANCE SOFTWARE EnCase Portable EnCase Portable Triage and Collect with EnCase Portable
More informationDraft Internal Audit Report Software Licensing Audit. December 2009
Draft Internal Audit Report Software Licensing Audit December 2009 Contents Page Executive Summary 3 Observations and Recommendations 6 Appendix 1 Audit Framework 9 Appendix 2 - Staff Interviewed 10 Statement
More informationConcord Fax Premier/Pro User Guide V.2 (2010)
Concord Fax Premier/Pro User Guide V.2 (2010) Concord Technologies Publication Notice The contents of this publication the specifications of this application are subject to change without notice. Concord
More informationOffice of History. Using Code ZH Document Management System
Office of History Document Management System Using Code ZH Document The ZH Document (ZH DMS) uses a set of integrated tools to satisfy the requirements for managing its archive of electronic documents.
More informationComputer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065
Computer Forensics and Investigations Duration: 5 Days Courseware: CT 0619217065 Introduction The Computer Forensics and Investigation course presents methods to properly conduct a computer forensics investigation
More informationDigital Forensics & e-discovery Services
Digital Forensics & e-discovery Services U.S. Security Associates Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities
More informationMS WORD 2007 (PC) Macros and Track Changes Please note the latest Macintosh version of MS Word does not have Macros.
MS WORD 2007 (PC) Macros and Track Changes Please note the latest Macintosh version of MS Word does not have Macros. Record a macro 1. On the Developer tab, in the Code group, click Record Macro. 2. In
More informationMichigan/1 Migration
Michigan/1 Migration Preparing for Michigan/1 Migration What does M/1 Mean to You Login from anywhere on the State of Michigan (SOM) domain. More secure environment Consolidated Anti-Virus management.
More informationTic, Tie & Calculate Quick Start Guide. Quick Start Guide
Quick Start Guide 1 Table of Contents Quick Start Guide... 3 Welcome to Tic, Tie & Calculate... 3 Features Overview... 3 Important Installation Notes... 3 Installation... 4 Step 1: Receive Account Creation
More informationWorkshare Professional Secure Document Compliance for Microsoft Office 4.5. Workshare Professional Release Notes
Workshare Professional Secure Document Compliance for Microsoft Office 4.5 Workshare Professional Release Notes INTRODUCTION Workshare is pleased to announce the Release of Workshare Professional 4.5.
More informationDigital Forensics & e-discovery Services
Digital Forensics & e-discovery Services Andrews International Digital Forensics & e-discovery Services 21st century fraud investigations require expert digital forensics skills to deal with the complexities
More informationWindows 8 Hacks O'REILLY* Preston Gralla. Beijing. Cambridge Famham. Koln Sebastopol Tokyo
Windows 8 Hacks Preston Gralla Beijing Cambridge Famham O'REILLY* Koln Sebastopol Tokyo Table of Contents Preface vii 1. Setup and Startup Hacks 1 Hack 01. Disable Windows 8's Lock Screen 1 Hack 02. Hack
More informationDigital Forensics, ediscovery and Electronic Evidence
Digital Forensics, ediscovery and Electronic Evidence By Digital Forensics What Is It? Forensics is the use of science and technology to investigate and establish facts in a court of law. Digital forensics
More informationDetection of Data Hiding in Computer Forensics. About Your Presenter
Detection of Data Hiding in Computer Forensics NEbraskaCERT Conference August 22nd, 2008 James E. Martin CISSP, JD About Your Presenter 2008-Present: Security Engineer, West Corporation 2004-2008: Senior
More informationMicrosoft Word 2010. Revising Word Documents Using Markup Tools
Microsoft Word 2010 Revising Word Documents Using Markup Tools Preface Word provides several markup tools that make document collaboration easy. Color coding, highlighting, and the ability maintain multiple
More informationQ. If I purchase a product activation key on-line, how long will it take to be sent to me?
Page 1 of 6 Frequently Asked Questions (FAQ) Q. If I purchase a product activation key on-line, how long will it take to be sent to me? A. When you purchase on-line your product activation key is provided
More informationTable of Contents. zipform 6 User Guide
Table of Contents Welcome 4 Creating and Using Transactions.. 4 How to Create a Transaction...... 4 Creating a Transaction Using a Template....... 5 Adding and Removing Forms from a Transaction.......
More informationIntroduction to Data Forensics. Jeff Flaig, Security Consultant January 15, 2014
Introduction to Data Forensics Jeff Flaig, Security Consultant January 15, 2014 WHAT IS COMPUTER FORENSICS Computer forensics is the process of methodically examining computer media (hard disks, diskettes,
More informationKit Rowley. Subject: Content type and workflow planning (SharePoint Server 2010) Attachments: image001.gif. Plan content types. Plan content types
Kit Rowley Subject: Content type and workflow planning (SharePoint Server 2010) Attachments: image001.gif Content type and workflow planning (SharePoint Server 2010) Published: May 12, 2010 This article
More informationDIGIPASS CertiID. Getting Started 3.1.0
DIGIPASS CertiID Getting Started 3.1.0 Disclaimer Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express
More informationAppendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15
Appendix 6c Final Internal Audit Report Disaster Recovery Planning June 2007 Report 6c Page 1 of 15 Contents Page Executive Summary 3 Observations and Recommendations 8 Appendix 1 - Audit Framework 13
More informationResidential and Business
Internet Phone Service Residential and Business Self Service Portal User Guide Version 2.0 www.packet8.net 1.866.TRY.VOIP Contents Introduction to the Packet8 Self Service Portal... 3 How to use your new
More informationIncident Response and Forensics
Incident Response and Forensics Yiman Jiang, President and Principle Consultant Sumus Technology Ltd. James Crooks, Manager - Advisory Services PricewaterhouseCoopers LLP UBC 2007-04-12 Outline Computer
More informationKeeper Care System Data Manager Version 1.2.6
Automated Inventory Solutions, Inc. User Manual Keeper Care System Data Manager Version 1.2.6 Automated Inventory Solutions Phone: (304)725-4801 Fax: (304)725-6983 www.aisvendors.com Email: support@aisvendors.com
More informationOverview of Computer Forensics
Overview of Computer Forensics Don Mason, Associate Director National Center for Justice and the Rule of Law University of Mississippi School of Law [These materials are based on 4.3.1-4.3.3 in the National
More informationOrange Apps UserLogonUSB V1.0
Orange Apps UserLogonUSB V1.0 KUKA KRC4 User Documentation As of 07/08/2013 Document version: 1.0 2 Introduction Copyright 2013 OrangeApps GmbH Arnikaweg 1 87471 Durach Germany www.orangeapps.de This documentation
More informationBU Digital Print Service. High Resolution PDFs
BU Digital Print Service High Resolution PDFs Introduction As part of the BU Digital Print service files can be uploaded to the Web to Print (W2P) portal for printing however the quality of the print is
More informationCustomer Retention Management
Customer Retention Management Course outline 2011 Outcomes In 2011, best practice dealers are getting serious about CRM, this includes: Developing their CRM model Structuring their CRM activities Employing
More informationReport 6c. Final Internal Audit Report Network and Communications. April 2008
Report 6c Final Internal Audit Report Network and Communications April 2008 Contents Page Executive Summary 3 Observations and Recommendations 4 Appendix 2 - Staff Interviewed 14 Appendix 3 Benchmark Results
More informationMicrosoft Dynamics GP. Electronic Signatures
Microsoft Dynamics GP Electronic Signatures Copyright Copyright 2011 Microsoft. All rights reserved. Limitation of liability This document is provided as-is. Information and views expressed in this document,
More informationMYOB Document Manager
MYOB Document Manager Version 4.0 User Guide Copyright 2009 MYOB Technology Pty Ltd. All rights reserved. Disclaimer MYOB has made every attempt to ensure the accuracy, relevance and completeness of this
More informationMetadata in Microsoft Office and in PDF Documents Types, Export, Display and Removal
White Paper Metadata in Microsoft Office and in PDF Documents Types, Export, Display and Removal Copyright 2002-2009 soft Xpansion GmbH & Co. KG White Paper Metadata in PDF Files 1 Contents Term Definitions
More informationWhat is Digital Forensics?
DEVELOPING AN UNDERGRADUATE COURSE IN DIGITAL FORENSICS Warren Harrison PSU Center for Information Assurance Portland State University Portland, Oregon 97207 warren@cs.pdx.edu What is Digital Forensics?
More informationElectronic Docket Filings Michigan Public Service Commission Department of Licensing and Regulatory Affairs
Electronic Docket Filings Michigan Public Service Commission Department of Licensing and Regulatory Affairs How to Electronically File Documents in Cases Before the Michigan Public Service Commission (E-Dockets
More informationSecrets of Electronic Discovery. David F. Axelrod, Director Ernie Liu, Manager Forensic & Dispute Services Deloitte Financial Advisory Services LLP
Secrets of Electronic Discovery David F. Axelrod, Director Ernie Liu, Manager Forensic & Dispute Services Deloitte Financial Advisory Services LLP CONTENTS Litigation Technology Infrastructure Phases of
More information2004 Consumer-Driven Health Care Survey
Survey Synopsis 2004 Consumer-Driven Health Care Survey Background Health care cost increases were once again in the double-digit range for the majority of companies for the third consecutive year. Companies
More informationIncident Response and Computer Forensics
Incident Response and Computer Forensics James L. Antonakos WhiteHat Forensics Incident Response Topics Why does an organization need a CSIRT? Who s on the team? Initial Steps Detailed Project Plan Incident
More informationKeeper Care System Data Manager Version 1.0
Automated Inventory Solutions, Inc. User Manual Keeper Care System Data Manager Version 1.0 Automated Inventory Solutions Phone: (304)725-4801 Fax: (304)725-6983 www.aisvendors.com Email: support@aisvendors.com
More informationCertified Digital Forensics Examiner
Cyber Security Training & Consulting Certified Digital COURSE OVERVIEW 5 Days 40 CPE Credits $3,000 Digital is the investigation and recovery of data contained in digital devices. This data is often the
More informationCLOUD STORAGE FORENSICS MATTIA EPIFANI SANS EUROPEAN DIGITAL FORENSICS SUMMIT PRAGUE, 7 OCTOBER 2013
CLOUD STORAGE FORENSICS MATTIA EPIFANI SANS EUROPEAN DIGITAL FORENSICS SUMMIT PRAGUE, 7 OCTOBER 2013 SUMMARY Cloud Storage services Testing environment and methodology Forensics artifacts left by Cloud
More informationFAXAWAY BROADCAST FAX USER'S GUIDE
417 Second Avenue West, Seattle, Washington 98119 USA Tel: 1(206)479-7000/Fax: 1(206)479-7500 E-mail: bcast@fax2.faxaway.com FAXAWAY BROADCAST FAX USER'S GUIDE QUICK START A. Requirements B. Installing
More informationChapter Contents. Operating System Activities. Operating System Basics. Operating System Activities. Operating System Activities 25/03/2014
Chapter Contents Operating Systems and File Management Section A: Operating System Basics Section B: Today s Operating Systems Section C: File Basics Section D: File Management Section E: Backup Security
More informationDesigning forms for auto field detection in Adobe Acrobat
Adobe Acrobat 9 Technical White Paper Designing forms for auto field detection in Adobe Acrobat Create electronic forms more easily by using the right elements in your authoring program to take advantage
More informationWhite Paper. The Five Keys to a Successful Document Management System ABSTRACT. www.treenosoftware.com Command Your Content
1 White Paper The Five Keys to a Successful Document Management System ABSTRACT The successful implementation of an electronic document management system begins with a detailed understanding the specific
More information(1) latex + dvipdfm (which is a DVI to PDF translator) or (2) pdflatex (a version of LaTeX that generates PDF output instead of DVI).
FORMATTING AN ELECTRONIC SAE TECHNICAL PAPER To have your paper published by SAE, you must adhere to the SAE Technical Paper Template, which includes the correct layout, margins, style tags, etc. The available
More informationSmartphones and tablets: If you have a data plan, use the SMTP server setting for the company that provides this service.
ARTSPHERE USER MANUAL Hosting for versions 5.0 and 5.1 The hosting control panel is where your website is located. We refer to this as the cpanel. To access the cpanel add /cpanel to your domain name (for
More informationOperating Systems Forensics
Operating Systems Forensics Section II. Basic Forensic Techniques and Tools CSF: Forensics Cyber-Security MSIDC, Spring 2015 Nuno Santos Summary! Windows boot sequence! Relevant Windows data structures!
More informationMicrosoft Office Series
Microsoft Office Series Microsoft Office is the office suite of desktop applications delivering the tools and services to get work done. Our Microsoft Office Quickcert offerings allow your key individuals
More information1. What is Long-Term Docs... 5
Contents 1. What is Long-Term Docs... 5 1.1. General Properties of Long-Term Docs... 5 1.2. The Features of Long-Term Docs... 5 1.2.1. Long-Term Document Validity (LTV)... 6 1.2.2. Long-Term Document Archiving
More informationDigital Forensics for Attorneys Overview of Digital Forensics
Lars Daniel,, EnCE, ACE, CTNS Digital Forensic Examiner Digital Forensics for Attorneys Overview of Digital Forensics Digital Forensics For Attorneys Overview of Digital Forensics Types of Digital Evidence
More informationObjectives. Objectives. CLEAR 2008 Annual Conference Anchorage, Alaska. September 25-27, 2008
CSI for Regulators Part II Obtaining and Processing Electronic Evidence Glenn Benard Ernie Atkins Dean Benard Kristina Mulak Objectives Understanding what electronic records are Consider why we might want
More informationRSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively
RSA Data Loss Prevention (DLP) Understand business risk and mitigate it effectively Arrow ECS DLP workshop, Beograd September 2011 Marko Pust marko.pust@rsa.com 1 Agenda DLP in general What to expect from
More informationAdobe Conversion Settings in Word. Section 508: Why comply?
It s the right thing to do: Adobe Conversion Settings in Word Section 508: Why comply? 11,400,000 people have visual conditions not correctible by glasses. 6,400,000 new cases of eye disease occur each
More informationFeatures compared: Worldox Productivity Suite modules and the full version of those products from DocsCorp
Features compared: Worldox modules and the full version of those products from In Worldox FUNCTIONALITY for pdfdocs DESKTOP build 3.2.7.26 CREATE PDF Create a PDF document from any application that prints
More informationAbout Your Presenter. Digital Forensics For Attorneys. Overview of Digital Forensics
Larry E. Daniel, EnCE, DFCP, BCE Digital Forensic Examiner Digital Forensics for Attorneys An Overview of Digital Forensics About Your Presenter EnCase Certified Examiner (EnCE) Digital Forensics Certified
More information102 ediscovery Shakedown: Lowering your Risk. Kindred Healthcare
102 ediscovery Shakedown: Lowering your Risk Long-Term Care Session HCCA Compliance Institute April 27, 2009 Las Vegas, Nevada Presented by: Diane Kissel, Manager IS Risk & Compliance Kindred Healthcare,
More informationNuix Forensic Focus 2014 Webinar Accelerating investigations using advanced ediscovery techniques 6 th March 2014
Nuix Forensic Focus 2014 Webinar Accelerating investigations using advanced ediscovery techniques 6 th March 2014 All rights reserved 2014. Nuix Software ABOUT THE PRESENTERS Paul Slater Director of Forensic
More informationImpact of Digital Forensics Training on Computer Incident Response Techniques
Impact of Digital Forensics Training on Computer Incident Response Techniques Valorie J. King, PhD Collegiate Associate Professor University of Maryland University College Presentation to AFCEA June 25,
More informationCan Computer Investigations Survive Windows XP?
Can Computer Investigations Survive? An Examination of Microsoft and its Effect on Computer Forensics December 2001 by Kimberly Stone and Richard Keightley 2001 Guidance Software All Rights Reserved Executive
More informationThis Webcast Will Begin Shortly
This Webcast Will Begin Shortly If you have any technical problems with the Webcast or the streaming audio, please contact us via email at: accwebcast@commpartners.com Thank You! Welcome! Electronic Data
More informationtesto Saveris 21CFR Part 11 Software Instruction manual
testo Saveris 21CFR Part 11 Software Instruction manual 2 1 Contents 1 Contents 1 Contents... 3 2 Specifications... 4 2.1. Intended purpose... 4 2.2. 21 CFR Part 11 and terminology used... 5 3 First steps...
More informationInformation Technology Audit & Forensic Techniques. CMA Amit Kumar
Information Technology Audit & Forensic Techniques CMA Amit Kumar 1 Amit Kumar & Co. (Cost Accountants) A perfect blend of Tax, Audit & Advisory services Information Technology Audit & Forensic Techniques
More informationBroadview Fax Quick Start Guide from MyOfficeSuite
1234 - Smith, John LS TS Broadview Fax Quick Start Guide from MyOfficeSuite MY ONLINE FAX INBOUND FAX NUMBER 123.456.7890 40 DETAILS CHECK FAXES SEND A FAX How to send a Fax Click Send A Fax on the My
More informationAdvanced Methods and Techniques
2013 CTIN Digital Forensics Conference Advanced Methods and Techniques Brett Shavers 2013 CTIN Digital Forensics Conference The XWF Book Not done yet Eric Zimmerman (FBI) is the coauthor Jimmy Weg is the
More informationMicrosoft Outlook 2010 Part 1: Introduction to Outlook
CALIFORNIA STATE UNIVERSITY, LOS ANGELES INFORMATION TECHNOLOGY SERVICES Microsoft Outlook 2010 Part 1: Introduction to Outlook Spring 2015, Version 1.4 Table of Contents Introduction...3 Starting Outlook...3
More informationLevelOne MUS-1001. 1GB Smart Flash. User Manual V1.0.0-0610
LevelOne MUS-1001 1GB Smart Flash User Manual V1.0.0-0610 CONTENT CHAPTER 1 INTRODUCTION...4 1.1 About this Manual...4 1.2 Support Services...5 CHAPTER 2 PRODUCT OVERVIEW...6 2.1 Package Contents...6 2.2
More information10.3.1.5 Lab - Data Backup and Recovery in Windows Vista
5.0 10.3.1.5 Lab - Data Backup and Recovery in Windows Vista Introduction Print and complete this lab. In this lab, you will back up data. You will also perform a recovery of the data. Recommended Equipment
More informationAccuGuard Desktop and AccuGuard Server User Guide
AccuGuard Desktop and AccuGuard Server User Guide 1 2 Table of Contents Welcome 4 Backup Simplified 5 Features 6 Protection Plans 7 Archived Data Viewing 8 Archived Data Restoring 9 Best Practices 11 Getting
More informationCMS Basic Training. Getting Started
The (Content Management System), was designed to allow most people in an organization to contribute to or edit their website(s). Utilizing a set of templates and stylesheets, users can add or edit information
More informationMicrosoft Outlook 2010 Part 1: Introduction to Outlook
CALIFORNIA STATE UNIVERSITY, LOS ANGELES INFORMATION TECHNOLOGY SERVICES Microsoft Outlook 2010 Part 1: Introduction to Outlook Spring 2012, Version 1.0 Table of Contents Introduction...3 Starting the
More informationIdentity & Access Management The Cloud Perspective. Andrea Themistou 08 October 2015
Identity & Management The Cloud Perspective Andrea Themistou 08 October 2015 Agenda Cloud Adoption Benefits & Risks Security Evolution for Cloud Adoption Securing Cloud Applications with IAM Securing Cloud
More informationMarch 2010. Recruitment Services Recruitment Process Outsourcing (RPO)
March 2010 Recruitment Services Recruitment Process Outsourcing (RPO) Contents 1. Executive summary 2 2. Service line - Overview 3 3. Our methodology 5 4. Meet the team 7 1. Executive summary Introduction
More informationIntroduction. This white paper provides technical information on how to approach these steps with Symantec Antivirus Corporate edition.
Introduction The process of updating virus definitions on workstations protected by Deep Freeze Enterprise involves three fundamental steps: 1. Rebooting the workstations into a Thawed state so the updates
More informationChapter 7 Securing Information Systems
1 Chapter 7 Securing Information Systems LEARNING TRACK 3: COMPUTER FORENSICS For thirty years, a serial murderer known as the BTK killer (standing for bind, torture, and kill) remained at large in Wichita,
More informationRPost Outlook Quick Start Guide
RPost Outlook Quick Start Guide This document outlines the steps to send an email using the RPost services and a brief description of the features available with the RPost add-in for Microsoft Outlook.
More informationUsing Google Drive. Using Google Drive. Information Security Requirements
Using Google Drive Information Security Requirements Google Drive is a cloud storage service available to CWRU students, faculty and staff that allows you to store, share, and synchronize files using multiple
More information