Garage Sale Forensics: Data Discovery Through Discarded Devices

Similar documents

SJSU Electronic Data Disposition Standard

Challenges and Solutions for Effective SSD Data Erasure

Information Technology Services Guidelines

UMBC POLICY ON ELECTRONIC MEDIA DISPOSAL UMBC# X

That s why outsourcing using a Qualified Contractor is the best solution to the problem of assuring a compliant hard drive destruction audit trail.

Solid-State Drives with Self-Encryption: Solidly Secure

Security for Disk Drive Data at Rest Disk Drive Opportunities?

How To Destroy Data From A Hard Drive

State of Vermont. Digital Media and Hardware Disposal Standard. Date: Approved by: Policy Number:

Form #57, Revision #4 Date 7/15/2015 Data Destruction and Sanitation Program. Mobile (ON-SITE) Data Destruction/Shredding Services

Internet Security. For Home Users

CITY UNIVERSITY OF HONG KONG. Information Classification and

Destruction and Disposal of Sensitive Data

Property Accounting Procedure Manual

Data Recovery - What is possible to recover and how? Data Erasure - How to erase information in a secure way. Åke Ljungqvist, Country Manager Sweden

"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure

Ten Questions Your Board Should be asking about Cyber Security. Eric M. Wright, Shareholder

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection Data

Presented by Evan Sylvester, CISSP

RRB-20: Health Insurance and Supplementary Medical Insurance Enrollment and Premium Payment System (MEDICARE) FR Name.

State of South Carolina Policy Guidance and Training

Office Equipment Disposal Policy

This policy shall be reviewed at least annually and updated as needed to reflect changes to business objectives or the risk environment.

Protecting Data in Decommissioned IT Assets: Factors, Tools and Methods

Tutorial on Disk Drive Data Sanitization. Summary. Introduction. Table of Contents

Deciphering the Safe Harbor on Breach Notification: The Data Encryption Story

CANADIAN PAYMENTS ASSOCIATION ASSOCIATION CANADIENNE DES PAIEMENTS STANDARD 012 IMAGE SECURITY STANDARD

Media Disposition and Sanitation Procedure

Firmware security features in HP Compaq business notebooks

Understanding Data Destruction and How to Properly Protect Your Business

Privacy Data Loss. Privacy Data Loss. Identity Theft. The Legal Issues

Data Security Using TCG Self-Encrypting Drive Technology

"This is a truly remarkable attack, but not. just in its scope hackers successfully. penetrated one of the most secure

Other terms are defined in the Providence Privacy and Security Glossary

Critical Data Guide. A guide to handling critical information at Indiana University

John Essner, CISO Office of Information Technology State of New Jersey

CPR: Circumstances, Prevention and Response in Safeguarding Personal Healthcare Information

The Importance of Data Retention

User Authentication Job Tracking Fax Transmission via RightFax Server Secure Printing Functions HDD/Memory Security Fax to Ethernet Connection

A Study of Hard Drive Forensics on Consumers PCs: Data Recovery and Exploitation

Data Recovery - What is possible to recover and how?

RMAR Technologies Pvt. Ltd.

Managing and Automating Data Erasure for Mobile Devices: STRATEGIES FOR RECYCLERS AND IT ASSET DISPOSAL SPECIALISTS

DATA SECURITY POLICY. Data Security Policy

Technical Reference Document Summary of NIST Special Publication : Guidelines for Media Sanitization

SOASTA CloudTest Performance Data Retention and Security Policy. Whitepaper

Cybersecurity Workshop

Why do we need to protect our information? What happens if we don t?

Technical Proposal on ATA Secure Erase Gordon Hughes+ and Tom Coughlin* +CMRR, University of California San Diego *Coughlin Associates

Sierra College ADMINISTRATIVE PROCEDURE No. AP 3721

Solid State Drives (SSD) with Self Encryption: Solidly Secure Michael Willett Storage Security Strategist Independent Consultant

Resolving Security Issues when working with R&S UPV, R&S UPV66, R&S UPP200, R&S UPP400, R&S UPP800 in Secure Areas

Dublin City University

Closing the Back Door: Managing IT Data Security During Equipment Disposal

Cyber Self Assessment

HIPAA and the HITECH Act Privacy and Security of Health Information in 2009

Data Security & Information Sharing

introducing COMPUTER ANTI FORENSIC TECHNIQUES

Magnetic Data Recovery The Hidden Threat. Joshua J Sawyer. East Carolina University

Data Privacy & Security: Essential Questions Every Business Must Ask

THE CYBERSECURITY SKILL GAP: WHAT EMPLOYERS WANT YOU TO KNOW

Kentucky Information Technology Standards (KITS)

Identity Theft and Medical Theft. *Christine Stagnetto-Sarmiento, Oglala Lakota College, USA

IT asset disposal for organisations

BACKUP AND CONTIGENCY PLANS (DISASTER RECOVERY)

Hands-On How-To Computer Forensics Training

Stopping Leaks: How to Confront the Challenges of Endpoint Information Security from HDD. Whitepaper

ACRONYMS: HIPAA: Health Insurance Portability and Accountability Act PHI: Protected Health Information

DATA BREACH LAW UPDATE Global Trends Legal Complexities

NATIONAL SECURITY AGENCY CENTRAL SECURITY SERVICE NSA/CSS POLICY MANUAL Issue Date: 15 December 2014 Revised:

Computer Forensics. Computer Forensics: History, Tools and Outlooks. By John Burns IT Research Paper

Enforcement of Health Information Privacy & Security Standards Federal Enforcement Through Recent Cases and Tools to Measure Regulatory Compliance

Awareness, Deterrence and

Data Breach Response Planning: Laying the Right Foundation

Information Protection in Today s Changing Mobile and Cloud Environments

More details >>> HERE <<<

Guidance Specifying Technologies and Methodologies DEPARTMENT OF HEALTH AND HUMAN SERVICES

IT Auditing and. Discussion Topics. What is IT Auditing?

plantemoran.com What School Personnel Administrators Need to know

ACCOUNTABLE HEALTHCARE IPA HIPAA PRIVACY AND SECURITY TRAINING. By: Jerry Jackson Compliance and Privacy Officer

Managing Data Erasure in the Enterprise: Automated Processes for Optimal Efficiency

PGP Whole Disk Encryption Training

SOUTHWEST VIRGINIA COMMUNITY COLLEGE RECORDS MANAGEMENT POLICY

Secure Data Disposal. By Joe Stuart ACC 626

Preventing Final Disposition Data Breaches

الدكتور عادل إسماعيل العلوي الجامعة الملكية للبنات البحرين نائب رئيس الجمعية الدولية لضبط ومراقبة نظم المعلومات

CYBERSECURITY: THREATS, SOLUTIONS AND PROTECTION. Robert N. Young, Director Carruthers & Roth, P.A. rny@crlaw.com Phone: (336)

Using Technology Control Plans in Export Compliance. Mary Beran, Georgia Tech David Brady, Virginia Tech

IN THE COURT OF APPEALS OF THE STATE OF IDAHO. Docket No ) ) ) ) ) ) ) ) ) )

Computing Services Information Security Office. Security 101

Virginia Commonwealth University School of Medicine Information Security Standard

by: Scott Baranowski Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy

NO. STATE OF TEXAS, IN THE DISTRICT COURT OF Plaintiff, v. LIBERTY COUNTY, TEXAS. CVS PHARMACY, INC. Defendant. JUDICIAL DISTRICT

Managing Information Stanford

Getting a new computer or smartphone is always exciting but do you know what to do with your old one?

Hard Drive Data Security. Chris Bilello Director, Business Development Konica Minolta Business Solutions U.S.A., Inc.

How To Understand The Bring Your Own Device To School Policy At A School

Data Access Request Service

Secure Mobile Shredding and. Solutions

Data Security Policy. 1. Document Status. Version 1.0. Approval. Review By June Secure Research Database Analyst. Change History. 1 Version 1.

Transcription:

Garage Sale Forensics: Data Discovery Through Discarded Devices John Michael Wright Mike County of Butte Session ID: DAS-403 Session Classification: Intermediate

Objectives - What I hope you take away Better awareness of media device threats 2

Objectives - What I hope you take away Better awareness of media device threats The Importance of a policy 3

Objectives - What I hope you take away Better awareness of media device threats The Importance of a policy Understanding that devices are easy to get 4

Objectives - What I hope you take away Better awareness of media device threats The Importance of a policy Understanding that devices are easy to get Introduction to cheap and free tools and methods 5

Objectives - What I hope you take away Better awareness of media device threats The Importance of a policy Understanding that devices are easy to get Introduction to cheap and free tools and methods Preventing data loss is easy and fun 6

The Data 7

The Data Electronic Data Storage Devices Defined 8

The Data Electronic Data Storage Devices Defined Statistics 9

The Data Electronic Data Storage Devices Defined Statistics Where 10

The Data Electronic Data Storage Devices Defined Statistics Where Who 11

The Data Electronic Data Storage Devices Defined Statistics Where Who What 12

The Data Electronic Data Storage Devices Defined Statistics Where Who What Passwords 13

The Data Electronic Data Storage Devices Defined Statistics Where Who What Domain Information 14

The Data Electronic Data Storage Devices Defined Statistics Where Who What Domain Information 15

The Data Electronic Data Storage Devices Defined Statistics Where Who What Financial Data 16

The Data Electronic Data Storage Devices Defined Statistics Where Who What Health 17

The Data Electronic Data Storage Devices Defined Statistics Where Who What Other 18

The Data Electronic Data Storage Devices Defined Statistics Where Who What Value 19

The Data Electronic Data Storage Devices Defined Statistics Where Who What Value Legal 20

The Data Electronic Data Storage Devices Defined Statistics Where Who What Value Legal 21

Policy 22

Policy Importance 23

Policy Importance Education 24

Policy Importance Education Management 25

Policy Importance Education Management Policy Design 26

Policy Importance Education Management Policy Design Purpose Why? 27

Policy Importance Education Management Policy Design Purpose Scope Who? 28

Policy Importance Education Management Policy Design Purpose Scope Policy How? 29

Policy Importance Education Management Policy Design Purpose Scope Policy Training 30

The Hunt for Devices 31

The Hunt for Devices Devices are Cheap and Easy to Find 32

The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices Garage Sales 33

The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices Thrift Shops Second Hand Goodwill 34

The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices ebay 35

The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices Craigslist 36

The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices Recycle Centers Recycle Drives 37

The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices Dumpster Diving 38

The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices 39

The Hunt for Devices Devices are Cheap and Easy to Find Where to Find Devices Does it Even Matter? 40

Device Analysis & Data Recovery 41

Device Analysis & Data Recovery Organization 42

Device Analysis & Data Recovery Organization Where 43

Device Analysis & Data Recovery Organization Where Tools 44

Device Analysis & Data Recovery Organization Where Tools Software 45

Proper Disposal Methods 46

Proper Disposal Methods Format 47

Proper Disposal Methods Format DoD 5220.22-M 48

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 49

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe Degauss Destroy 50

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe 51

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe Degauss 52

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe Degauss 53

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe Degauss Destroy 54

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe Degauss Destroy 55

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe Degauss Destroy 56

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe Degauss Destroy 57

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe Degauss Destroy 58

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe Degauss Destroy 59

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe Degauss Destroy 60

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe Degauss Destroy 61

Proper Disposal Methods Format DoD 5220.22-M NIST Pub 800-88 Sanitization Wipe Degauss Destroy 62

Apply 63

How to Apply What You Have Learned Today In the first three months following this presentation you should: Identify Current Policy and Procedures Identify Devices (Threats) 64

How to Apply What You Have Learned Today In the first three months following this presentation you should: Identify Current Policy and Procedures Identify Devices (Threats) Within six months you should: Identify Workflow Create or Update Policy and Procedures Educate Staff 65

Conclusion 66

Conclusion Devices may contain data 67

Conclusion Devices may contain data Devices are cheap and easy to find 68

Conclusion Devices may contain data Devices are cheap and easy to find Device owners don t understand the risk 69

Conclusion Devices may contain data Devices are cheap and easy to find Device owners don t understand the risk Tools are easy to find and use 70

Conclusion Devices may contain data Devices are cheap and easy to find Device owners don t understand the risk Tools are easy to find and use Tools can be used to sanitize 71

Conclusion Devices may contain data Devices are cheap and easy to find Device owners don t understand the risk Tools are easy to find and use Tools can be used to sanitize Physical destruction is better (more fun) 72

Thank You John Michael Wright Mike mwright@buttecounty.net (work) mike@rollnpc.com (not work) http://www.rollnpc.com/rsa2012 (Links & References) March 2, 2012 DAS-403 73

References Bar-Yosef, N. (2011). The commodities of underground markets. Retrieved on April 19, 2011 from http://www.securityweek.com/commoditiesunderground-markets California v. Greenwood. (1988). 486 U.S. 35 California v. Greenwood et.al. Certiorari to the Court of Appeal of California, Fourth Appellate District, No. 86-684. Retrieved on April 15 from http://caselaw.lp.findlaw.com/cgibin/getcase.pl?court=us&vol=486&invol=35 CCC. (n.d.). California civil code section 1798.56. Retrieved on April 19, 2011 from http://www.leginfo.ca.gov/cgibin/displaycode?section=civ&group=01001-02000&file=1798.55-1798.57 CCISDA. (2011). Program best practices. Retrieved on June 3, 2011 from http://www.ccisda.org/bestpractice/ CMRR. (2011). Secure erase. Retrieve on April 19, 2011 from http://cmrr.ucsd.edu/people/hughes/secureerase.shtml Desai, A. (2011). Commercial hacking: The mafia returns. Retrieved on April 19, 2011 fromhttp://www.articleclick.com/article/commercial-hacking-the- Mafia-Returns/1478593 74

References Continued DoD 5220.22-M. (2006). National industry security program, operating manual. Retrieved on April 19, 2011 from http://www.dss.mil/isp/odaa/documents/nispom2006-5220.pdf Messmer, E. (2010). Data breach costs top $200 per customer record. Retrieved on June 7, 2011 from http://www.networkworld.com/news/2010/012510-data-breach-costs.html Mitnick, K. D. (2003). The art of deception controlling the human element of security. Hoboken, NJ: John Wiley & Sons Inc. NIST Pub 800-88. (2006). NIST special publication 800-88, guidelines for media sanitation. Retrieved on April 19, 2011 from http://csrc.nist.gov/publications/nistpubs/800-88/nistsp800-88_rev1.pdf Perna, G. (2011). Black market prices: The low cost of stolen credit cards. Retrieved on April 19, 2011 from http://www.ibtimes.com/articles/103739/20110121/cybercrime-black-marketcost-of-data-stolen-credit-card-information.htm Wei, M., Grupp, L. M., Spada, F. E., & Swanson, S. (2011). Reliably erasing data from flash-based solid state drives. Retrieved on April 19, 2011 from http://www.usenix.org/events/fast11/tech/full_papers/wei.pdf 75

Tools Access Data: FTK Imager 2.5.3: http://accessdata.com/support/previousreleases#ftkimager Darik s Boot and Nuke: http://www.dban.org/ DiskInternals Uneraser: http://www.diskinternals.com/order/uneraser/ Disk Wipe: http://diskwipe.org/ Helix 2009 R1: https://www.efense.com/store/index.php?_a=viewprod&productid=11 Identity Finder: http://www.identityfinder.com/ Kon-Boot: http://www.piotrbania.com/all/kon-boot/ NirSoft: http://www.nirsoft.net/ Recuva: http://www.piriform.com/recuva Secure Erase: http://cmrr.ucsd.edu/people/hughes/secureerase.shtml Trinity Rescue Kit (TRK): http://trinityhome.org/ WinTaylor: http://www.caine-live.net/page2/page2.html 76