Introduction to Network Security Comptia Security+ Exam. Computer Forensics. Evidence. Domain 5 Computer Forensics



Similar documents
Computer Forensics CHAPTER

Overview of Computer Forensics

Hands-On How-To Computer Forensics Training

Digital Forensic. A newsletter for IT Professionals. I. Background of Digital Forensic. Definition of Digital Forensic

Digital Evidence Collection and Use. CS 585 Fall 2009

Guidelines on Digital Forensic Procedures for OLAF Staff

EnCase 7 - Basic + Intermediate Topics

MSc Computer Security and Forensics. Examinations for / Semester 1

CHAPTER 18 CYBER CRIMES

Incident Response and Computer Forensics

The Proper Acquisition, Preservation, & Analysis of Computer Evidence: Guidelines & Best-Practices

Lecture outline. Computer Forensics and Digital Investigation. Defining the word forensic. Defining Computer forensics. The Digital Investigation

Digital Forensic Techniques

Digital Forensics. Larry Daniel

(b) slack file space.

Information Technology Audit & Forensic Techniques. CMA Amit Kumar

A Short Introduction to Digital and File System Forensics

Information Security Operational Procedures Banner Student Information System Security Policy

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

Chapter 7 Securing Information Systems

Digital Forensics, ediscovery and Electronic Evidence

Legal view of digital evidence

Digital Forensics Tutorials Acquiring an Image with FTK Imager

Information Security Policy

Digital Forensics: The aftermath of hacking attacks. AHK Committee Meeting April 19 th, 2015 Eng. Jamal Abdulhaq Logos Networking FZ LLC

Computer Forensics Today

Information Technology Security Policies

Ten Deadly Sins of Computer Forensics

Iowa Student Loan Online Privacy Statement

CCE Certification Competencies

Framework for Live Digital Forensics using Data Mining

Computer Forensics Basics, First Responder, Collection of Evidence

Chain of evidence refers to the continuity of custody of material and items collected as evidence.

Spoliation of Evidence. Prepared for:

Computer Forensics as an Integral Component of the Information Security Enterprise

Digital Forensic Tool for Decision Making in Computer Security Domain

Rules and Procedures. Rule 312 August 23, Rule CRIME LABORATORY - EVIDENCE AND CRIME SCENES

Incident Response and Forensics

Best Practices for Computer Forensics

PRIVACY POLICY. Last updated February 2, 2009 INTRODUCTION

Enterprise Remote Control 5.6 Manual

To Catch a Thief: Computer Forensics in the Classroom

information security and its Describe what drives the need for information security.

Computer Forensics Principles and Practices

DIGITAL FORENSIC INVESTIGATION, COLLECTION AND PRESERVATION OF DIGITAL EVIDENCE. Vahidin Đaltur, Kemal Hajdarević,

Computer Forensics: Permanent Erasing

Forensics source: Edward Fjellskål, NorCERT, Nasjonal sikkerhetsmyndighet (NSM)

Open Source Digital Forensics Tools

DUUS Information Technology (IT) Incident Management Standard

RFG Secure FTP. Web Interface

Cloud Computing Architecture and Forensic Investigation Challenges

Large Scale Cloud Forensics

COMPUTER FORENSICS (EFFECTIVE ) ACTIVITY/COURSE CODE: 5374 (COURSE WILL BE LISTED IN THE CATE STUDENT REPORTING PROCEDURES MANUAL)

Certified Digital Forensics Examiner

Computer Forensics US-CERT

Investigation Techniques

Defining Digital Forensic Examination and Analysis Tools Using Abstraction Layers

E-commerce. Security. Learning objectives. Internet Security Issues: Overview. Managing Risk-1. Managing Risk-2. Computer Security Classifications

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 13 Business Continuity

CONCEPT MAPPING FOR DIGITAL FORENSIC INVESTIGATIONS

Digital Forensics for Attorneys Overview of Digital Forensics

Document Services Customer Accounts Online

CDFE Certified Digital Forensics Examiner (CFED Replacement)

CRIME SCENE INVESTIGATION

INCIDENT RESPONSE & COMPUTER FORENSICS, SECOND EDITION

State of the art of Digital Forensic Techniques

Impact of Digital Forensics Training on Computer Incident Response Techniques

Chapter 3. Computer Forensics. Margaret A. (Peggy) Daley. Duff & Phelps, LLC; Chicago

EnCase Portable. Extend Your Forensic Reach with Powerful Triage & Data Collection

Information Security Guide for Students

ISO IEC ( ) INFORMATION SECURITY AUDIT TOOL

Optional Lab: Data Backup and Recovery in Windows Vista

Dene Community School of Technology Staff Acceptable Use Policy

Cell Phone Forensics For Legal Professionals

COMPUTER FORENSIC Ibrahim Khoury, Eralda Caushaj

MIT s Information Security Program for Protecting Personal Information Requiring Notification. (Revision date: 2/26/10)

2014 Core Training 1

Getting Started with Turbo Your PC

Forensics on the Windows Platform, Part Two

Computer Forensics Processing Checklist. Pueblo High-Tech Crimes Unit

American International Group, Inc. DNS Practice Statement for the AIG Zone. Version 0.2

Information Security Operational Procedures

1/26/15. Chapter 2 Crime Scene

Automated Identification and Reconstruction of YouTube Video Access

Solution Brief for ISO 27002: 2013 Audit Standard ISO Publication Date: Feb 6, EventTracker 8815 Centre Park Drive, Columbia MD 21045

Digital Forensics for Attorneys - Part 2

Union County. Electronic Records and Document Imaging Policy

DISK DRIVE MAINTENANCE. 1. Disk Cleanup

Animal Cruelty Investigations: Crime Scene Response Processing and Documentation TYPES OF ANIMAL CRUELTY CRIMES

Just EnCase. Presented By Larry Russell CalCPA State Technology Committee May 18, 2012

Ministry of Children and Family Development (MCFD) Contractor s Information Management Guidelines

Frequently Asked Questions. Secure Log Manager. Last Update: 6/25/ Barfield Road Atlanta, GA Tel: Fax:

Transcription:

Introduction to Network Security Comptia Security+ Exam Domain 5 Computer Forensics Computer Forensics Forensics relates to the application of scientific knowledge and method to legal problems Investigating and analyzing computer systems for evidence related to violation of laws Investigating and analyzing computer systems for organization policies compliance Investigating and analyzing computer systems for evidence of system compromise Incident response Evidence Documents, verbal statements and material objects relevant and admissible in a court of law Standard for Evidence Sufficient Convincing and measure up without question Competence Legally qualified and reliable Relevant Material to the case or have a bearing on the matter at hand 1

Rules Regarding Evidence Best evidence Court prefers original Duplicate may be accepted If the original has been destroyed Original cannot be subpoena Exclusionary evidence Not in violation of the Fourth Amendment Violation of Electronic Communication Privacy Act Hearsay evidence Second hand evidence Types of Evidence Direct evidence Knowledge of facts through five-senses No inference or presumptions Real (physical or associative) evidence Tangible objects Documentary evidence Records, print output Demonstrative evidence Show and tell Evidence Credibility is everything Acquiring Identifying Protecting Transporting Storage Chain of custody 2

Acquisition Do not use utilities on a compromised system Collecting evidence as soon as possible to prevent removal or tampering Photograph evidence before removal Computer in use Turn off or disconnect from the network? Issue: System is critical to operation Dump memory to another location Complete dump not available for 2GB+ or 4GB+ PAE systems New dump replacing old dump Registry entry to create keyboard memory dump Power down Image system Identification Properly marked and cataloged Labels must not be easily removed Logged each piece of evidence Identification Collector ID Date and time Location Reason Note damaged to evidence Protection To assure credibility evidence must be protected from Damage Electromagnetic, magnetic fields Mechanical Extreme temperature Humidity Water Vibration Tampering Compromised Use static-free protective gloves in handling Properly sealed and identified 3

Transportation Properly logging in or out of storage to ensuring chain of custody Who What When Why Proper packaging Secured packaging Anti-static bag Shock and vibration Storage In dedicated storage area Low and controlled traffic Restricted access Monitoring devices Entry log The Investigation (1) Take extreme caution to assure credibility Use check list do not skip any step Never examine the original evidence Photograph and remove one piece at a time Proper storage of magnetic media Log identification and physical properties Hard disk make, model, and type Drive geometry 4

The Investigation (2) Make multiple copy using sector imaging One to replace the drive if you don t want the owner to know that you removed the original One to sealed, marked, logged and stored with the original One to be used for file authentication One for analysis Lock drive to prevent changes Create drive message digest and save hash values Inventory all files on the system Document system date and time Chain of Custody Record each item collected as evidence Document name of evidence collector, date and time, description of evidence Put evidence in containers and tag the container with case number Document all message digests Properly secure evidence for transport to a secured storage facility Obtain signature from person who accepts evidence for storage Provide controls to prevent access to and eliminate compromise of evidence Securely transport evidence to court proceedings Forensic Disk Storage Analysis Free space May contain data from deleted files Files are not actually deleted Pointers in FAT or MFT are removed Slack space Data hidden after actual data in sectors 5

Forensic System Analysis Check Recycle Bin for deleted files Check web browser History files Address bar histories Cookies Temporary folders Check system temporary folders Check software temporary folders Search files for suspected strings Search for hidden files Search free space and slack space Search specific file types Check registry for Most Recently Used (MRU) list 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information