Cyber-Forensics and Introduction to computer forensics

ssuserbfbf6f1 14 views 39 slides Sep 04, 2024
Slide 1
Slide 1 of 39
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21
Slide 22
22
Slide 23
23
Slide 24
24
Slide 25
25
Slide 26
26
Slide 27
27
Slide 28
28
Slide 29
29
Slide 30
30
Slide 31
31
Slide 32
32
Slide 33
33
Slide 34
34
Slide 35
35
Slide 36
36
Slide 37
37
Slide 38
38
Slide 39
39

About This Presentation

Cyber forensics introduction

Size: 3.13 MB
Language: en
Added: Sep 04, 2024
Slides: 39 pages

Slide Content

CHRIS FAIELLA Director of Cyber Forensics Miami, Florida Digital Forensics & Cyber Security Discovery Cyber Forensics, LLC

THANK YOU PROFESSOR KUMAR ! THANK YOU MR NUTHAKKI ! Thank you all for attending !

Christopher Faiella , CCE, CHFI, CCST Director of Cyber Forensics Discovery Cyber Forensics, LLC US Army, Marriott Corp, Dept of Defense, US Congress, GE, Xerox, Honeywell 35 years With Computers, Telecommunications 10 years With Computer, Cellphone & CCTV Forensics Analyzed hundreds of computer laptops, desktops, servers, mobile devices Support of civil & criminal litigation & internal investigative matters Extensive forensics, evidence handling, & computer investigative training. Cases included murder, software piracy, embezzlement, business disputes Founding President, current Vice President of Florida HTCIA Member, IACIS, ISFCE, ASDFED ABOUT YOUR SPEAKER

ABOUT YOU Your name Your year (Freshman, Sophomore, Junior, Senior) Your major Your Interest (Cyber security or Cyber Forensics)

When we talk about Cyber Security we’re actually talking about preventing the misuse or theft of data. In the Case of Cyber Forensics, we’re actually talking about finding the evidence of illegal acts or misuse or theft of data. Personal Data Private Data Corporate Data Intellectual Property

(Symantec) You Are Needed! You Are Needed!

SOMETHING SURPRISING Not too long ago a Computerworld survey found that if a Corporation were breached or sued, their IT departments would not be ready: 32% of IT Managers said their organizations weren’t prepared at all – NOT PREPARED AT ALL. 42% of IT Managers said they DIDN’T KNOW if their organization was prepared. Added together, that’s 74% - meaning of course, that ONLY 26% were at SOME level of readiness.   And the IT Managers are the key people in any data retention, protection, or preservation activity. One would assume that if anyone would know about this, they would.

  In the same poll, when the IT managers were asked WHO WAS IN CHARGE OF IMPLEMENTING THE PROCESSES to secure company data: 35% said they didn’t know! 27% said nobody! 20% admitted that they were!   That makes my job on the prosecution side very easy. It’s VERY SAD But it makes your prospects for future employment VERY GOOD!

ADOBE IRS SONY Target Blue Cross Blue Shield Premera Harvard University Army National Guard Anthem Health OPM UCF US Dept of Justice Snapchat UC Berkeley Verizon Enterprise Solutions Wendy’s Linked In Medstar Health https://www.futurelearn.com/courses/introduction-to-cyber-security

SOME COMPARATIVE STATISTICS The world produces 2 -4 exabytes of information each year (1 exabyte = 1000 petabytes =1 million terabytes = 1 billion gigabytes ) Of this information, only .003 % is printed There are approximately 180,000 Files on an average 40GB HD One Gigabyte is equal to about 10 four drawer filing cabinets. There were 265 million US cell phones in use last year Over 375 Billion text messages are sent every month in the US There are over 5 Trillion text messages a day sent worldwide

DISTINCTIVE FEATURES OF ELECTRONICALLY STORED INFORMATION (ESI) 93% of all information is generated in digital form Most electronic documents are never created as hard copy Information can be compressed Information is readily and frequently replicated

The FBI reported recently that 44 percent of all computer-related crimes are carried out by people inside the organizations where they occur.

COMPUTER FORENSICS - Finding the needle in the haystack Locate and recover digitally based evidence CoC Acquisition Analysis, Investigation Extraction Report CYBER SECURITY – Preventing or catching unauthorized activities Corporate or Organizational IT Security Networks, Servers, BYOD, Sandboxes, Honeypots E-DISCOVERY - Finding the right haystack Locate, Acquire, Analyze Massive amounts of digitally based evidence ENRON Thousands of Terabytes

CYBER CRIME Nation Players Terrorism Players Organized Crime Players Hacker Group Players Individuals National Borders & Sovereignty Easy to do Easy to hide away Relatively Quick Return/Little Effort

(Symantec)

Application security Information security Network security Disaster recovery / business continuity planning End-user education ELEMENTS OF CYBER SECURITY

A company that has been attacked must immediately do the following: Identify the threat Determine its scope and severity Consider how to work with law enforcement and forensic analysis support Determine whether consumers, customers, business partners or government agencies should or must be notified Draft the appropriate responses to media requests and government investigators All of this must be done quickly, efficiently, and in a coordinated and consistent way, because major liabilities exist CYBER SECURITY HHHS

COMPUTER FORENSICS Locates, recovers, and reviews all pertinent documents, files, file fragments, email, and internet usage for case specific related evidence. Analyze system registries, event logs, and system logs for application usage, and for user and event time and date evidence.

COMPUTER FORENSICS Identifies, recovers, and restores deleted, hidden, or erased files (including email) from disk drives or storage devices. Provides a log of all examination activities. Provides a Record and/or Print log of all findings for use as exhibits Provides a comprehensive final report. Get ready to testify!

April 19, 2016 Encryption Technology, Law Enforcement Technology, and Law E nforcement officials testified at a Congressional hearing on the use of encryption technology.  In the law enforcement panel, witness Amy Hess argued that without access to encrypted data on smartphones and other devices, the FBI cannot investigate crimes to the best of their ability.  Technology industry experts explained in the second panel that encryption is critical to U.S. national security, and there is no way to provide a back door to encrypted data without risking the privacy and security of everyone.  ENCRYPTION

E-MAIL E-mail is one of the most effective and widely used methods of business communication vastly surpassing interoffice memos, conference calls, and phone calls and far exceeding faxes, direct mail and advertising in business-to-business communications. Over 70% of users confess to sending and storing confidential information such as sales proposals, marketing plans, competitor profiles, contracts and intellectual property via e-mail. Its also one of the top methods of spreading viruses & malware

E-MAIL F ACTS: E-mail is the most commonly used and most critical business tool. E-mail is now discoverable and must be readily accessible. E-mail must be saved and easily retrievable to comply with legal and regulatory mandates. E-mail needs to be continually accessible so that business is not interrupted. The wide use of e-mail means more documents that need to be archived. The wide use of e-mail has created a greater need for data stores leading to a management nightmare that is out of control.

E-MAIL AS EVIDENCE: Every E-mail carries information within it describing where it came from This is important information. Usually useful for large corporate business disputes Not able to be used for hotmail , gmail yahoo mail, etc. Tracing E-mail headers is done regularly Lost Emails is a misnomer

HUGE AMOUNT OF DATA THAT CAN POTENTIALLY BE USED AS EVIDENCE : Executable Files E-mail Messages Unallocated Space Document Files E-mail Archived Files Free Space text Spreadsheet Files E-mail Attachments (photos, drawings) Database Files Text Files Files with Bad Extensions Graphics Files Operating System Files Internet History Files Partial Files System Files Internet Favorites Files Deleted Files Application Files Instant Messages (IM) Damages Files Driver Files Voice Mail Recycle Bin Files OLE Sub items KFF Alert Files File Slack Voice Operated Internet Protocol (VOIP) There are approximately 180,000 files on an average 40GB hard drive

DISTINCTIVE FEATURES OF ELECTRONICALLY STORED INFORMATION Information is dispersed and stored on a number of media and in a number of locations: Desktop computers Network servers Backup and archival media Laptop computers Handheld devices Removable media Relational databases

DISTINCTIVE FEATURES OF ELECTRONICALLY STORED INFORMATION Information may have no paper equivalent Metadata Embedded data Deleted data Information is dynamic and may be altered or destroyed without the operator’s knowledge or conscious effort Turning on a computer can alter data Routine overwriting can destroy data Routine computer processes can delete, alter, or destroy data

DISTINCTIVE FEATURES OF ELECTRONICALLY STORED INFORMATION Some Information may be unintelligible if separated from the system that created it Legacy data can remain after the technology to retrieve it becomes obsolete

When is Computer Forensics Needed and Why? COMPUTER FORENSICS CAN BE USED FOR ALMOST ANY TYPE OF CASE, BECAUSE OF HOW MUCH PERSONAL INFORMATION IS STORED ELECTRONICALLY. Documents, Spreadsheets, Email’s, Contacts, Calendar Information from a COMPUTER, CELL PHONE, IPOD, or FLASH DRIVE Can identify you, your birthday, your significant other, your kids, your pictures, their names, their birthdays, where you live, where you work, who your friends are, who your relatives are, your bank account and credit card information, your home budget, your favorite websites, your favorite music, where you like to shop, where you vacationed last, your passwords, who uses your computer, the last person you called, who called you today, who you called today, the last time you printed something, the last time you installed a program, and on and on…

WHAT IS THE CHAIN OF CUSTODY? Chain of Custody is a legal term that refers to the ability to guarantee the identity and integrity of the evidence device from collection through to reporting of the test results. This is done to prevent tampering, alteration, damage or destruction of the device and the data on it. It is the process of recording: Who. Who handled the evidence? What. What procedures were performed on the evidence? When. When was the evidence collected and/or transferred to another party? Where. Where was the evidence collected and stored? How. How was the evidence collected and stored? Why. For what purpose was the evidence collected?

A MUST: CHAIN OF CUSTODY Record what it is – Manufacturer, model, serial # (record any damage too) Take pictures if possible Record Who you received it from, where it occurred, date & time and both of your signatures Provide Receipt containing above information (except pictures) to deliverer Record when it is placed back in the secure area Record steps 1 thru 3 again when it is transferred to another entity (Such as a Forensic examiner) If it is removed from the secure area for any reason, record who, date & time, why, and their initials.

What is Really Meant by "Protecting the Evidence"? KEEPING IT FROM BEING TAMPERED WITH, ALTERED, DAMAGED OR DESTROYED Don’t allow anyone to “just take a "peek" at a device that may contain critical evidence! Accessing a document, even for a split second, irrevocably alters its metadata. Don’t let the IT guy volunteer to "ghost" or copy the drive or run searches. Only allow an expert to create a forensically qualified image of the evidence. AM

THE CELLPHONE, A TREASURE TROVE OF EVIDENCE Always with us, has all our information Tracks us through GPS Tracks our calls & call history Has our contacts & calendars Holds our internet browsing history Has our text messages Has our emails Has our pictures and music

Cell Phone & Tablet Evidence Acquire the device as quickly as possible. Get all peripherals with the device (Charger, docking station) If it’s on, leave it on (keep it charged) If it’s off, leave it off (keep it charged) Isolate it from the Cell Phone network (wrap 3 times in tin foil)*** Get the data extracted as quickly as possible This type of evidence is extremely fragile and exposed

HEADS UP - Willingness to Testify An E-Discovery or Forensic examiner, or a Cyber Security expert must be willing to testify in court hearings about their findings If an examiner or expert is subject to subpoena or deposition, the firm hiring the examiner is expected to pay the examiner's fees and expenses for their time spent in trial & in preparation for trial - even if the Company or individual did not ask the examiner to be in court.

Your Studies, Research & Degree = Extremely Valuable! Computer Science Computer Software Engineering Advanced Mathematical Concepts Very Interesting Needed Service True Job Satisfaction Your Degree makes you a highly desirable person Get a Certificate to show your knowledge of Computer Forensics and/or Cyber security protocols

COMPUTER & FORENSICS CERTIFICATIONS A VAST ARRAY: CFCE CCE COMPTIA A+ GHCF CISSP CHFI MSCE CSFA CCST Manufacturer Certifications: Encase, Access Data, Magnet Forensics Info Sec Institute, Es -council And There Are Many More…! The most prestigious forensics certifications are the CFCE, CCE and any of the SANs certifications. Only about 10% of applicants actually attain these on the first try. As of today there are only 1750 CCE’s in the world. (I’m #798.)

MORE INFORMATION https://www.us-cert.gov/ncas/current-activity http://www.forensicfocus.com https://forums.malwarebytes.org https://www.futurelearn.com/courses/introduction-to-cyber-security http://www.open.edu/openlearn/futurelearn/cyber-security http://www.kaspersky.com/internet-security-center/ threats/resource-for-virus-threats-definitions

CHRIS FAIELLA Director of Cyber Forensics Miami, Florida THANK YOU!
Tags
Categories
Technology
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 14
  • Slides 39
  • Age 454 days
Related Slideshows
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx 11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
44 views
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx 10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx 13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx 11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
Know for Certain 21
Know for Certain
DaveSinNM
19 views
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx 17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
23 views
View More in This Category