Welcome
Process of Forensics:
Is Your Company on
High Alert?
Education & Certifications
M.A., Southwest Texas State University
B.S., Southeast Missouri State
CCSI#33112, CCNA, CTT+, M...
 Computer Forensics Objectives
 Different Types of Forensic uses.
 What are the Legal Ramifications?
 It is About the ...
 To recover, analyze and preserve computer and
related materials in such a way that they can be
presented in a court of l...
 Law Enforcement
 Private Sector
 Enterprise
 Full Forensic Workups - Case
 Partial Forensic Workups – Recover Delete...
 Law Enforcement Follows Strict Evidence Procedures
 Private Sector Must Have a Consistent Evidence Procedures
 Litigio...
 First Responders and Incident Response is Where it Starts
 Incident Response Plans need to have Forensic Procedures
 F...
 Break It and Fix
 Troubleshooting
 Looking for the Unknown
 Patience
 Never Exceed Your Knowledge Base
Process of Fo...
 Forensic PC
Process of Forensics: Is Your Company on High Alert? 9
 Portable Forensic Kit
Process of Forensics: Is Your Company on High Alert? 10
 Software to Analyze Hosts and Networks
 Encase
 FTK
Process of Forensics: Is Your Company on High Alert? 11
 Determine if a forensic workup is needed
 Evidence collection techniques
 Secure the evidence
 Data Acquisition
 Ana...
Process of Forensics: Is Your Company on High Alert? 13
Upcoming SlideShare
Loading in …5
×

Computer Forensics – What You Don’t Know Can Cost You

600 views
478 views

Published on

At the 2013 Interface Security Conference, Tom Pruett, one of Centriq Trainings certified instructor, gave a presentation about Computer Forensics and how most companies are not prepared for a cyber-attack. Computer Forensics has a twofold objective. (1) To recover, analyze and preserve computer and related materials in such a way that they can be presented in a court of law. (2) To identify the evidence quickly, estimate the potential impact of the malicious activity on the victim and assess the intent and identify the perpetrator.

Published in: Education, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
600
On SlideShare
0
From Embeds
0
Number of Embeds
43
Actions
Shares
0
Downloads
17
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Computer Forensics – What You Don’t Know Can Cost You

  1. 1. Welcome Process of Forensics: Is Your Company on High Alert?
  2. 2. Education & Certifications M.A., Southwest Texas State University B.S., Southeast Missouri State CCSI#33112, CCNA, CTT+, MCT, MCP, MCSA, MCDA, MCTS SQL Server 2005, MCITP SQL 2005, MCSE, Certified Novell Administrator, A+, Network +, Security +, Certified Ethical Hacker, Certified Forensic Investigator, and CWNA Number of Years in IT 18 years Number of Years in Training 17 years Areas of Expertise Cisco Network Security Computer Forensics Wireless Microsoft Operating Systems & Networking Technologies Microsoft SQL Server 6.5, 7, 2000, 2005 & 2008 Microsoft Server NT 4, 2000, Windows XP, 2003, Windows 7 & 2008 LinkedIn.com/in/TomPruett Facebook.com/CentriqTraining
  3. 3.  Computer Forensics Objectives  Different Types of Forensic uses.  What are the Legal Ramifications?  It is About the Process More Than the Tools Forensics - First Responder and Incident Response  Hardware and Software Tools Used in Forensics  The Computer Forensic Process Process of Forensics: Is Your Company on High Alert? 3
  4. 4.  To recover, analyze and preserve computer and related materials in such a way that they can be presented in a court of law. To identify the evidence quickly, estimate the potential impact of the malicious activity on the victim and assess the intent and identify the perpetrator Process of Forensics: Is Your Company on High Alert? 4
  5. 5.  Law Enforcement  Private Sector  Enterprise  Full Forensic Workups - Case  Partial Forensic Workups – Recover Deleted Files Process of Forensics: Is Your Company on High Alert? 5
  6. 6.  Law Enforcement Follows Strict Evidence Procedures  Private Sector Must Have a Consistent Evidence Procedures  Litigious Needs for Private Sector 2002 - Scientific Working Group on Digital Evidence (SWGDE) "Best practices for Computer Forensics“ 2005 - ISO standard ISO 17025 - General requirements for the competence of testing and calibration laboratories Process of Forensics: Is Your Company on High Alert? 6
  7. 7.  First Responders and Incident Response is Where it Starts  Incident Response Plans need to have Forensic Procedures  First Responders Play a Crucial Role  Decide if a Crime has been Committed  Decide if a Forensic Process is Needed Process of Forensics: Is Your Company on High Alert? 7
  8. 8.  Break It and Fix  Troubleshooting  Looking for the Unknown  Patience  Never Exceed Your Knowledge Base Process of Forensics: Is Your Company on High Alert? 8
  9. 9.  Forensic PC Process of Forensics: Is Your Company on High Alert? 9
  10. 10.  Portable Forensic Kit Process of Forensics: Is Your Company on High Alert? 10
  11. 11.  Software to Analyze Hosts and Networks  Encase  FTK Process of Forensics: Is Your Company on High Alert? 11
  12. 12.  Determine if a forensic workup is needed  Evidence collection techniques  Secure the evidence  Data Acquisition  Analyze Data  Forensic Reporting Process of Forensics: Is Your Company on High Alert? 12
  13. 13. Process of Forensics: Is Your Company on High Alert? 13

×