Avoiding Cybertraps
Incident Response, Computer Forensics,
and Risk Management

Frederick S. Lane
San Diego County Office ...
Background and Expertise
• Attorney and Author of 7
Books
• Computer Forensics
Expert -- 15 years
• Over 100 criminal case...
Lecture Overview
Headache-Inducing Headlines
Common Types of Incidents
Electronic Evidence Is Everywhere
Preparing for the...
Headache-Inducing Headlines
• “Parents Sue School District After Their
13-Year-Old's Suicide Following Sexting
Bullying” –...
A Tangled Mobile Web

www.FrederickLane.com

Cybertraps.wordpress.com
Common Types of Incidents
• Employment Issues
• Harassment/Hostile Work Environment
• Disciplinary Issues

• Student Misco...
E-Evidence Is Everywhere
• Inventory Possible Devices
•
•
•

Computers (Desktops, Laptops, Servers)
Mobile Devices (Phones...
Whose Data Is It Anyway?
• Where Did the Incident Occur?
•
•

On-Campus vs. Off-Campus
Zone of District Responsibility Is ...
Pre-Incident Preparation
• Policies and Procedures
•
•
•

District Decisions re Access, Services, Storage
AUPs for Staff a...
Response to Civil Litigation
• Preservation of Potentially
Relevant Evidence
• Adherence to Established Policies for
Handl...
Response to Criminal Activity
• Anticipate Prosecution and/or
Disciplinary Proceedings
• Adherence to Policy/Process Is Cr...
Risks for Admins. & Teachers
• Good Intentions, Bad Outcome
• “Sherlock Holmes” Syndrome
• Forwarding Content for Advice

...
A Cautionary Tale

www.FrederickLane.com

• Ting-Yi Oei, now 64
• Assistant Principal at
Freedom HS in So.
Riding, VA (Lou...
Computer Forensics 101
• Field Previews
• Acquisition & Mirror Images
• Some Data Are More Fragile Than
Others
• Speed Is ...
Current Projects
• Cybertraps for Educators (2014)
• Safe Student and School Employee
Relationships (2014)
• Cybertraps.wo...
Contact Information
• E-Mail:
• FSLane3@gmail.com

• Telephone:
• 802-318-4604

• Twitter
• @Cybertraps, @FSL3

• LinkedIn...
Avoiding Cybertraps
Incident Response, Computer Forensics,
and Risk Management

Frederick S. Lane
San Diego County Office ...
Upcoming SlideShare
Loading in...5
×

Avoiding Cybertraps

229

Published on

A presentation that I gave to the San Diego Country Schools Risk Management JPA on October 29, 2013.

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
229
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Avoiding Cybertraps

  1. 1. Avoiding Cybertraps Incident Response, Computer Forensics, and Risk Management Frederick S. Lane San Diego County Office of Ed. JPA San Diego, CA 29 October 2013 www.FrederickLane.com Cybertraps.wordpress.com
  2. 2. Background and Expertise • Attorney and Author of 7 Books • Computer Forensics Expert -- 15 years • Over 100 criminal cases • Lecturer on ComputerRelated Topics – 20+ years • Computer user (midframes, desktops, laptops) – 35+ years • 10 yrs on Burlington VT School Board www.FrederickLane.com Cybertraps.wordpress.com
  3. 3. Lecture Overview Headache-Inducing Headlines Common Types of Incidents Electronic Evidence Is Everywhere Preparing for the Inevitable Risks for Administrators and Teachers • A Quick Intro to Computer Forensics • • • • • www.FrederickLane.com Cybertraps.wordpress.com
  4. 4. Headache-Inducing Headlines • “Parents Sue School District After Their 13-Year-Old's Suicide Following Sexting Bullying” – Hillsborough Cty., Florida • “Parents sue Lockhart school district after teacher charged with sexual assault” – Lockhart, TX • “School Cyberbullying Victims Fight Back In Lawsuits” – WV, PA, GA • “School Employees Sue Cyberbullying Students” – TX, PA www.FrederickLane.com Cybertraps.wordpress.com
  5. 5. A Tangled Mobile Web www.FrederickLane.com Cybertraps.wordpress.com
  6. 6. Common Types of Incidents • Employment Issues • Harassment/Hostile Work Environment • Disciplinary Issues • Student Misconduct • Cyberbullying & Cyberharassment • Sexting • Teacher/Student Misconduct • Student Attacks on Teachers • Inappropriate Relationships www.FrederickLane.com Cybertraps.wordpress.com
  7. 7. E-Evidence Is Everywhere • Inventory Possible Devices • • • Computers (Desktops, Laptops, Servers) Mobile Devices (Phones, Tablets) Peripherals (USBs, CDs, external drives, etc.) • Inventory Possible Types of Data • • • • • • Communication (E-Mail, IMs, Texts, etc.) Social Media (Facebook, Twitter, etc.) Web Activity (URLs, cookies, bookmarks, etc.) Network Logs and Access Data Cloud Storage (Dropbox, Flickr, Boxy, etc.) Deleted Data www.FrederickLane.com Cybertraps.wordpress.com
  8. 8. Whose Data Is It Anyway? • Where Did the Incident Occur? • • On-Campus vs. Off-Campus Zone of District Responsibility Is Growing • Who Owns and Uses the Device? • • Misconduct Using School-Owned Equipment Misconduct Using Privately-Owned Equipment • Who Runs the Service? • • • Evidence Hosted by District Evidence Created by Teachers/Students Evidence Hosted by 3rd Parties www.FrederickLane.com Cybertraps.wordpress.com
  9. 9. Pre-Incident Preparation • Policies and Procedures • • • District Decisions re Access, Services, Storage AUPs for Staff and Students Data Handling and Response Protocols • Professional Development for Teachers and Staff • • • Typically First Responders Potential Legal Risks Technology Is Continually Changing • Student Education • Critical Component of K-12 Curricula www.FrederickLane.com Cybertraps.wordpress.com
  10. 10. Response to Civil Litigation • Preservation of Potentially Relevant Evidence • Adherence to Established Policies for Handling Data • Notice of Litigation or Reasonable Anticipation of Litigation • Discovery Requests • Privacy Concerns • Burdensomeness of Requests • Production of Data Held by 3rd Parties www.FrederickLane.com Cybertraps.wordpress.com
  11. 11. Response to Criminal Activity • Anticipate Prosecution and/or Disciplinary Proceedings • Adherence to Policy/Process Is Critical • Involve Law Enforcement ASAP • Protect and Preserve Data • Restrict Access to Potentially Relevant Data • Hire a Computer Forensics Expert? • Some Evidence Is Radioactive www.FrederickLane.com Cybertraps.wordpress.com
  12. 12. Risks for Admins. & Teachers • Good Intentions, Bad Outcome • “Sherlock Holmes” Syndrome • Forwarding Content for Advice • The Cover-Up Is Always Worse • Trying to Protect Colleagues and Friends • Desire to Protect District by Handling InHouse • “Delete” Is a Myth www.FrederickLane.com Cybertraps.wordpress.com
  13. 13. A Cautionary Tale www.FrederickLane.com • Ting-Yi Oei, now 64 • Assistant Principal at Freedom HS in So. Riding, VA (Loudoun County) • Told to investigate rumors of sexting at HS • “Inappropriate” image was forwarded to Oei’s cellphone, then computer • Charged with “failure to report,” then contributing to delinquency of a minor • Charges ultimately dismissed Cybertraps.wordpress.com
  14. 14. Computer Forensics 101 • Field Previews • Acquisition & Mirror Images • Some Data Are More Fragile Than Others • Speed Is Of the Essence • Powerful Forensics Tools • Data Recovery and Analysis • IP Addresses Link to Real World • 4th Amendment and Privacy Concerns www.FrederickLane.com Cybertraps.wordpress.com
  15. 15. Current Projects • Cybertraps for Educators (2014) • Safe Student and School Employee Relationships (2014) • Cybertraps.wordpress.com • CPCaseDigest.com • MessageSafe.com • Informational Web Sites: • www.FrederickLane.com • www.ComputerForensicsDigest.com • www.CybertrapsfortheYoung.com www.FrederickLane.com Cybertraps.wordpress.com
  16. 16. Contact Information • E-Mail: • FSLane3@gmail.com • Telephone: • 802-318-4604 • Twitter • @Cybertraps, @FSL3 • LinkedIn: • www.linkedin.com/in/fredericklane/ • SlideShare.net • www.slideshare.net/FSL3 www.FrederickLane.com Cybertraps.wordpress.com
  17. 17. Avoiding Cybertraps Incident Response, Computer Forensics, and Risk Management Frederick S. Lane San Diego County Office of Ed. JPA San Diego, CA 29 October 2013 www.FrederickLane.com Cybertraps.wordpress.com
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×