Your SlideShare is downloading. ×
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensics | Patricia Watson
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Leveraging Digital Forensics | Patricia Watson

233

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
233
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
4
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Leveraging Digital Forensic Skills to Deliver Cyber Technology Solutions Patricia Watson MBA | EnCE | GCFA 11.06.12
  • 2. Bio • Digital Forensic Program Manager, Boise Inc • Report to the Director of Internal Audit • DF, eDiscovery, Cyber Security Risk Assessments and IT Audits • Legal Forensic Specialist, Washington Group • Digital Forensic Student Intern at the Center for Cyber Defenders (CCD), Sandia National Labs in Albuquerque NM • 3 Forensic Certifications: NTI, GCFA, EnCE • Masters in Information Assurance, MBA and BA MIS from UNM • Part of the group that help start the curriculum for the Information Assurance Program • UNM was one of the first universities to have a Digital Forensics lab
  • 3. Overview  Digital Forensic Skills  Forensic Examiners  Incident Response  Malware Analysis  Cyber security risks assessments  Litigation Support  IT Governance, compliance and audits  A Few Sources  Questions?
  • 4. Quote “There’s zero correlation between being the best talker and having the best ideas” (Susan Cain)
  • 5. Forensic Skills Set  A broad range of technical, investigative, procedural, and legal skills  Disk geometry, file system anatomy, reverse engineering, evidence integrity, COC and criminal profiling  The ability to function in a complex, dynamic environment  Computer technology as well as legal and regulatory environments are constantly changing  The ability to objectively testify in a court of law  Reproduce incident, interpret results, be prepared for cross-examination
  • 6. Forensic Examiners  Introverts  Good listeners (think first, talk later)  Very private (foster confidentiality)  Focus-driven (enjoy performing deep dive analysis)  Embrace solitude (enjoy looking for the needle in a hay stack)  Irony…“forens” Latin word for “belonging to the public”
  • 7. Incident Response  Image acquisition  RAID rebuild  Data recovery and restoration  Partition/volume recovery  Analyzing log entries
  • 8. Malware Analysis  Forensic image is a great sandbox for malware analysis  Hash analysis, Memory dump, Timeline analysis
  • 9. Cyber Security Risk Assessments  Open ports  Active services  Hidden processes  Open handles  Network shares  User lists  OS fingerprinting
  • 10. Litigation Support  Preservation of ESI  Proximity keyword searching  Complex keyword crafting  Interpretation of FRCP  De-duping  Load files  Export native ESI
  • 11. IT Governance/Compliance/Audits  PCI compliance  HIPPA compliance  Antitrust compliance  Intellectual property  Identifying policy violations
  • 12. In summary…  Objectivity is of essence  Never underestimate the importance of skillset diversification  Continuously seek to enhance your communication skills  Seek opportunities to collaborate  “Excellence is not about technical competence but character” (Ernest Laurence)
  • 13. A few Sources • Techy Stuff: • NIST Guide to Integrating Forensic Techniques into Incident Response: http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf • US-CERT CSET: http://www.us-cert.gov/control_systems/satool.html • Soft Skills: • Working with Emotional Intelligence by Daniel Goleman • Great Communication Secrets of Great Leaders by John Baldoni • Leading Your Boss: The Subtle Art of Managing Up by John Baldoni • TED, Ideas worth Spreading: http://www.ted.com/talks • Professional Organizations: • HTCIA , ACFE, ISACA, ISSA…
  • 14. Questions? PatriciaWatson@BoiseInc.com

×