Itet3 its forensics

  • 225 views
Uploaded on

 

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
225
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
6
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Forensics
  • 2. Forensics
    • Meriam webster link
  • 3. Backtrack
    • BT4 has a “forensic” boot option.
      • What is that about?
  • 4. Law enforcement
    • UK police has made a manual.
      • They describe 4 principles.
      • 5. Bear in mind that this is from the point of view of law enforcement.
  • 6. Principle 1
    • No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
    • 7. source
  • 8. Principle 2
    • In circumstances where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
  • 9. Principle 3
    • An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
  • 10. Principle 4
    • The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.
  • 11. Doing forensic
    • Evidence collection
    • 12. Evidence preservation
    • 13. Evidence analysis
    • 14. Evidence presentation
  • 15. Forensic readiness
    • Define the business scenarios that require digital evidence.
    • 16. Identify available sources and different types of potential evidence.
    • 17. Determine the evidence collection requirement.
    • 18. Establish a capability for securely gathering legally admissible evidence to meet the requirement.
    • 19. Establish a policy for secure storage and handling of potential evidence.
  • 20. Forensic readiness (cont.)
    • Ensure monitoring is targeted to detect and deter major incidents.
    • 21. Specify circumstances when escalation to a full formal investigation (which may use the digital evidence) should be launched.
    • 22. Train staff in incident awareness, so that all those involved understand their role in the digital evidence process and the legal sensitivities of evidence.
    • 23. Document an evidence-based case describing the incident and its impact.
    • 24. Ensure legal review to facilitate action in response to the incident.
  • 25. Why investigate?
    • Criminal investigation
    • 26. Civil litigation
    • 27. Data discovery
      • e.g. data mining in log files
    • Data recovery