Tom Pruett has over 18 years of experience in IT and 17 years experience in training. He has various technical certifications including in computer forensics. The document discusses the objectives and process of computer forensics. It explains that forensics aims to recover, analyze and preserve digital evidence for legal purposes. The different types of forensic uses include law enforcement, private sector, and enterprise scenarios. It also outlines the tools and steps involved in the forensic process.
2. Education & Certifications
M.A., Southwest Texas State University
B.S., Southeast Missouri State
CCSI#33112, CCNA, CTT+, MCT, MCP, MCSA, MCDA, MCTS SQL
Server 2005, MCITP SQL 2005, MCSE, Certified Novell
Administrator, A+, Network +, Security +, Certified Ethical Hacker,
Certified Forensic Investigator, and CWNA
Number of Years in IT
18 years
Number of Years in Training
17 years
Areas of Expertise
Cisco
Network Security
Computer Forensics
Wireless
Microsoft Operating Systems & Networking Technologies
Microsoft SQL Server 6.5, 7, 2000, 2005 & 2008
Microsoft Server NT 4, 2000, Windows XP, 2003, Windows 7 &
2008
LinkedIn.com/in/TomPruett
Facebook.com/CentriqTraining
3. Computer Forensics Objectives
Different Types of Forensic uses.
What are the Legal Ramifications?
It is About the Process More Than the Tools
Forensics - First Responder and Incident Response
Hardware and Software Tools Used in Forensics
The Computer Forensic Process
Process of Forensics: Is Your Company on High Alert? 3
4. To recover, analyze and preserve computer and
related materials in such a way that they can be
presented in a court of law.
To identify the evidence quickly, estimate the
potential impact of the malicious activity on the
victim and assess the intent and identify the
perpetrator
Process of Forensics: Is Your Company on High Alert? 4
5. Law Enforcement
Private Sector
Enterprise
Full Forensic Workups - Case
Partial Forensic Workups – Recover Deleted Files
Process of Forensics: Is Your Company on High Alert? 5
6. Law Enforcement Follows Strict Evidence Procedures
Private Sector Must Have a Consistent Evidence Procedures
Litigious Needs for Private Sector
2002 - Scientific Working Group on Digital Evidence (SWGDE) "Best
practices for Computer Forensics“
2005 - ISO standard ISO 17025 - General requirements for the
competence of testing and calibration laboratories
Process of Forensics: Is Your Company on High Alert? 6
7. First Responders and Incident Response is Where it Starts
Incident Response Plans need to have Forensic Procedures
First Responders Play a Crucial Role
Decide if a Crime has been Committed
Decide if a Forensic Process is Needed
Process of Forensics: Is Your Company on High Alert? 7
8. Break It and Fix
Troubleshooting
Looking for the Unknown
Patience
Never Exceed Your Knowledge Base
Process of Forensics: Is Your Company on High Alert? 8
10. Portable Forensic Kit
Process of Forensics: Is Your Company on High Alert? 10
11. Software to Analyze Hosts and Networks
Encase
FTK
Process of Forensics: Is Your Company on High Alert? 11
12. Determine if a forensic workup is needed
Evidence collection techniques
Secure the evidence
Data Acquisition
Analyze Data
Forensic Reporting
Process of Forensics: Is Your Company on High Alert? 12