Successfully reported this slideshow.

Leveraging Digital Forensics | Patricia Watson


Published on

Published in: Technology
  • Be the first to comment

Leveraging Digital Forensics | Patricia Watson

  1. 1. Leveraging Digital Forensic Skills to Deliver Cyber Technology Solutions Patricia Watson MBA | EnCE | GCFA 11.06.12
  2. 2. Bio • Digital Forensic Program Manager, Boise Inc • Report to the Director of Internal Audit • DF, eDiscovery, Cyber Security Risk Assessments and IT Audits • Legal Forensic Specialist, Washington Group • Digital Forensic Student Intern at the Center for Cyber Defenders (CCD), Sandia National Labs in Albuquerque NM • 3 Forensic Certifications: NTI, GCFA, EnCE • Masters in Information Assurance, MBA and BA MIS from UNM • Part of the group that help start the curriculum for the Information Assurance Program • UNM was one of the first universities to have a Digital Forensics lab
  3. 3. Overview  Digital Forensic Skills  Forensic Examiners  Incident Response  Malware Analysis  Cyber security risks assessments  Litigation Support  IT Governance, compliance and audits  A Few Sources  Questions?
  4. 4. Quote “There’s zero correlation between being the best talker and having the best ideas” (Susan Cain)
  5. 5. Forensic Skills Set  A broad range of technical, investigative, procedural, and legal skills  Disk geometry, file system anatomy, reverse engineering, evidence integrity, COC and criminal profiling  The ability to function in a complex, dynamic environment  Computer technology as well as legal and regulatory environments are constantly changing  The ability to objectively testify in a court of law  Reproduce incident, interpret results, be prepared for cross-examination
  6. 6. Forensic Examiners  Introverts  Good listeners (think first, talk later)  Very private (foster confidentiality)  Focus-driven (enjoy performing deep dive analysis)  Embrace solitude (enjoy looking for the needle in a hay stack)  Irony…“forens” Latin word for “belonging to the public”
  7. 7. Incident Response  Image acquisition  RAID rebuild  Data recovery and restoration  Partition/volume recovery  Analyzing log entries
  8. 8. Malware Analysis  Forensic image is a great sandbox for malware analysis  Hash analysis, Memory dump, Timeline analysis
  9. 9. Cyber Security Risk Assessments  Open ports  Active services  Hidden processes  Open handles  Network shares  User lists  OS fingerprinting
  10. 10. Litigation Support  Preservation of ESI  Proximity keyword searching  Complex keyword crafting  Interpretation of FRCP  De-duping  Load files  Export native ESI
  11. 11. IT Governance/Compliance/Audits  PCI compliance  HIPPA compliance  Antitrust compliance  Intellectual property  Identifying policy violations
  12. 12. In summary…  Objectivity is of essence  Never underestimate the importance of skillset diversification  Continuously seek to enhance your communication skills  Seek opportunities to collaborate  “Excellence is not about technical competence but character” (Ernest Laurence)
  13. 13. A few Sources • Techy Stuff: • NIST Guide to Integrating Forensic Techniques into Incident Response: • US-CERT CSET: • Soft Skills: • Working with Emotional Intelligence by Daniel Goleman • Great Communication Secrets of Great Leaders by John Baldoni • Leading Your Boss: The Subtle Art of Managing Up by John Baldoni • TED, Ideas worth Spreading: • Professional Organizations: • HTCIA , ACFE, ISACA, ISSA…
  14. 14. Questions?