“Why have a Digital Investigative
        Infrastructure”

Kevin Wharram CISSP, CISM, CEH
Technical Manager – Guidance Sof...
P A G E       1




© 2008 Guidance Software, Inc. All Rights Reserved.
Agenda
                                                                               P A G E       2




Industry Headlin...
Industry Headlines
                                                                                                       ...
Cause of Data Breaches
                                                                                   P A G E       4
...
Cost of Data Breaches
                                                                                P A G E       5




...
What type of Data are at Risk?
                                                                               P A G E     ...
What leads to a Data Breach
                                                                                P A G E       ...
How is Data Taken?
                                                                                P A G E       8




Por...
Challenges facing Companies
                                                                               P A G E       9...
P A G E       10




My Data is gone! – “what do I do?”




                           © 2008 Guidance Software, Inc. All ...
Incident Response
                                                                               P A G E       11




Don’...
Inadequate Incident Response
                                                                 P A G E       12




   OPER...
Case Study

Global 100 Technology Firm –
EnCase Data Audit & Policy Enforcement
                                          ...
EnCase Enterprise
                                                                             P A G E       14




EnCase...
Benefits of EnCase Enterprise
                                                                                P A G E     ...
The “Data Iceberg”
                                                                       P A G E       16




           ...
Examples of where EnCase helps
                                                                                           ...
EnCase Customers
                                                    P A G E       18




                   © 2008 Guidan...
Multumesc!
kevin.wharram@guidancesoftware.com

                          © 2008 Guidance Software, Inc. All Rights Reserve...
Upcoming SlideShare
Loading in …5
×

Why Have A Digital Investigative Infrastructure

563 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
563
On SlideShare
0
From Embeds
0
Number of Embeds
15
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Why Have A Digital Investigative Infrastructure

  1. 1. “Why have a Digital Investigative Infrastructure” Kevin Wharram CISSP, CISM, CEH Technical Manager – Guidance Software Inc. – The Maker of EnCase © 2008 Guidance Software, Inc. All Rights Reserved.
  2. 2. P A G E 1 © 2008 Guidance Software, Inc. All Rights Reserved.
  3. 3. Agenda P A G E 2 Industry Headlines Cause and Cost of data breaches Identify some methods on how data is taken Identify Challenges in protecting data What to do after you have a had a data breach Case Study EnCase Enterprise © 2008 Guidance Software, Inc. All Rights Reserved.
  4. 4. Industry Headlines P A G E 3 T.J. Maxx Breach Costs Hit $17 Million BOSTON - Information from at least 45.7 million credit and debit cards was stolen by hackers who accessed TJX’s customer information in a security breach that the discount retailer disclosed more than two months ago. Thieves setup data Old hard drives still full supermarkets of sensitive data Web criminals are stepping back from infecting Hard drives full of confidential data are still computers themselves and creating "one-stop turning up on the second-hand market, shops" which offer gigabytes of data for a fixed researchers have reported. price. Credit card details are cheap, however, the log files of big companies can go for up to $300 © 2008 Guidance Software, Inc. All Rights Reserved. 3
  5. 5. Cause of Data Breaches P A G E 4 Source : The Ponemon Institute - (PGP Survey) © 2008 Guidance Software, Inc. All Rights Reserved. 4
  6. 6. Cost of Data Breaches P A G E 5 Key Statistics Data breaches cost US companies an average of $197 for every record lost The size of the losses examined ranged from from $225,000 to almost $35 million Source : The Ponemon Institute © 2008 Guidance Software, Inc. All Rights Reserved. 5
  7. 7. What type of Data are at Risk? P A G E 6 Intellectual Property Customer Data Design Documents Personal Data Source Code Credit card numbers Trade secrets Customer financial data Corporate Data Government Data Financial data Economic data i.e. Mergers & Acquisition info Dobanda – “what is it worth?” HR data i.e. employee data Intelligence information Marketing and Sales data Law Enforcement Information © 2008 Guidance Software, Inc. All Rights Reserved. 6
  8. 8. What leads to a Data Breach P A G E 7 Lack of senior management understanding and recognition of a problem Criminal / Malicious Intent Lack of internal processes and controls Weak internal controls (role and access right changes) Vulnerability Management / Patching practices Organisation Culture (they owe me attitude) Incidental opportunities © 2008 Guidance Software, Inc. All Rights Reserved. 7
  9. 9. How is Data Taken? P A G E 8 Portable storage devices – USB, Cameras, PDA’s etc iPods and MP3 players – “PodSlurping” email – personal webmail i.e. Yahoo, Google, etc Taking out or sending DVD / CD’s Spear Phishing – targeting specific companies for information; then using that information to steal data Exploiting corporate systems, networks and laptops through system and software vulnerabilities Using telephone conference pin numbers © 2008 Guidance Software, Inc. All Rights Reserved. 8
  10. 10. Challenges facing Companies P A G E 9 Confusing Regulatory environment – EU Data Protection Directive 95/46/EC, Internet Banking Code MCTI, International Banking Regulation, SOX, PCI compliance, etc Ensuring sensitive data is not located in unauthorised areas of the network Not being able to remediate instances of confidential information residing where it shouldn't be Not being able to remediate instances of unauthorised applications, software and files on systems Not having a procedural and technical infrastructure in place to respond to security breaches © 2008 Guidance Software, Inc. All Rights Reserved. 9
  11. 11. P A G E 10 My Data is gone! – “what do I do?” © 2008 Guidance Software, Inc. All Rights Reserved. 10
  12. 12. Incident Response P A G E 11 Don’t panic Follow your incident response plan and procedures Investigate completely using a forensically sound investigation platform Disclose information only on a need to know basis Clean up & Remediate © 2008 Guidance Software, Inc. All Rights Reserved. 11
  13. 13. Inadequate Incident Response P A G E 12 OPERATING SYSTEM You can’t FIX or STOP what you can’t FIND … quickly SK! I SK! RI R HARD DISK & MEMORY © 2008 Guidance Software, Inc. All Rights Reserved.
  14. 14. Case Study Global 100 Technology Firm – EnCase Data Audit & Policy Enforcement P A G E 13 Situation Solution Results Global 100 computer EnCase Data Audit & Targeted audit of over 50 entertainment company Policy Enforcement devices in one day including; suspected IP leakage across implemented in 24 hours laptops, desktops, servers, the network at a central site email accounts, USB’s and internet histories Need to search global EnCase identified the Zero disruption to the network spanning 91 suspect had access to business countries numerous other workstations & servers Entire investigation took 2 Goal was to identify across the network weeks from start to finish source, all instances of with significant cost savings leaked IP, identify the trail Audit performed vs. outsource options to external sites, preserve overnight on all endpoints, EnCase Data Audit deployed evidence, and remediate including a 4 terabyte as part of a standard IP & server, to find files HR audit process company- Process required significant stealth so as to wide not alert employees “The non-disruptive element of EnCase minimized the financial, commercial and operational impact of the leaked IP and accelerated the successful resolution of this incident.” CEO & President - European Operations, Global 100 Technology Firm © 2008 Guidance Software, Inc. All Rights Reserved.
  15. 15. EnCase Enterprise P A G E 14 EnCase Enterprise is a powerful, network-enabled, multi-platform enterprise investigation solution. EnCase enables immediate response to computer- related incidents of any kind and enables thorough forensics platform and framework allowing organisations to immediately respond to enterprise information incidents and threats. © 2008 Guidance Software, Inc. All Rights Reserved. 14
  16. 16. Benefits of EnCase Enterprise P A G E 15 Contain and reduce corporate fraud Conduct network-enabled forensic investigations for anything, anywhere, anytime Perform a complete compromise assessments after a security intrusion Reduce business disruption and losses due to security breaches Respond to more security incidents with less manpower Conduct network-enabled HR investigations © 2008 Guidance Software, Inc. All Rights Reserved.
  17. 17. The “Data Iceberg” P A G E 16 Data found by common tools (such as Windows Explorer) Additional data uncovered by EnCase Enterprise Purposely deleted files Renamed to disguise content Concealed files Misplaced / Difficult to locate files 16 © 2008 Guidance Software, Inc. All Rights Reserved.
  18. 18. Examples of where EnCase helps P A G E 17 Threat / challenge Examples Leavers Possible unfair dismissal claims Corporate espionage – taking out confidential data Employee Integrity Harassing co workers Pornography - (Civil Action can be brought upon by an employee for being affected by porn HR Policy Breaches E-mail misconduct Internet misconduct PC / Desktop misuse (Personal Software) Audits Software audits SOX audits Regulatory Compliance EU Data Directive 95 / 46 Fraud Investigating various forms of fraud IP Theft Investigating IP theft within your organisation Legal Cases Helping legal with various request for legal cases Malware & Rootkits Investigating and finding various forms of Malware and Rootkits Unauthorised software Finding and detected unauthorised software i.e. MP3, Video etc Investigating Incidents Helping the security team to investigate incidents © 2008 Guidance Software, Inc. All Rights Reserved.
  19. 19. EnCase Customers P A G E 18 © 2008 Guidance Software, Inc. All Rights Reserved.
  20. 20. Multumesc! kevin.wharram@guidancesoftware.com © 2008 Guidance Software, Inc. All Rights Reserved.

×