SlideShare a Scribd company logo

Digital Forensics_Lecture.pptx

Download as PPTX, PDF
K
khalifaAlMarzooqi3

Organizational Liability and the Management of Digital Forensics Deterrence can prevent an illegal or unethical activity from occurring. Successful deterrence requires the institution of severe penalties, the probability of apprehension, and an expectation that penalties will be enforced As part of an effort to sponsor positive ethics, a number of professional organizations have established codes of conduct and/or codes of ethics that their members are expected to follow Laws are formally adopted rules for acceptable behavior in modern society. Ethics are socially acceptable behaviors. The key difference between laws and ethics is that laws bear the sanction of a governing authority and ethics do not. Organizations formalize desired behaviors in documents called policies. Unlike laws, policies must be distributed, read, understood, explicitly agreed to by employees and uniformly enforced before they are enforceable Civil law encompasses a wide variety of laws that regulate relationships between and among individuals and organizations. Criminal law addresses violations that harm society and that are prosecuted by the state. Tort law is a subset of civil law that deals with lawsuits by individuals rather than criminal prosecution by the state U.S. copyright law extends intellectual property rights to the published word, including electronic publication A number of key U.S. federal agencies are charged with the protection of American information resources and the investigation of threats or attacks against these resources Digital forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis. E-discovery is the identification and preservation of evidentiary materials related to a specific legal action Most organizations cannot sustain a permanent digital forensics team. Even so, people in the InfoSec group should be trained to understand and manage the forensics process In digital forensics, all investigations follow the same basic methodology: identify relevant items of evidentiary value, acquire (seize) the evidence without alteration or damage, take steps to assure that the evidence is verifiably authentic at every stage and is unchanged from the time it was seized, analyze the data without risking modification or unauthorized access, and report the findings to the proper authority

Technology
1 of 43
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Organizational Liability and the Management of Digital Forensics Chapter 02: Compliance: Law and Ethics
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 2 Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 3 Management of Information Security, 6th ed. - Whitman & Mattord • Deterrence can prevent an illegal or unethical activity from occurring. Successful deterrence requires the institution of severe penalties, the probability of apprehension, and an expectation that penalties will be enforced • As part of an effort to sponsor positive ethics, a number of professional organizations have established codes of conduct and/or codes of ethics that their members are expected to follow • Laws are formally adopted rules for acceptable behavior in modern society. Ethics are socially acceptable behaviors. The key difference between laws and ethics is that laws bear the sanction of a governing authority and ethics do not Summary
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 4 Management of Information Security, 6th ed. - Whitman & Mattord • Organizations formalize desired behaviors in documents called policies. Unlike laws, policies must be distributed, read, understood, explicitly agreed to by employees and uniformly enforced before they are enforceable • Civil law encompasses a wide variety of laws that regulate relationships between and among individuals and organizations. Criminal law addresses violations that harm society and that are prosecuted by the state. Tort law is a subset of civil law that deals with lawsuits by individuals rather than criminal prosecution by the state • U.S. copyright law extends intellectual property rights to the published word, including electronic publication • A number of key U.S. federal agencies are charged with the protection of American information resources and the investigation of threats or attacks against these resources Summary (Continued)
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 5 Management of Information Security, 6th ed. - Whitman & Mattord • Digital forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis. E-discovery is the identification and preservation of evidentiary materials related to a specific legal action • Most organizations cannot sustain a permanent digital forensics team. Even so, people in the InfoSec group should be trained to understand and manage the forensics process • In digital forensics, all investigations follow the same basic methodology: identify relevant items of evidentiary value, acquire (seize) the evidence without alteration or damage, take steps to assure that the evidence is verifiably authentic at every stage and is unchanged from the time it was seized, analyze the data without risking modification or unauthorized access, and report the findings to the proper authority Summary (Continued)
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Self paced Reading: Digital Forensics Chapter 02: Compliance: Law and Ethics
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 7 Management of Information Security, 6th ed. - Whitman & Mattord Cybercrime • Various names: Computer crime, High-tech crimes, or Cybercrime. 7
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 8 Management of Information Security, 6th ed. - Whitman & Mattord Cybercrime • Cybercrime is used to describe criminal activity in which computers, mobiles, or networks are a tool, a target, or a place of criminal activity (contains evidence). •Electronic device as a target: Viruses, Denial-of-service attacks. •Electronic device as a tool: Identity theft, Phishing. •Electronic device contains evidence: emails, internet browsing, contacts, location data and images. 8 https://www.fbi.gov/about-us/investigate/cyber
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 9 Management of Information Security, 6th ed. - Whitman & Mattord Cybercrime: examples • Cyber-based terrorism • Espionage • Computer intrusions: Hacking • Identity theft • Cyber financial fraud • Child exploitation • Cyber Money Laundering • Online Gambling • Harassment including Cyberstalking • Drug trafficking • Offensive content including Internet pornography 9
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 10 Management of Information Security, 6th ed. - Whitman & Mattord More New Smart Devices 10
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 11 Management of Information Security, 6th ed. - Whitman & Mattord Forensics Science • Forensic science is the application of science to criminal and civil laws. The aim is to determine the evidential value of the crime scene and related evidence. 11
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 12 Management of Information Security, 6th ed. - Whitman & Mattord Forensics Science 12
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 13 Management of Information Security, 6th ed. - Whitman & Mattord Digital Forensics •Digital forensics is a collection of specialized techniques, processes, and procedures used to preserve, extract, analyze, and present electronic evidence that is found in digital devices, often in relation to computer or cybercrime. 13
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 14 Management of Information Security, 6th ed. - Whitman & Mattord Digital Forensics Process 14
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 15 Management of Information Security, 6th ed. - Whitman & Mattord DFInvestigation Methodology 15
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 16 Management of Information Security, 6th ed. - Whitman & Mattord Digital Forensics Specialties 16 1.Computer Forensics: Static & Live Acquisition 2.OS Forensics: Windows, Linux. 3.Mobile Forensics: Logical & Physical Extraction. 4.Network/Intrusion Forensics. 5.Malware Analysis: Reverse Engineering. 6.Open Source Intelligence. 7.Digital Forensics and Cloud Computing 8.Digital Forensics and Social Networks
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 17 Management of Information Security, 6th ed. - Whitman & Mattord Slide 17 The Digital Crime Scene
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 18 Management of Information Security, 6th ed. - Whitman & Mattord Slide 18 Getting Control and Officer Safety  Get Immediate Control of Devices  Computers  Mobile Devices  Storage Devices
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 19 Management of Information Security, 6th ed. - Whitman & Mattord Slide 19 Getting Control and Officer Safety  Check for Destructive Activities  Drive Formatting/Wiping  Mobile Device Resetting/Destruction
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 20 Management of Information Security, 6th ed. - Whitman & Mattord Slide 20 Getting Control and Officer Safety  If Destructive Activity Noted:  Computers • Pull the Power Plug from Computer (More on this topic to be covered elsewhere)
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 21 Management of Information Security, 6th ed. - Whitman & Mattord Slide 21 Getting Control and Officer Safety  If Destructive Activity Noted:  Mobile Devices • Pull the Battery if Possible (More on this topic to be covered elsewhere)
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 22 Management of Information Security, 6th ed. - Whitman & Mattord Slide 22 Identifying Devices What not to seize! • Devices that cannot store digital evidence. • Most Printers • Monitors • Keyboards However, don’t forget traditional evidence that may be on those devices. • Fingerprints • Bodily Fluids
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 23 Management of Information Security, 6th ed. - Whitman & Mattord Slide 23 Evidence Preservation Running Computers • When in doubt, pull the plug! Running Cell Phones • If off, leave it off • If on, leave it on but protect with a Faraday Bag!
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 24 Management of Information Security, 6th ed. - Whitman & Mattord Slide 24 Evidence Acquisition (Imaging and Cloning) • Forensic Imaging is the process of copying the data from a suspect device to a file or set of files on another device. • Forensic cloning is the process of ‘cloning’ one device to another device.
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 25 Management of Information Security, 6th ed. - Whitman & Mattord Slide 25 Evidence Acquisition Cloning All data from drive Hard Drive Cloned Drive The drives are now identical
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 26 Management of Information Security, 6th ed. - Whitman & Mattord Cell phone and Mobile Device Forensics 26
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 27 Management of Information Security, 6th ed. - Whitman & Mattord Acquisition Phase 27 - The third phase in the Mobile Forensic Process is to perform acquisition. - Acquisition is the process of imaging or otherwise obtaining information from a mobile device and its associated media. - Data needs to be extracted from: SIM card, external memory card, and most importantly the handset memory microchip.
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 28 Management of Information Security, 6th ed. - Whitman & Mattord What to Acquire? 28 Data stored electronically within the SIM Data stored externally within the memory expansion card such as Trans Flash Micro SD Data stored within the internal Memory Microchip
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 29 Management of Information Security, 6th ed. - Whitman & Mattord Why to do acquisition? 29 - We never work on the original, we always try to perform things in forensically sound manner. - We do extraction, duplication, of the original and then examine the copy not the original. - This is very important in order to not affect the integrity of the evidence.
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 30 Management of Information Security, 6th ed. - Whitman & Mattord Manual Extraction 30 - It is the most basic extraction method where an examiner manually accesses the phone through the user interface. - To ensure that all details are documented, this process is normally photographed or videotaped. - Only data accessible through the operating system is retrievable.
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 31 Management of Information Security, 6th ed. - Whitman & Mattord 31
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 32 Management of Information Security, 6th ed. - Whitman & Mattord Dealing with Password Protection 32 - Many mobile devices permit users to set a password to restrict access to the device. - For certain devices, it is possible to bypass or recover such protection. - It is generally inadvisable to guess a lock code or passphrase because some mobile devices will wipe their contents after too many failed attempts.
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 33 Management of Information Security, 6th ed. - Whitman & Mattord UFED Phone Detective 33
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 34 Management of Information Security, 6th ed. - Whitman & Mattord Device Information 34
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 35 Management of Information Security, 6th ed. - Whitman & Mattord SMS (including deleted ones) 35
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 36 Management of Information Security, 6th ed. - Whitman & Mattord Files including photos, videos 36
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 37 Management of Information Security, 6th ed. - Whitman & Mattord Web Browsers Cache Analyzer 37
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 38 Management of Information Security, 6th ed. - Whitman & Mattord Passwords can be retrieved 38
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 39 Management of Information Security, 6th ed. - Whitman & Mattord WiFi Connections & Location Services 39
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 40 Management of Information Security, 6th ed. - Whitman & Mattord Communication Activities 40
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 41 Management of Information Security, 6th ed. - Whitman & Mattord • When an incident or disaster violates civil or criminal law, it is the organization’s responsibility to notify the proper authorities. • Selecting the appropriate law enforcement agency depends on the type of crime committed. Law Enforcement Involvement
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 42 Management of Information Security, 6th ed. - Whitman & Mattord •Involving law enforcement agencies has both advantages and disadvantages: • Such agencies are usually much better equipped to process evidence than a business and are also prepared to handle the warrants and subpoenas necessary when documenting a case • The disadvantages of law enforcement involvement include possible loss of control over the chain of events following an incident—for example, the collection of information and evidence and the prosecution of suspects • A very real issue is the confiscation of vital equipment as evidence Law Enforcement Involvement (Continued)
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 43 Management of Information Security, 6th ed. - Whitman & Mattord As of this writing, the rules are as follows: 1) The people who design, develop, or deploy a computing artifact are morally responsible for that artifact, and for the foreseeable effects of that artifact. This responsibility is shared with other people who design, develop, deploy or knowingly use the artifact as part of a sociotechnical system. 2) The shared responsibility of computing artifacts is not a zero-sum game. The responsibility of an individual is not reduced simply because more people become involved in designing, developing, deploying, or using the artifact. Instead, a person’s responsibility includes being answerable for the behaviors of the artifact and for the artifact’s effects after deployment, to the degree to which these effects are reasonably foreseeable by that person. 3) People who knowingly use a particular computing artifact are morally responsible for that use. 4) People who knowingly design, develop, deploy, or use a computing artifact can do so responsibly only when they make a reasonable effort to take into account the sociotechnical systems in which the artifact is embedded. 5) People who design, develop, deploy, promote, or evaluate a computing artifact should not explicitly or implicitly deceive users about the artifact or its foreseeable effects, or about the sociotechnical systems in which the artifact is embedded.

Recommended

541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
541341322-3-ITE403-Whitman-Ch03-W3C1.pdf541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
ubaidullah75790
 
Whitman_Ch03.pptx
Whitman_Ch03.pptxWhitman_Ch03.pptx
Whitman_Ch03.pptx
Siphamandla9
 
Lecture 8- information technology slides
Lecture 8- information technology slidesLecture 8- information technology slides
Lecture 8- information technology slides
Aiman Niazi
 
Lecture 5.pptx
Lecture 5.pptxLecture 5.pptx
Lecture 5.pptx
DuncanWachira3
 
Personal, Legal, Ethical, and Organizational Issues of .docx
Personal, Legal, Ethical, and Organizational Issues of .docxPersonal, Legal, Ethical, and Organizational Issues of .docx
Personal, Legal, Ethical, and Organizational Issues of .docx
karlhennesey
 
Whitman_Ch05.pptx
Whitman_Ch05.pptxWhitman_Ch05.pptx
Whitman_Ch05.pptx
Siphamandla9
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to Security
Dr. Ahmed Al Zaidy
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
TechSoup
 

Recommended

541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
541341322-3-ITE403-Whitman-Ch03-W3C1.pdf541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
ubaidullah75790
 
Whitman_Ch03.pptx
Whitman_Ch03.pptxWhitman_Ch03.pptx
Whitman_Ch03.pptx
Siphamandla9
 
Lecture 8- information technology slides
Lecture 8- information technology slidesLecture 8- information technology slides
Lecture 8- information technology slides
Aiman Niazi
 
Lecture 5.pptx
Lecture 5.pptxLecture 5.pptx
Lecture 5.pptx
DuncanWachira3
 
Personal, Legal, Ethical, and Organizational Issues of .docx
Personal, Legal, Ethical, and Organizational Issues of .docxPersonal, Legal, Ethical, and Organizational Issues of .docx
Personal, Legal, Ethical, and Organizational Issues of .docx
karlhennesey
 
Whitman_Ch05.pptx
Whitman_Ch05.pptxWhitman_Ch05.pptx
Whitman_Ch05.pptx
Siphamandla9
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to Security
Dr. Ahmed Al Zaidy
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
TechSoup
 
ITT450 Chapter 1.pptx
ITT450 Chapter 1.pptxITT450 Chapter 1.pptx
ITT450 Chapter 1.pptx
AliffDarfriz
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Shawn Tuma
 
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
susanschei
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
Meg Weber
 
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data SecurityChapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Dr. Ahmed Al Zaidy
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
Shawn Tuma
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
Shawn Tuma
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
Splunk
 
Whitman_Ch06.pptx
Whitman_Ch06.pptxWhitman_Ch06.pptx
Whitman_Ch06.pptx
Siphamandla9
 
Whitman_Ch02.pptx
Whitman_Ch02.pptxWhitman_Ch02.pptx
Whitman_Ch02.pptx
Siphamandla9
 
Cyber Risk in the Energy Industry
Cyber Risk in the Energy IndustryCyber Risk in the Energy Industry
Cyber Risk in the Energy Industry
Tim Christ Executive Leadership
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
Shawn Tuma
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
Shawn Tuma
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
MTG IT Professionals
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical Hacking
IRJET Journal
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
adabotor7
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
Adrian Dumitrescu
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Business Days
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
cyberprosocial
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3
Caston Thomas
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
 

More Related Content

Similar to Digital Forensics_Lecture.pptx

© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
susanschei
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
Meg Weber
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
Splunk
 

Similar to Digital Forensics_Lecture.pptx (20)

ITT450 Chapter 1.pptx
ITT450 Chapter 1.pptxITT450 Chapter 1.pptx
ITT450 Chapter 1.pptx
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
 
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data SecurityChapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
 
Whitman_Ch06.pptx
Whitman_Ch06.pptxWhitman_Ch06.pptx
Whitman_Ch06.pptx
 
Whitman_Ch02.pptx
Whitman_Ch02.pptxWhitman_Ch02.pptx
Whitman_Ch02.pptx
 
Cyber Risk in the Energy Industry
Cyber Risk in the Energy IndustryCyber Risk in the Energy Industry
Cyber Risk in the Energy Industry
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical Hacking
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 
Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3Cybersecurity for CRM v0219-3
Cybersecurity for CRM v0219-3
 

Recently uploaded

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Angeliki Cooney
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

Recently uploaded (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 

Digital Forensics_Lecture.pptx

  • 1. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Organizational Liability and the Management of Digital Forensics Chapter 02: Compliance: Law and Ethics
  • 2. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 2 Management of Information Security, 6th ed. - Whitman & Mattord
  • 3. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 3 Management of Information Security, 6th ed. - Whitman & Mattord • Deterrence can prevent an illegal or unethical activity from occurring. Successful deterrence requires the institution of severe penalties, the probability of apprehension, and an expectation that penalties will be enforced • As part of an effort to sponsor positive ethics, a number of professional organizations have established codes of conduct and/or codes of ethics that their members are expected to follow • Laws are formally adopted rules for acceptable behavior in modern society. Ethics are socially acceptable behaviors. The key difference between laws and ethics is that laws bear the sanction of a governing authority and ethics do not Summary
  • 4. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 4 Management of Information Security, 6th ed. - Whitman & Mattord • Organizations formalize desired behaviors in documents called policies. Unlike laws, policies must be distributed, read, understood, explicitly agreed to by employees and uniformly enforced before they are enforceable • Civil law encompasses a wide variety of laws that regulate relationships between and among individuals and organizations. Criminal law addresses violations that harm society and that are prosecuted by the state. Tort law is a subset of civil law that deals with lawsuits by individuals rather than criminal prosecution by the state • U.S. copyright law extends intellectual property rights to the published word, including electronic publication • A number of key U.S. federal agencies are charged with the protection of American information resources and the investigation of threats or attacks against these resources Summary (Continued)
  • 5. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 5 Management of Information Security, 6th ed. - Whitman & Mattord • Digital forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis. E-discovery is the identification and preservation of evidentiary materials related to a specific legal action • Most organizations cannot sustain a permanent digital forensics team. Even so, people in the InfoSec group should be trained to understand and manage the forensics process • In digital forensics, all investigations follow the same basic methodology: identify relevant items of evidentiary value, acquire (seize) the evidence without alteration or damage, take steps to assure that the evidence is verifiably authentic at every stage and is unchanged from the time it was seized, analyze the data without risking modification or unauthorized access, and report the findings to the proper authority Summary (Continued)
  • 6. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Self paced Reading: Digital Forensics Chapter 02: Compliance: Law and Ethics
  • 7. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 7 Management of Information Security, 6th ed. - Whitman & Mattord Cybercrime • Various names: Computer crime, High-tech crimes, or Cybercrime. 7
  • 8. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 8 Management of Information Security, 6th ed. - Whitman & Mattord Cybercrime • Cybercrime is used to describe criminal activity in which computers, mobiles, or networks are a tool, a target, or a place of criminal activity (contains evidence). •Electronic device as a target: Viruses, Denial-of-service attacks. •Electronic device as a tool: Identity theft, Phishing. •Electronic device contains evidence: emails, internet browsing, contacts, location data and images. 8 https://www.fbi.gov/about-us/investigate/cyber
  • 9. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 9 Management of Information Security, 6th ed. - Whitman & Mattord Cybercrime: examples • Cyber-based terrorism • Espionage • Computer intrusions: Hacking • Identity theft • Cyber financial fraud • Child exploitation • Cyber Money Laundering • Online Gambling • Harassment including Cyberstalking • Drug trafficking • Offensive content including Internet pornography 9
  • 10. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 10 Management of Information Security, 6th ed. - Whitman & Mattord More New Smart Devices 10
  • 11. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 11 Management of Information Security, 6th ed. - Whitman & Mattord Forensics Science • Forensic science is the application of science to criminal and civil laws. The aim is to determine the evidential value of the crime scene and related evidence. 11
  • 12. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 12 Management of Information Security, 6th ed. - Whitman & Mattord Forensics Science 12
  • 13. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 13 Management of Information Security, 6th ed. - Whitman & Mattord Digital Forensics •Digital forensics is a collection of specialized techniques, processes, and procedures used to preserve, extract, analyze, and present electronic evidence that is found in digital devices, often in relation to computer or cybercrime. 13
  • 14. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 14 Management of Information Security, 6th ed. - Whitman & Mattord Digital Forensics Process 14
  • 15. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 15 Management of Information Security, 6th ed. - Whitman & Mattord DFInvestigation Methodology 15
  • 16. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 16 Management of Information Security, 6th ed. - Whitman & Mattord Digital Forensics Specialties 16 1.Computer Forensics: Static & Live Acquisition 2.OS Forensics: Windows, Linux. 3.Mobile Forensics: Logical & Physical Extraction. 4.Network/Intrusion Forensics. 5.Malware Analysis: Reverse Engineering. 6.Open Source Intelligence. 7.Digital Forensics and Cloud Computing 8.Digital Forensics and Social Networks
  • 17. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 17 Management of Information Security, 6th ed. - Whitman & Mattord Slide 17 The Digital Crime Scene
  • 18. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 18 Management of Information Security, 6th ed. - Whitman & Mattord Slide 18 Getting Control and Officer Safety  Get Immediate Control of Devices  Computers  Mobile Devices  Storage Devices
  • 19. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 19 Management of Information Security, 6th ed. - Whitman & Mattord Slide 19 Getting Control and Officer Safety  Check for Destructive Activities  Drive Formatting/Wiping  Mobile Device Resetting/Destruction
  • 20. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 20 Management of Information Security, 6th ed. - Whitman & Mattord Slide 20 Getting Control and Officer Safety  If Destructive Activity Noted:  Computers • Pull the Power Plug from Computer (More on this topic to be covered elsewhere)
  • 21. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 21 Management of Information Security, 6th ed. - Whitman & Mattord Slide 21 Getting Control and Officer Safety  If Destructive Activity Noted:  Mobile Devices • Pull the Battery if Possible (More on this topic to be covered elsewhere)
  • 22. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 22 Management of Information Security, 6th ed. - Whitman & Mattord Slide 22 Identifying Devices What not to seize! • Devices that cannot store digital evidence. • Most Printers • Monitors • Keyboards However, don’t forget traditional evidence that may be on those devices. • Fingerprints • Bodily Fluids
  • 23. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 23 Management of Information Security, 6th ed. - Whitman & Mattord Slide 23 Evidence Preservation Running Computers • When in doubt, pull the plug! Running Cell Phones • If off, leave it off • If on, leave it on but protect with a Faraday Bag!
  • 24. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 24 Management of Information Security, 6th ed. - Whitman & Mattord Slide 24 Evidence Acquisition (Imaging and Cloning) • Forensic Imaging is the process of copying the data from a suspect device to a file or set of files on another device. • Forensic cloning is the process of ‘cloning’ one device to another device.
  • 25. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 25 Management of Information Security, 6th ed. - Whitman & Mattord Slide 25 Evidence Acquisition Cloning All data from drive Hard Drive Cloned Drive The drives are now identical
  • 26. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 26 Management of Information Security, 6th ed. - Whitman & Mattord Cell phone and Mobile Device Forensics 26
  • 27. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 27 Management of Information Security, 6th ed. - Whitman & Mattord Acquisition Phase 27 - The third phase in the Mobile Forensic Process is to perform acquisition. - Acquisition is the process of imaging or otherwise obtaining information from a mobile device and its associated media. - Data needs to be extracted from: SIM card, external memory card, and most importantly the handset memory microchip.
  • 28. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 28 Management of Information Security, 6th ed. - Whitman & Mattord What to Acquire? 28 Data stored electronically within the SIM Data stored externally within the memory expansion card such as Trans Flash Micro SD Data stored within the internal Memory Microchip
  • 29. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 29 Management of Information Security, 6th ed. - Whitman & Mattord Why to do acquisition? 29 - We never work on the original, we always try to perform things in forensically sound manner. - We do extraction, duplication, of the original and then examine the copy not the original. - This is very important in order to not affect the integrity of the evidence.
  • 30. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 30 Management of Information Security, 6th ed. - Whitman & Mattord Manual Extraction 30 - It is the most basic extraction method where an examiner manually accesses the phone through the user interface. - To ensure that all details are documented, this process is normally photographed or videotaped. - Only data accessible through the operating system is retrievable.
  • 31. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 31 Management of Information Security, 6th ed. - Whitman & Mattord 31
  • 32. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 32 Management of Information Security, 6th ed. - Whitman & Mattord Dealing with Password Protection 32 - Many mobile devices permit users to set a password to restrict access to the device. - For certain devices, it is possible to bypass or recover such protection. - It is generally inadvisable to guess a lock code or passphrase because some mobile devices will wipe their contents after too many failed attempts.
  • 33. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 33 Management of Information Security, 6th ed. - Whitman & Mattord UFED Phone Detective 33
  • 34. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 34 Management of Information Security, 6th ed. - Whitman & Mattord Device Information 34
  • 35. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 35 Management of Information Security, 6th ed. - Whitman & Mattord SMS (including deleted ones) 35
  • 36. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 36 Management of Information Security, 6th ed. - Whitman & Mattord Files including photos, videos 36
  • 37. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 37 Management of Information Security, 6th ed. - Whitman & Mattord Web Browsers Cache Analyzer 37
  • 38. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 38 Management of Information Security, 6th ed. - Whitman & Mattord Passwords can be retrieved 38
  • 39. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 39 Management of Information Security, 6th ed. - Whitman & Mattord WiFi Connections & Location Services 39
  • 40. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 40 Management of Information Security, 6th ed. - Whitman & Mattord Communication Activities 40
  • 41. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 41 Management of Information Security, 6th ed. - Whitman & Mattord • When an incident or disaster violates civil or criminal law, it is the organization’s responsibility to notify the proper authorities. • Selecting the appropriate law enforcement agency depends on the type of crime committed. Law Enforcement Involvement
  • 42. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 42 Management of Information Security, 6th ed. - Whitman & Mattord •Involving law enforcement agencies has both advantages and disadvantages: • Such agencies are usually much better equipped to process evidence than a business and are also prepared to handle the warrants and subpoenas necessary when documenting a case • The disadvantages of law enforcement involvement include possible loss of control over the chain of events following an incident—for example, the collection of information and evidence and the prosecution of suspects • A very real issue is the confiscation of vital equipment as evidence Law Enforcement Involvement (Continued)
  • 43. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 43 Management of Information Security, 6th ed. - Whitman & Mattord As of this writing, the rules are as follows: 1) The people who design, develop, or deploy a computing artifact are morally responsible for that artifact, and for the foreseeable effects of that artifact. This responsibility is shared with other people who design, develop, deploy or knowingly use the artifact as part of a sociotechnical system. 2) The shared responsibility of computing artifacts is not a zero-sum game. The responsibility of an individual is not reduced simply because more people become involved in designing, developing, deploying, or using the artifact. Instead, a person’s responsibility includes being answerable for the behaviors of the artifact and for the artifact’s effects after deployment, to the degree to which these effects are reasonably foreseeable by that person. 3) People who knowingly use a particular computing artifact are morally responsible for that use. 4) People who knowingly design, develop, deploy, or use a computing artifact can do so responsibly only when they make a reasonable effort to take into account the sociotechnical systems in which the artifact is embedded. 5) People who design, develop, deploy, promote, or evaluate a computing artifact should not explicitly or implicitly deceive users about the artifact or its foreseeable effects, or about the sociotechnical systems in which the artifact is embedded.

Editor's Notes

  1. As of this writing, the rules are as follows: 1. The people who design, develop, or deploy a computing artifact are morally responsible for that artifact, and for the foreseeable effects of that artifact. This responsibility is shared with other people who design, develop, deploy or knowingly use the artifact as part of a sociotechnical system. 2. The shared responsibility of computing artifacts is not a zero-sum game. The responsibility of an individual is not reduced simply because more people become involved in designing, developing, deploying, or using the artifact. Instead, a person’s responsibility includes being answerable for the behaviors of the artifact and for the artifact’s effects after deployment, to the degree to which these effects are reasonably foreseeable by that person. 3. People who knowingly use a particular computing artifact are morally responsible for that use. 4. People who knowingly design, develop, deploy, or use a computing artifact can do so responsibly only when they make a reasonable effort to take into account the sociotechnical systems in which the artifact is embedded. 5. People who design, develop, deploy, promote, or evaluate a computing artifact should not explicitly or implicitly deceive users about the artifact or its foreseeable effects, or about the sociotechnical systems in which the artifact is embedded. Compared to the codes of ethics discussed earlier, The Rules are few in number and quite general in nature. They are intended to apply to a broad spectrum of people involved in computer system design and development. The Rules have gathered broad support as useful guidelines by academics, practitioners, computer scientists, and philosophers from a number of countries [MILL11]. It seems likely that The Rules will influence future versions of codes of ethics by computer-related professional organizations.