Itet3 its forensics


Published on

Published in: Education, Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Itet3 its forensics

  1. 1. Forensics
  2. 2. Forensics <ul><li>Meriam webster link </li></ul>
  3. 3. Backtrack <ul><li>BT4 has a “forensic” boot option. </li><ul><li>What is that about? </li></ul></ul>
  4. 4. Law enforcement <ul><li>UK police has made a manual. </li><ul><li>They describe 4 principles.
  5. 5. Bear in mind that this is from the point of view of law enforcement. </li></ul></ul>
  6. 6. Principle 1 <ul><li>No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
  7. 7. source </li></ul>
  8. 8. Principle 2 <ul><li>In circumstances where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions. </li></ul>
  9. 9. Principle 3 <ul><li>An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result. </li></ul>
  10. 10. Principle 4 <ul><li>The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to. </li></ul>
  11. 11. Doing forensic <ul><li>Evidence collection
  12. 12. Evidence preservation
  13. 13. Evidence analysis
  14. 14. Evidence presentation </li></ul>
  15. 15. Forensic readiness <ul><li>Define the business scenarios that require digital evidence.
  16. 16. Identify available sources and different types of potential evidence.
  17. 17. Determine the evidence collection requirement.
  18. 18. Establish a capability for securely gathering legally admissible evidence to meet the requirement.
  19. 19. Establish a policy for secure storage and handling of potential evidence. </li></ul>
  20. 20. Forensic readiness (cont.) <ul><li>Ensure monitoring is targeted to detect and deter major incidents.
  21. 21. Specify circumstances when escalation to a full formal investigation (which may use the digital evidence) should be launched.
  22. 22. Train staff in incident awareness, so that all those involved understand their role in the digital evidence process and the legal sensitivities of evidence.
  23. 23. Document an evidence-based case describing the incident and its impact.
  24. 24. Ensure legal review to facilitate action in response to the incident. </li></ul>
  25. 25. Why investigate? <ul><li>Criminal investigation
  26. 26. Civil litigation
  27. 27. Data discovery </li><ul><li>e.g. data mining in log files </li></ul><li>Data recovery </li></ul>