Computer Forensics: You can run but you can't hide

•

0 likes•1,754 views

This document discusses digital forensics and incident response (DFIR). It covers the key phases of digital forensics like identification, acquisition, preservation, analysis and dissemination. Acquisition involves collecting evidence from various sources like mobile devices, cloud storage and game consoles. Preservation of the evidence is critical following techniques like write blocking. Analysis techniques are discussed like recovering deleted data and analyzing file system metadata. The challenges of DFIR are also covered like virtual machines, network forensics and issues with the cloud. The document ends emphasizing the importance of ethics, certification and keeping up with new tools and techniques in this field.

Technology

Digital Forensics & IR
You can run, but you can’t hide

Antonio Sanz
IT Systems & Security Manager
Expert witness
@antoniosanzalc
http://www.equipoazul.es

WTF DFIR bro?
Boring legal stuff
Forensic magic
Stand-up guy
Wanna more ?

Identification
Adquisition
Preservation
Analysis
Dissemination
Digital forensics phases
Legal stuff here
and here
Tech yeah!

Bad guys want to
hide … but they
need to run

Recover deleted data
Recover deleted data

47
Don’t delete your history. Or
do it, it doesn’t matter

Every USB you plugged could be
used against you

Event logs
Finding things in logs is like…

There’s still traces
There are always traces left

50% Knowledge
30% Technique
15% Instincts
5% Luck

Writing the report
> Introducción
> Resumen Ejecutivo
> Entorno del Informe (personas, lugares, fechas)
> Hechos probados iniciales (lo que sabemos)
> Hechos técnicos demostrables (lo que encontramos)
> Conclusiones
> Anexo: Evidencias
Write your report

Defending the report
> Contrainforme pericial
> Exposición del informe en el juicio
> Validez del técnico
> Validez de las herramientas
> Preguntas de la otra parte
> Mantener la calma, responder lo justo y bien pensado
Defend your report

Many places to look
Have to know
where, how & why

If you’re guilty …
we’ll catch you
@antoniosanzalc
http://www.equipoazul.es
http://bit.ly/1h47zfF

This document discusses considerations for hiring a digital forensics expert. It defines digital forensics and explains how digital evidence can be found in various devices and used to solve crimes. It outlines the objectives and methodology of digital forensics investigations, including preservation, collection, analysis and presentation of digital evidence. The document warns of risks in self-collecting digital evidence and stresses the importance of using properly trained experts who can ensure evidence is admissible in court.

Digital investigation

unnilala11

This document discusses the nature of computer-based electronic evidence and the devices and considerations involved in digital investigation. It covers topics such as latent evidence stored on computers, fragility of electronic evidence, devices that may contain evidence like computers, networks, and other digital devices. It also summarizes laws and guidelines related to digital investigation in the UK.

Cyber forensics 02 mit-2014

Muzzammil Wani

This document discusses cyber forensics and the digital forensic process. It defines cyber forensics as the scientific examination and analysis of digital evidence for use in a court of law. The process involves securely collecting potential digital evidence, creating forensic images or copies without altering the original, and analyzing the data through examining file systems, recovering deleted files, and determining timelines. Key challenges include a lack of standards and certification for tools and professionals as well as rapid changes in technology. Cyber forensics is considered a fast-growing career field.

Codebits 2010

Tiago Henriques

This document provides an overview of computer forensics, including what it involves, the tools and techniques used, and why someone may want to pursue a career in this field. It discusses how computer forensics investigations differ from their portrayal on television and focuses on accuracy over speed. Key aspects covered include the forensic process, types of evidence examined, hardware and software tools used, and challenges like hidden data and encryption.

Computer Forensic

Novizul Evendi

This document discusses computer forensics and portable computer forensics. It defines computer forensics as the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary purposes. It outlines the steps of computer forensics including acquisition, identification, evaluation and presentation. It also discusses who uses computer forensics such as law enforcement, prosecutors, and private companies. The document introduces portable computer forensics and provides contact information for the Technology Open Source Laboratory.

Computer forensics powerpoint presentation

Somya Johri

This document provides an overview of computer forensics. It defines computer forensics as identifying, preserving, analyzing and presenting digital evidence in a legally acceptable manner. The objective is to find evidence related to cyber crimes. Computer forensics has a history in investigating financial fraud, such as the Enron case. It describes the types of digital evidence, tools used, and steps involved in computer forensic investigations. Key points are avoiding altering metadata and overwriting unallocated space when collecting evidence.

computer forensics

shivi123456

Computer forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for root cause analysis. It is a branch of digital forensic science that applies techniques of computer investigation and analysis. The goal is the discovery, collection, and analysis of digital evidence found on computers and networks to identify the source of security attacks or crimes.

Computer Forensics

Neilg42

Computer forensics is used to discover evidence of computer crimes by collecting, preserving, and analyzing digital evidence from computers and storage media. It helps criminal and civil legal cases involving issues like espionage, intellectual property theft, employee misuse of computers, and medical billing fraud. The computer forensics process includes securing evidence, making copies or images of storage devices, examining files and locations where deleted or hidden data may be stored, and documenting the investigation. Maintaining control of intellectual property and trade secrets is challenging as organizations increasingly process data overseas where there is greater risk of information leakage.

This document summarizes a computer forensic workshop presented by Ahmad Zaid Zam Zami. The workshop covered digital forensic procedures, including evidence acquisition through hardware, live CD, and live imaging methods. It also discussed preserving evidence through cryptographic hashing and creating bit-stream image copies. The analysis process examines forensic copies to build timelines, search media, and recover deleted data within the scope of the investigation.

Cyber Forensics Module 2

Manu Mathew Cherian

Types of Computer Forensics Technology, Types of Military Computer Forensic Technology, Types of Law Enforcement, Computer Forensic Technology, Types of Business Computer Forensic Technology, Specialized Forensics Techniques, Hidden Data and How to Find It, Spyware and Adware, Encryption Methods and Vulnerabilities, Protecting Data from Being Compromised Internet Tracing Methods, Security and Wireless Technologies, Avoiding Pitfalls with Firewalls Biometric Security Systems

Cyber Forensics Module 1

Manu Mathew Cherian

This document discusses cyber forensics and investigating large scale data breaches. It begins by defining cyber forensics as an electronic discovery technique used to determine and reveal technical criminal evidence, often involving extracting electronic data for legal purposes. It then discusses challenges in investigating corporate networks due to different operating systems, file systems, and administrative access used. When investigating large data breaches, security exploits and employee devices are common entry points, while pace of growth and lack of evidence erasure complicate progress. The Yahoo breach example turned tides by providing data to investigators that aided geopolitical understanding. Immediate actions include response and isolation, while tools like COFEE, SIFT, and ProDiscover aid forensic analysis at different levels.

cyber Forensics

Muzzammil Wani

This document provides an overview of computer forensics. It defines computer forensics as the process of preserving, identifying, extracting, documenting and interpreting computer media for legal evidence. It discusses what constitutes digital evidence and provides examples of computer forensic investigations. It also outlines the reasons for collecting digital evidence, who uses computer forensics, and the basic steps involved in a computer forensics investigation. Finally, it discusses methods of hiding and detecting hidden data.

Computer Forensic

Tawhidur Rahman

Digital forensics involves the process of preserving, analyzing, and presenting digital evidence in a manner that is legally acceptable. This document defines digital forensics and outlines the key steps involved, including acquiring evidence, recovering data, analyzing findings, and presenting results. It also discusses who uses computer forensics, common file types and locations examined, and important tools and skills required by forensic examiners. Maintaining a legally-sound methodology is important to ensure evidence is handled properly and can be used in legal cases.

Digital Forensics Workshop

Tim Fletcher

This document provides an overview of a digital forensics practical workshop. It discusses collecting and examining digital evidence from sources like computers, mobile devices, and the cloud. Specific techniques covered include imaging disks, dealing with encryption, timelines, documentation, and using tools like Autopsy to analyze disk images and find relevant evidence. Sample evidence is provided on a memory stick for analysis, including an iPhone image and Windows disk image to search for clues about a dog kidnapping case.

Cyber forensic 1

anilinvns

Cyber forensics involves applying scientific methods to digital evidence for legal purposes. It includes preserving, acquiring, analyzing, discovering, documenting, and presenting digital evidence. Common goals are to determine if unauthorized activity or crimes occurred using computer systems and networks. Cyber crimes are growing and can include hacking, cyber stalking, spamming, and intellectual property theft. Forensic investigations follow standard procedures including seizing evidence, making copies, and analyzing to find relevant information for legal cases.

Computer forensics

Ramesh Ogania

The document discusses computer forensics techniques including: 1) Basic investigation techniques like WHOIS searches, DNS lookups, and analyzing web server logs. 2) Analyzing digital evidence from sources like hard drives, network cards, routers, and removable storage devices. 3) The computer forensics process of acquiring, authenticating, analyzing, and documenting digital evidence while avoiding modifying the original source.

Ce hv6 module 57 computer forensics and incident handling

Vi Tính Hoàng Nam

The incident response team will take several steps to investigate the denial of service attack on OrientRecruitmentInc's web server. They will first isolate the compromised system to contain the attack. The team will then analyze logs and files on the system to identify the source and technical details of the attack. Finally, the team will work to restore normal operations by fixing vulnerabilities and installing patches, while also preparing a report on their findings and response for management.

Computer forensic 101 - OWASP Khartoum

OWASP Khartoum

computer forensics

Vaibhav Tapse

Computer forensics is the process of identifying, preserving, analyzing and presenting digital evidence in a way that is legally acceptable. It aims to find criminal evidence and present it legally to punish criminals. The main steps are identifying evidence through acquisition and collection, preserving it, analyzing and extracting information from it, documenting the process, and presenting findings. It requires forensic tools like disk imaging software, hashing tools, and password cracking software. It is used for criminal prosecution, civil litigation, detecting financial fraud, and investigating corporate policy violations.

Computer forensics

Sarwar Hossain Rafsan

Computer forensics is the “who, what, when, and how” of electronic evidence. Typically narrow in scope, it attempts to reconstruct events, focusing on the computer-based conduct of an individual or group of individuals. The types of cases involving computer forensics are numerous and varied – from the personal (i.e. locating hidden assets in a messy divorce case), to the political (i.e. investigating alleged misuse of government computers for political gain), to the dramatic (i.e. “What was your client’s former employee downloading from the Internet before he was fired and brought suit for wrongful termination?”).

Computer forensics ppt

Nikhil Mashruwala

Computer forensics involves identifying, preserving, analyzing, and presenting digital evidence from computers or other electronic devices in a way that is legally acceptable. The main goal is not only to find criminals, but also to find evidence and present it in a way that leads to legal action. Cyber crimes occur when technology is used to commit or conceal offenses, and digital evidence can include data stored on computers in persistent or volatile forms. Computer forensics experts follow a methodology that involves documenting hardware, making backups, searching for keywords, and documenting findings to help with criminal prosecution, civil litigation, and other applications.

Computer forensic ppt

Onkar1431

Computer forensic is the process of identifying, preserving, analyzing, and presenting digital evidence in a legally acceptable manner. This involves acquiring evidence from computers and other devices, analyzing the evidence, and reporting the findings. Computer forensic is used to find digital evidence related to cyber crimes, unauthorized disclosure of information, and other offenses. It provides evidence for criminal and civil legal cases by examining both persistent and volatile data stored on devices. Proper procedures and validated tools are used to ensure any evidence collected is admissible in court.

Cyber Incident Response & Digital Forensics Lecture

Ollie Whitehouse

Computer forensics

Shreya Singireddy

Computer forensics

Hiren Selani

Computer forensics involves preserving, identifying, extracting, documenting, and interpreting computer data for legal evidence or root cause analysis. It is used by law enforcement, businesses, and individuals in cases involving theft, fraud, harassment, and other crimes. The process generally involves acquiring the digital device, identifying and recovering data using forensic tools, evaluating the evidence, and presenting findings in a clear manner for legal purposes. Specialized skills and software are needed to perform forensic analysis while addressing techniques used by suspects to hide or corrupt digital evidence.

01 Computer Forensics Fundamentals - Notes

Kranthi

Computer forensics is the process of examining computer systems, storage devices, and digital evidence to recover data for legal cases. It involves collecting, preserving, analyzing and presenting computer-related evidence without altering it. Computer evidence can be useful in criminal, civil and employment cases. Computer forensics experts follow strict methodologies to carefully handle systems and extract potential evidence while maintaining data integrity and chain of custody. Their goal is to discover all relevant files, including deleted files, and analyze artifacts to understand attempts to hide, delete or encrypt information.

Digital Evidence in Computer Forensic Investigations

Filip Maertens

The document discusses digital evidence and its importance in investigations. It defines different types of digital evidence and outlines challenges and best practices for acquiring, handling, and preserving digital evidence. Specifically, it covers defining digital evidence, why it is important, challenges involved, general methodologies including seizure practices and safe acquisition methods, and safeguarding digital evidence. The presentation provides guidance to law enforcement on properly obtaining and securing digital evidence.

Computer forensic ppt

Priya Manik

Computer forensics is a branch of digital forensic science involving the legal investigation and analysis of evidence found in computers and digital storage media. The objectives are to recover, analyze, and preserve digital evidence in a way that can be presented in a court of law, and to identify evidence and assess the identity and intent of perpetrators in a timely manner. Computer forensics techniques include acquiring, identifying, evaluating, and presenting digital evidence found in files, databases, audio/video files, websites, and other locations on computers, as well as analyzing deleted files, network activity, and detecting steganography.

No Easy Breach DerbyCon 2016

Matthew Dunwoody

Every IR presents unique challenges. But - when an attacker uses PowerShell, WMI, Kerberos attacks, novel persistence mechanisms, seemingly unlimited C2 infrastructure and half-a-dozen rapidly-evolving malware families across a 100k node network to compromise the environment at a rate of 10 systems per day - the cumulative challenges can become overwhelming. This talk will showcase the obstacles overcome during one of the largest and most advanced breaches Mandiant has ever responded to, the novel investigative techniques employed, and the lessons learned that allowed us to help remediate it. Details a massive intrusion by Russian APT29 (AKA CozyDuke, Cozy Bear)

Final Project Report-SIEM

Rangan Yoga

This document provides an agenda and introduction to operationalizing a cyber security operations center (SOC) using Splunk, a security information and event management (SIEM) solution. It discusses implementing Splunk to detect, control, and resolve various cyber attacks and threats. The document outlines the project components, including Cisco and Windows servers, Ubuntu, and Splunk. It also describes using Splunk to index and analyze log data from multiple sources to help detect issues like brute force attacks and insider threats.

What's hot

Computer forensic

Singgih Prasetya

Cyber Forensics Module 2

Manu Mathew Cherian

Cyber Forensics Module 1

Manu Mathew Cherian

cyber Forensics

Muzzammil Wani

Computer Forensic

Tawhidur Rahman

Digital Forensics Workshop

Tim Fletcher

Cyber forensic 1

anilinvns

Computer forensics

Ramesh Ogania

Ce hv6 module 57 computer forensics and incident handling

Vi Tính Hoàng Nam

Computer forensic 101 - OWASP Khartoum

OWASP Khartoum

computer forensics

Vaibhav Tapse

Computer forensics

Sarwar Hossain Rafsan

Computer forensics ppt

Nikhil Mashruwala

Computer forensic ppt

Onkar1431

Cyber Incident Response & Digital Forensics Lecture

Ollie Whitehouse

Computer forensics

Shreya Singireddy

Computer forensics

Hiren Selani

01 Computer Forensics Fundamentals - Notes

Kranthi

Digital Evidence in Computer Forensic Investigations

Filip Maertens

Computer forensic ppt

Priya Manik

What's hot (20)

Computer forensic

Cyber Forensics Module 2

Cyber Forensics Module 1

cyber Forensics

Computer Forensic

Digital Forensics Workshop

Cyber forensic 1

Computer forensics

Ce hv6 module 57 computer forensics and incident handling

Computer forensic 101 - OWASP Khartoum

computer forensics

Computer forensics

Computer forensics ppt

Computer forensic ppt

Cyber Incident Response & Digital Forensics Lecture

Computer forensics

01 Computer Forensics Fundamentals - Notes

Digital Evidence in Computer Forensic Investigations

Computer forensic ppt

Viewers also liked

No Easy Breach DerbyCon 2016

Matthew Dunwoody

Final Project Report-SIEM

Rangan Yoga

The Six Stages of Incident Response

Darren Pauli

The document outlines the six stages of incident response: 1) Preparation, 2) Identification, 3) Containment, 4) Eradication, 5) Recovery, and 6) Lessons Learned. It describes the key activities and goals at each stage, including establishing an incident response team and plan, identifying and containing incidents, removing malicious content, restoring systems, and documenting lessons to improve future response. The goal is to effectively manage security incidents by following best practices at each phase of the incident response lifecycle.

penetest VS. APT

Dmitry Evteev

The top 10 windows logs event id's used v1.0

Michael Gough

Role of a Forensic Investigator

Agape Inc

The document discusses the roles and responsibilities of a computer forensic investigator. It explains that an investigator must gather digital evidence in a forensically-sound manner from various computer systems and devices. This includes recovering deleted files, analyzing file slack and unallocated space, validating email messages, and using file hashes and metadata to determine what files were created on which devices. The goal is to properly handle, analyze, and present admissible digital evidence in court.

Ca world 2007 SOC integration

Michael Nickle

What Happens Before the Kill Chain

OpenDNS

BriMor Labs Live Response Collection

BriMorLabs

The document introduces Brian Moran's Live Response Collection tool, which allows digital forensic investigators and incident responders to easily collect important forensic data from Windows systems. The tool runs pre-configured scripts to collect volatile memory, disk images, log files, and other artifacts. It produces standardized output organized by computer name and date in an easy to parse format. The tool is free to use, open source, and can be customized to support additional collection needs or integrated tools.

Latihan7 comp-forensic-bab6

sabtolinux

This investigative report provides guidelines for writing reports and collecting evidence. It discusses the different types of reports, how to structure a report, and how to write in a clear and concise manner. It also outlines best practices for collecting physical evidence, conducting interviews, maintaining documentation, and ensuring consistency and quality in investigative reporting. The report serves as a reference for investigators on proper procedures and techniques for forensic investigations.

Kasus cybercrimesabtolinux

Latihan8 comp-forensic-bab5

sabtolinux

Windows leaves behind artifacts that can be used to recover data and track user activity. There are three main types of artifacts discussed in the document: deleted data remains in allocated space and can still be recovered; hibernation files and hybrid sleep modes preserve the state of the computer in memory for quick restarting; and the Windows registry tracks user and system configurations and preferences in a tree structure. These artifacts provide important evidence about user accounts, installed programs, files accessed and modified, and more.

Latihan2 comp-forensic

sabtolinux

This document discusses the history and evolution of computer forensics from the late 1800s to present day. It outlines key developments like the first use of fingerprints in criminal investigations in 1888, the establishment of the FBI laboratory in 1932, the creation of the Computer Analysis and Response Team in 1984 to investigate computer evidence, and the formation of the first FBI Regional Computer Forensic Laboratory in 2000. The document also defines computer forensics, describes common forensic methodologies like preservation, extraction, identification, and interpretation of digital evidence, and discusses the importance of forensic readiness and planning for organizations.

Uu kup-001-13-uu kup 2013-00 mobile

Farah Nabilah

Gummer BruCON0x07

xgusix

Gummer is a framework for hunting advanced malware based on anomalies. It functions as a host for plug-in modules including analyzers to detect anomalies, database connectors to store data, and output collectors to gather information. Gummer's goal is not day-to-day malware detection but to provide hints during investigations of advanced threats like APTs. It has a modular structure and currently supports log and network data analysis, MySQL, SQLite and MongoDB as databases, and terminal output. The developer plans to add more modules and community support.

IEF for Military and Government

JADsoftware

Internet Evidence Finder (IEF) is a digital forensics solution that can search a hard drive, live RAM captures, or files for Internet-related evidence. IEF was designed with digital forensics examiners/investigators in mind. IEF is also used by security professionals, prosecutors, incident response teams, and cyber security personnel.Find out why IEF is trusted by many of the world’s most demanding military departments and government agencies.

P Hundamental Security Coding Secure With Php Lamp

phptechtalk

This document provides an overview of a presentation about PHP security best practices. It discusses three zones of responsibility - the developer, external libraries/extensions, and the PHP core. It emphasizes that web security relies more on protecting data than exploiting platforms. The presentation recommends best practices like careful installation, configuration, explicit coding practices like casting variables, input/output validation, and using object-oriented principles.

Latihan4 comp-forensic-bab3

sabtolinux

Computer forensic investigation involves collecting, examining, and analyzing digital evidence for legal cases or corporate inquiries. It includes developing policies and procedures for the computer forensic unit, such as case management and evidence handling. When investigating a potential company policy violation, the company must inform employees of relevant policies and enforce them to prevent wasted resources. Proper legal considerations are important before starting an investigation to ensure compliance with relevant statutes. A 10-step process for preparing for a computer forensic investigation includes securing relevant media, obtaining identifying information, maintaining a chain of custody, and creating search keywords.

Outlook and Exchange for the bad guys

Nick Landers

DerbyCon 2016 Nick Landers @monoxgas External mail via Exchange is one of the most common services offered by organizations today. The Microsoft Office suite is even more prevalent making Outlook the most common mail client around. This talk focuses on the abuse of these two products for the purpose of gaining code execution inside remote networks. Subjects include E-Mail and password scraping, OWA/EWS brute forcing techniques, and new research into abusing Outlook mail rules for remote code execution. Learn about the capabilities of client side rules, the underlying Windows APIs, and how to modify these rule objects to make phishing attacks obsolete. Security Consultant at Silent Break Security. Professional Hacker for 2 years. Current work involves writing custom malware and researching unique attack vectors that abuse functionality in windows environments.

Logs for Information Assurance and Forensics @ USMA

Anton Chuvakin

Viewers also liked (20)

No Easy Breach DerbyCon 2016

Final Project Report-SIEM

The Six Stages of Incident Response

penetest VS. APT

The top 10 windows logs event id's used v1.0

Role of a Forensic Investigator

Ca world 2007 SOC integration

What Happens Before the Kill Chain

BriMor Labs Live Response Collection

Latihan7 comp-forensic-bab6

Kasus cybercrime

Latihan8 comp-forensic-bab5

Latihan2 comp-forensic

Uu kup-001-13-uu kup 2013-00 mobile

Gummer BruCON0x07

IEF for Military and Government

P Hundamental Security Coding Secure With Php Lamp

Latihan4 comp-forensic-bab3

Outlook and Exchange for the bad guys

Logs for Information Assurance and Forensics @ USMA

Similar to Computer Forensics: You can run but you can't hide

Digital Crime & Forensics - Presentation

prashant3535

The document discusses digital crime and forensics. It defines digital crime as any crime where a computer is used as a tool or target. Examples include malware, denial of service attacks, and phishing. Forensics involves the identification, preservation, extraction, documentation, interpretation and presentation of digital evidence. However, forensics faces challenges due to issues like anonymity, large data storage, encryption, and differences between legal systems of countries. The document concludes that collaboration between law enforcement, governments and industry is needed to address new trends in digital crime.

N.sai kiran IIITA AP

sai Nagaragiri

This document provides an overview of cybercrime and cybersecurity. It discusses hackers and their motivations, basic concepts in cybercrime investigation tools, and precautions individuals and businesses can take. Cybercrime is defined as crimes where computers are the object or subject. Common hacker profiles and business vulnerabilities are outlined. The role of computer forensics in investigating cybercrimes is also summarized.

Cyber Crime Evidence Collection Ifsa 2009

University of Southern Mississippi

This presentation was given at the International Forensic Science Academy in 2009. The information contained within the presentation was gained from training in which I had previously participated. Due to the information previously being openly presented, I do not belive I am operating without the permission of the original authors. If anyone disagrees or wants credit, please contact me and I will either remove the content or add you as a citation.

Scene Of The Cybercrime

Amjad Hussain

The document discusses cybercrime and how IT professionals and law enforcement can work together to investigate and prosecute cybercrimes. It outlines who commits cybercrimes and who the victims are. It describes the cultural divide between law enforcement and IT professionals and provides recommendations for how they can bridge this divide. This includes IT learning investigative procedures and law enforcement learning more about technology. Successful cybercrime prosecution requires a team effort between IT and law enforcement.

Scene Of The Cybercrime

Amjad Hussain

Forensic Science Informatics P3 M3 D3

Steve Bishop

The document discusses various methods for policing illegal activity on the internet, including how individuals can protect themselves by using secure passwords and browsers, and how law enforcement addresses challenges like the transnational nature of cyber crimes and limited resources. It also evaluates the strengths and weaknesses of different policing methods, and asks questions about their effectiveness and how policing of the internet could be improved.

Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin

Anton Chuvakin

Salander v bond b sides detroit final v3

antitree

The document discusses Lisbeth Salander and James Bond-style spies compared to corporate spies. It outlines the intelligence life cycle and different types of spies such as government employees, corporate competitive intelligence employees, and private corporate spies. It also discusses human intelligence versus technical intelligence and the benefits and costs of each. The document provides examples of social engineering techniques used by spies and the typical intelligence operations cycle of define, target, develop, access, process intelligence, and exit.

Digital Evidence - the defence, prosecution, & the court

Cell Site Analysis (CSA)

Security crashcourse openwest_2019

Sean Jackson

The document provides an overview of steps a new security person can take to improve their organization's security posture. It recommends focusing initially on low-hanging fruit like increasing security awareness training, network segmentation, implementing a VPN, centralized logging, and multi-factor authentication. Mid-term goals include assessing security risks, improving physical security controls, establishing security policies, and setting up annual audits and penetration tests. Long-term objectives involve data retention, hiring additional security staff, obtaining training and certifications, and continually updating security practices. The document emphasizes starting with achievable tasks and maintaining a sustainable work/life balance.

CyberCrime

CTIN

This document provides guidance for prosecutors on understanding, preparing for, and presenting a cybercrime case in court. It discusses key aspects of understanding the technical details of the crime and digital evidence, educating judges and juries, addressing challenges like linking the defendant to the crime, and ensuring digital evidence is properly authenticated and admitted. Preparing involves educating everyone involved, anticipating defense strategies, and qualifying expert witnesses when needed. Presenting the case requires using techniques like analogies and visual aids to simply explain technical concepts to judges and juries.

Law Enforcement Role In Computing

CTIN

Less than 10% of computer crimes are reported. The most common computer crime reported is financial crimes, while the most common case worked by investigators is child pornography. The document discusses how computers are involved in crimes as the target, instrument, and repository of information. It also outlines some of the unique challenges of electronic crime scenes and computer forensics investigations compared to traditional investigations.

sanfranAIG3

Ian Murphy 2500+ all connections welcome

The document discusses the challenges faced by information security managers. In 3 sentences: Information security managers have difficulty defending their systems from constant attacks due to a lack of knowledge, resources, and user compliance. Their jobs are made harder by the evolving technologies, organized hacker communities, and the fact that no system can ever be completely secure. The document advocates for security managers to think like hackers in order to properly assess vulnerabilities and strengthen their defenses.

Computer Forensics & Cyber Crimes

AnamZunaira

Congratulations! You're The New Security Person! (or, I've Made a Huge Mistake)

Sean Jackson

Corporate Espionage: Technical Surveillance Threats

pattcom

This document discusses corporate espionage threats and countermeasures. It outlines that the biggest threat is often internal, as over 90% of government espionage cases involved insiders. Common motives for espionage include financial gain, revenge, ego, and advancement. Potential targets include competitors, employees, executives, subcontractors, criminals, terrorists, and the media. Espionage methods can include cyber attacks, document theft, acoustic leaks, communications interception, and electronic bugs. The document recommends regular technical surveillance countermeasures sweeps, access controls, document security, and developing an incident response plan to defend against espionage threats.

A brief Intro to Digital Forensics

Manik Bhola

Cybercrime

SensePost

World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.

Jan Geirnaert

This is a simple presentation I did towards a non-technical audience as part of a seminar on Cyber Security in Malaysia - Kuala Lumpur. It covers a wide range of specific topics relating to cyber security issues. We are all connected to a huge amount of devices and the attack vector is growing, widening. Building walls and fences is not enough. There is a lack of On The Ground Cyber Security...

Forensic Expert Cross Examination

ivneetsingh

The document provides information on effectively cross-examining a computer forensics expert witness. It discusses potential weaknesses in an expert's testimony, including a "cops-and-robbers mindset", overreliance on tools without understanding how they work ("Tool Tykes"), sloppy chain-of-custody procedures, exaggerating what can be determined from computer evidence, and limitations in thoroughly searching immense amounts of data on modern hard drives. The document aims to help lawyers identify and challenge flaws in a computer forensics expert's analysis and conclusions.

Similar to Computer Forensics: You can run but you can't hide (20)

Digital Crime & Forensics - Presentation

N.sai kiran IIITA AP

Cyber Crime Evidence Collection Ifsa 2009

Scene Of The Cybercrime

Forensic Science Informatics P3 M3 D3

Using Logs for Breach Investigations and Incident Response by Dr Anton Chuvakin

Salander v bond b sides detroit final v3

Digital Evidence - the defence, prosecution, & the court

Security crashcourse openwest_2019

CyberCrime

Law Enforcement Role In Computing

sanfranAIG3

Computer Forensics & Cyber Crimes

Congratulations! You're The New Security Person! (or, I've Made a Huge Mistake)

Corporate Espionage: Technical Surveillance Threats

A brief Intro to Digital Forensics

Cybercrime

World of Signals - Devices - Connectivity - Signals - RF - Cyber Security.

Forensic Expert Cross Examination

More from Antonio Sanz Alcober

Ciberamenazas - ¿A qué nos enfrentamos?

Computer Forensics: You can run but you can't hide

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Computer Forensics: You can run but you can't hide

Similar to Computer Forensics: You can run but you can't hide (20)

More from Antonio Sanz Alcober

More from Antonio Sanz Alcober (20)

Recently uploaded

Recently uploaded (20)

Computer Forensics: You can run but you can't hide