CLICK HERE TO WATCH
Access the Recorded Session here!
© Interested in training? Contact us! | www.netcomlearning.com |
© 1998-2022 NetCom Learning (888) 563-8266 | eccouncil@netcomlearning.com

© 1998-2022 NetCom Learning Interested in training? Contact us! www.netcomlearning.com (888) 563-8266 eccouncil@netcomlearning.com
| | |
AGENDA
Overview of Multi-Stage Network Breaches
Understanding Forensic Investigation
3 Key Tools and Techniques to Perform Forensic Analysis
Q&A with Speaker

| | |
IMPORTANCE OF COMPUTER FORENSICS PROCESS
• The investigators must follow a forensic investigation process that comply to local laws and established
precedents
• As digital evidence is fragile, a proper investigation process that ensures the integrity of evidence is
critical to prove a case in court.
• The investigators must follow a repeatable and well documented steps

| | |
EVERY CRIME LEAVES A TRAIL OF EVIDENCE!

| | |
MULTI-STAGE ATTACKS ARE MAKING NETWORK DEFENSE
DIFFICULT!
• Multi-stage attack typically includes an initial dropper file, a main payload component of the malware,
and additional modules delivered over a period of days, weeks, or more.
• IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up
due to a lack of security expertise, budget and up to date technology, according to Sophos.
• Cybercriminals use multiple attack methods and payloads for maximum impact
• Cybercriminals are evolving their attack methods and often use multiple payloads to maximize profits
• Organizations that are only patching externally facing high-risk servers are left vulnerable internally
and cybercriminals are taking advantage of this and other security lapses.
• Software exploits, unpatched vulnerabilities and/or zero-day threats are top security risk
• Lack of security expertise, budget and up to date technology.

| | |
6 STAGES OF A NETWORK INTRUSION
• Reconnaissance
• Initial Exploitation
• Establish Persistence
• Install Tools
• Move Literally
• Achieve Objective

| | |
COMPUTER FORENSICS
• Set of methodological procedures and techniques
• Finding evidence related to a digital crime, to find the culprits and initiate legal action against them.
Objectives:
To gather evidence
To track and
prosecute cyber
criminals.
To minimize losses to
the organization
To protect the
organization from
similar incidents in
future
Intent of perpetrator
Cybercrime- Any illegal act that involving a computer device, network or application
Internal- Breach of Trust by disgruntled employees
External- Attackers
• Company becomes target of intrusions every 15 minutes from external source

| | |
TYPES OF FORENSICS
• Network forensics
• Email forensics
• Malware forensics
• Memory forensics
• Cell Phone forensics
• Database forensics
• Disk forensics

| | |
CYBER CRIME INVESTIGATION
• Collection of clues and forensic evidence
• There will be at least one electronic device found during the investigation.
• The electronic device found may be central to the investigation, as it could contain valuable
evidence for solving the case.
• Therefore, the information contained in this device must be investigated in the proper manner
• Process such as collection, process and analysis of data differ based on the type of the case
• Types
• Civil
• Criminal
• Administrative

| | |
RULES OF FORENSIC INVESTIGATION
• Limited access and examination of the original evidence
• Record changes made to evidence files
• Create chain of custody
• Comply with standards
• Hire professionals for analysis
• Evidence should be strictly related to incident
• Securely store evidence
• Use recognized tools for analysis

| | |
DIGITAL EVIDENCE
Digital Evidence:
Any information of probative value that is either stored or transmitted in a digital form.
Locard’s Exchange Principle- “Anyone entering a crime scene takes something of the scene with them,
and leaves something of themselves behind when they leave”
Type
Volatile
Non-Volatile

SOURCES OF POTENTIAL EVIDENCE
• Hard Drive, Thumb Drive, Memory card
• Smart card, Biometric Scanner, Digital Camera
• Routers, Hubs, Switches
• Removable storage device
• Scanners, Fax Machines, GPS

FORENSIC READINESS
Organization’s ability to make optimal use of digital evidence in a limited period of time and
with minimal investigation costs
Benefits
Fast and efficient investigation
Structured storage of evidence- reduces expense and time of investigation
Easy identification of evidence
Gives attackers less time to cover tracks

ROLES AND RESPONSIBILITIES OF FORENSIC INVESTIGATOR
• Determine extent of damage
• Recovers data of investigate value
• Gathers evidence in a forensically manner
• Ensures that evidence is not damaged
• Creates an image of original evidence without tampering to maintain integrity
• Guides officials in carrying out investigation
• Reconstructs the damaged disks or other storage devices, and uncover the information hidden on the
computer
• Analyzes evidence data found
• Prepares analysis report
• Updated organizations about various attacks and recovery techniques.
• Address issue in court

WHAT MAKES A GOOD COMPUTER FORENSIC INVESTIGATOR?
• Interviewing skills to gather much information about case
• Researching skills to know the background activities
• Patience and willingness to work long hours
• Excellent writing skills to detail findings in the report
• Strong analytical skills to find evidence and link it to suspect
• Excellent communication skills to explain findings
• Be updated with new methods and forensic technology
• Well versed in more than one computer platform
• Knowledge of various technologies, hardware, software.
• Honest, ethical and law abiding

PHASES IN THE COMPUTER FORENSICS INVESTIGATION
PROCESS
Pre-
investigation
Phase
Investigation
Phase
Post-
investigation
Phase

COMPUTER FORENSIC INVESTIGATION METHODOLOGY
1. First Response
2. Search and Seizure
3. Collect evidence
4. Secure evidence
5. Data acquisition
6. Data analysis
7. Evidence assessment
8. Documentation & Reporting
9. Testing as an expert witness

3 KEY TECHNIQUES TO PERFORM FORENSIC ANALYSIS
• Preparation/Extraction
• whether there is enough information to proceed, validation of all hardware and software,
duplicates the forensic data provided in the request and verifies its integrity, If examiners get
original evidence, they need to make a working copy and guard the original's chain of custody,
tool selection
• Identification
• Examiners repeat the process of identification for each item on the Extracted Data List, check if
its out of scope
• Analysis
• In the analysis phase, examiners connect all the dots and paint a complete picture for the
requester, examiners answer questions like who, what, when, where, and how.

3 KEY TECHNIQUES TO PERFORM FORENSIC ANALYSIS
• Autopsy/the Sleuth Kit
• The Sleuth Kit is a command-line tool that performs forensic analysis of forensic images of hard
drives and smartphones. Autopsy is a GUI-based system that uses The Sleuth Kit behind the
scenes.
• EnCase
• Encase is an application that helps you to recover evidence from hard drives. It allows you to
conduct an in-depth analysis of files to collect proof like documents, pictures, etc.
• FTK Imager
• FTK Imager is a data preview and imaging tool used to acquire data (evidence) in a forensically
sound manner by creating copies of data without making changes to the original evidence

RELEVANT CERTIFICATION - CHFI
https://www.eccouncil.org/programs/computer-hacking-forensic-investigator-chfi/

Recommended Courses
NetCom Learning offers a comprehensive portfolio for Security
» EC-COUNCIL CHFI: COMPUTER HACKING FORENSIC INVESTIGATOR V10 – Class Scheduled on Oct 17
» EC-COUNCIL CND: CERTIFIED NETWORK DEFENDER V2 - Class Scheduled on Oct 24
» EC-COUNCIL CEH: CERTIFIED ETHICAL HACKER V12 - Class Scheduled on Oct 17
You can also access the below Marketing Assets
» Free 1hr Training - Best Practices to Cybersecurity Vulnerability Assessment and Solutions Implementation
» Free On-Demand Training - Learn Cybersecurity Incident Handling & Response in Under 40 Minutes
» Blog - Top 5 Popular Cybersecurity Certifications for 2022
Interested in training? Contact us! | www.netcomlearning.com |

Other Marketing Assets
COURSES & CERTIFICATIONS
OUR FREE VIRTUAL EVENTS BLOGS SAVINGS PROGRAMS & PROMOS
(888) 563-8266 | eccouncil@netcomlearning.com

Stay Digital Safe - Assess and Upskill your team against cyber threats now !
NetCom Learning's end-user Cybersecurity Awareness Training & Phishing Simulation Solution offers phishing simulations on email,
voice, and text to organizations, and is bundled with 90+ interactive security awareness video courses for the end-users.
Request a Demo

Learning Passport
Flexible Team Training Package
Specifically designed to be customized for the number of learners you
plan to train on top-notch technology providers – including Microsoft,
AWS, Cisco, CompTIA, Adobe, Autodesk, PMI, EC-Council, and more.
Redeemable over 4,000+ official courses
Flexible fund validity of 12 months
Contact Us Now To Schedule your appointment with our learning consultants.
Toll-free Phone: 1-888-563-8266 | Email: info@netcomlearning.com
Learn More

NetCom
Individual Learner Subscription
Get 24/7 access to unlimited virtual instructor-led and self-paced IT and
business training for 12 months. NetCom+ includes over 250 e-Learning
and 140 virtual instructor led courses across various domains.
$2,999 per learner per year
* Additional discounts available for enterprises
+
Learn More

Exclusive Government Savings
Solutions For FY22
This fiscal year, take full advantage of your FY22 training budget and strengthen your
workforce's skillset across 9 domains such as Cloud, Security, Networking, Project
Management, and more, delivered by certified instructors - equipped with security
clearance and government and military training experience.
Learning Passport
Experience up to a
100% increase
in purchasing power and
secure your yearly training
Get Special Pricing
Get exclusive Special Pricing
for Government and
Military on courses
up to $3,600
NetCom+ Subscription
Save training dollars and get
unlimited access to
virtual Instructor-led and
on-demand courses
Help teams earn and maintain certifications as per
Department of Defense (DoD) directive 8140
(Formerly known as DoD 8570)

NetCom Learning serves all Government agencies through our GSA schedule,
47QTCA22D004B.
Our GSA Schedule provides more than 800 classroom training solutions available
for delivery at one of our many training facilities, at your location or at an off-site
that offers maximum convenience.
NetCom Learning is also approved as GSA Small Business for GSA Set Asides.
We accept GSA SmartPay and GCPC credit cards | We participate in GSA Advantage

Continue your Cybersecurity
Skilling Journey with
Microsoft Security
Fundamentals
You will get access to your free Microsoft Official Courseware on
SC-900T00: Microsoft Security, Compliance, And Identity Fundamentals
in the NetCom365 Learning Portal.
Access Now

FOLLOW US ON
LinkedIn T
witter YouTube
Instagram

A BOOK FROM
RUSSELL SARDER
CEO - NETCOM LEARNING
A framework to build a smarter
workforce, adapt to change and drive
growth.
Download

Thankyou

Defense Against Multi-Network Breaches.pdf