SlideShare a Scribd company logo

Digital Forensics_Lecture.pptx

Download as PPTX, PDF
K
khalifaAlMarzooqi3

Organizational Liability and the Management of Digital Forensics Deterrence can prevent an illegal or unethical activity from occurring. Successful deterrence requires the institution of severe penalties, the probability of apprehension, and an expectation that penalties will be enforced As part of an effort to sponsor positive ethics, a number of professional organizations have established codes of conduct and/or codes of ethics that their members are expected to follow Laws are formally adopted rules for acceptable behavior in modern society. Ethics are socially acceptable behaviors. The key difference between laws and ethics is that laws bear the sanction of a governing authority and ethics do not. Organizations formalize desired behaviors in documents called policies. Unlike laws, policies must be distributed, read, understood, explicitly agreed to by employees and uniformly enforced before they are enforceable Civil law encompasses a wide variety of laws that regulate relationships between and among individuals and organizations. Criminal law addresses violations that harm society and that are prosecuted by the state. Tort law is a subset of civil law that deals with lawsuits by individuals rather than criminal prosecution by the state U.S. copyright law extends intellectual property rights to the published word, including electronic publication A number of key U.S. federal agencies are charged with the protection of American information resources and the investigation of threats or attacks against these resources Digital forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis. E-discovery is the identification and preservation of evidentiary materials related to a specific legal action Most organizations cannot sustain a permanent digital forensics team. Even so, people in the InfoSec group should be trained to understand and manage the forensics process In digital forensics, all investigations follow the same basic methodology: identify relevant items of evidentiary value, acquire (seize) the evidence without alteration or damage, take steps to assure that the evidence is verifiably authentic at every stage and is unchanged from the time it was seized, analyze the data without risking modification or unauthorized access, and report the findings to the proper authority

Technology
1 of 43
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Organizational Liability and the Management of Digital Forensics Chapter 02: Compliance: Law and Ethics
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 2 Management of Information Security, 6th ed. - Whitman & Mattord
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 3 Management of Information Security, 6th ed. - Whitman & Mattord • Deterrence can prevent an illegal or unethical activity from occurring. Successful deterrence requires the institution of severe penalties, the probability of apprehension, and an expectation that penalties will be enforced • As part of an effort to sponsor positive ethics, a number of professional organizations have established codes of conduct and/or codes of ethics that their members are expected to follow • Laws are formally adopted rules for acceptable behavior in modern society. Ethics are socially acceptable behaviors. The key difference between laws and ethics is that laws bear the sanction of a governing authority and ethics do not Summary
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 4 Management of Information Security, 6th ed. - Whitman & Mattord • Organizations formalize desired behaviors in documents called policies. Unlike laws, policies must be distributed, read, understood, explicitly agreed to by employees and uniformly enforced before they are enforceable • Civil law encompasses a wide variety of laws that regulate relationships between and among individuals and organizations. Criminal law addresses violations that harm society and that are prosecuted by the state. Tort law is a subset of civil law that deals with lawsuits by individuals rather than criminal prosecution by the state • U.S. copyright law extends intellectual property rights to the published word, including electronic publication • A number of key U.S. federal agencies are charged with the protection of American information resources and the investigation of threats or attacks against these resources Summary (Continued)
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 5 Management of Information Security, 6th ed. - Whitman & Mattord • Digital forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis. E-discovery is the identification and preservation of evidentiary materials related to a specific legal action • Most organizations cannot sustain a permanent digital forensics team. Even so, people in the InfoSec group should be trained to understand and manage the forensics process • In digital forensics, all investigations follow the same basic methodology: identify relevant items of evidentiary value, acquire (seize) the evidence without alteration or damage, take steps to assure that the evidence is verifiably authentic at every stage and is unchanged from the time it was seized, analyze the data without risking modification or unauthorized access, and report the findings to the proper authority Summary (Continued)
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Self paced Reading: Digital Forensics Chapter 02: Compliance: Law and Ethics
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 7 Management of Information Security, 6th ed. - Whitman & Mattord Cybercrime • Various names: Computer crime, High-tech crimes, or Cybercrime. 7
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 8 Management of Information Security, 6th ed. - Whitman & Mattord Cybercrime • Cybercrime is used to describe criminal activity in which computers, mobiles, or networks are a tool, a target, or a place of criminal activity (contains evidence). •Electronic device as a target: Viruses, Denial-of-service attacks. •Electronic device as a tool: Identity theft, Phishing. •Electronic device contains evidence: emails, internet browsing, contacts, location data and images. 8 https://www.fbi.gov/about-us/investigate/cyber
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 9 Management of Information Security, 6th ed. - Whitman & Mattord Cybercrime: examples • Cyber-based terrorism • Espionage • Computer intrusions: Hacking • Identity theft • Cyber financial fraud • Child exploitation • Cyber Money Laundering • Online Gambling • Harassment including Cyberstalking • Drug trafficking • Offensive content including Internet pornography 9
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 10 Management of Information Security, 6th ed. - Whitman & Mattord More New Smart Devices 10
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 11 Management of Information Security, 6th ed. - Whitman & Mattord Forensics Science • Forensic science is the application of science to criminal and civil laws. The aim is to determine the evidential value of the crime scene and related evidence. 11
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 12 Management of Information Security, 6th ed. - Whitman & Mattord Forensics Science 12
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 13 Management of Information Security, 6th ed. - Whitman & Mattord Digital Forensics •Digital forensics is a collection of specialized techniques, processes, and procedures used to preserve, extract, analyze, and present electronic evidence that is found in digital devices, often in relation to computer or cybercrime. 13
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 14 Management of Information Security, 6th ed. - Whitman & Mattord Digital Forensics Process 14
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 15 Management of Information Security, 6th ed. - Whitman & Mattord DFInvestigation Methodology 15
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 16 Management of Information Security, 6th ed. - Whitman & Mattord Digital Forensics Specialties 16 1.Computer Forensics: Static & Live Acquisition 2.OS Forensics: Windows, Linux. 3.Mobile Forensics: Logical & Physical Extraction. 4.Network/Intrusion Forensics. 5.Malware Analysis: Reverse Engineering. 6.Open Source Intelligence. 7.Digital Forensics and Cloud Computing 8.Digital Forensics and Social Networks
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 17 Management of Information Security, 6th ed. - Whitman & Mattord Slide 17 The Digital Crime Scene
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 18 Management of Information Security, 6th ed. - Whitman & Mattord Slide 18 Getting Control and Officer Safety  Get Immediate Control of Devices  Computers  Mobile Devices  Storage Devices
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 19 Management of Information Security, 6th ed. - Whitman & Mattord Slide 19 Getting Control and Officer Safety  Check for Destructive Activities  Drive Formatting/Wiping  Mobile Device Resetting/Destruction
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 20 Management of Information Security, 6th ed. - Whitman & Mattord Slide 20 Getting Control and Officer Safety  If Destructive Activity Noted:  Computers • Pull the Power Plug from Computer (More on this topic to be covered elsewhere)
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 21 Management of Information Security, 6th ed. - Whitman & Mattord Slide 21 Getting Control and Officer Safety  If Destructive Activity Noted:  Mobile Devices • Pull the Battery if Possible (More on this topic to be covered elsewhere)
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 22 Management of Information Security, 6th ed. - Whitman & Mattord Slide 22 Identifying Devices What not to seize! • Devices that cannot store digital evidence. • Most Printers • Monitors • Keyboards However, don’t forget traditional evidence that may be on those devices. • Fingerprints • Bodily Fluids
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 23 Management of Information Security, 6th ed. - Whitman & Mattord Slide 23 Evidence Preservation Running Computers • When in doubt, pull the plug! Running Cell Phones • If off, leave it off • If on, leave it on but protect with a Faraday Bag!
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 24 Management of Information Security, 6th ed. - Whitman & Mattord Slide 24 Evidence Acquisition (Imaging and Cloning) • Forensic Imaging is the process of copying the data from a suspect device to a file or set of files on another device. • Forensic cloning is the process of ‘cloning’ one device to another device.
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 25 Management of Information Security, 6th ed. - Whitman & Mattord Slide 25 Evidence Acquisition Cloning All data from drive Hard Drive Cloned Drive The drives are now identical
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 26 Management of Information Security, 6th ed. - Whitman & Mattord Cell phone and Mobile Device Forensics 26
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 27 Management of Information Security, 6th ed. - Whitman & Mattord Acquisition Phase 27 - The third phase in the Mobile Forensic Process is to perform acquisition. - Acquisition is the process of imaging or otherwise obtaining information from a mobile device and its associated media. - Data needs to be extracted from: SIM card, external memory card, and most importantly the handset memory microchip.
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 28 Management of Information Security, 6th ed. - Whitman & Mattord What to Acquire? 28 Data stored electronically within the SIM Data stored externally within the memory expansion card such as Trans Flash Micro SD Data stored within the internal Memory Microchip
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 29 Management of Information Security, 6th ed. - Whitman & Mattord Why to do acquisition? 29 - We never work on the original, we always try to perform things in forensically sound manner. - We do extraction, duplication, of the original and then examine the copy not the original. - This is very important in order to not affect the integrity of the evidence.
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 30 Management of Information Security, 6th ed. - Whitman & Mattord Manual Extraction 30 - It is the most basic extraction method where an examiner manually accesses the phone through the user interface. - To ensure that all details are documented, this process is normally photographed or videotaped. - Only data accessible through the operating system is retrievable.
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 31 Management of Information Security, 6th ed. - Whitman & Mattord 31
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 32 Management of Information Security, 6th ed. - Whitman & Mattord Dealing with Password Protection 32 - Many mobile devices permit users to set a password to restrict access to the device. - For certain devices, it is possible to bypass or recover such protection. - It is generally inadvisable to guess a lock code or passphrase because some mobile devices will wipe their contents after too many failed attempts.
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 33 Management of Information Security, 6th ed. - Whitman & Mattord UFED Phone Detective 33
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 34 Management of Information Security, 6th ed. - Whitman & Mattord Device Information 34
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 35 Management of Information Security, 6th ed. - Whitman & Mattord SMS (including deleted ones) 35
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 36 Management of Information Security, 6th ed. - Whitman & Mattord Files including photos, videos 36
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 37 Management of Information Security, 6th ed. - Whitman & Mattord Web Browsers Cache Analyzer 37
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 38 Management of Information Security, 6th ed. - Whitman & Mattord Passwords can be retrieved 38
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 39 Management of Information Security, 6th ed. - Whitman & Mattord WiFi Connections & Location Services 39
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 40 Management of Information Security, 6th ed. - Whitman & Mattord Communication Activities 40
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 41 Management of Information Security, 6th ed. - Whitman & Mattord • When an incident or disaster violates civil or criminal law, it is the organization’s responsibility to notify the proper authorities. • Selecting the appropriate law enforcement agency depends on the type of crime committed. Law Enforcement Involvement
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 42 Management of Information Security, 6th ed. - Whitman & Mattord •Involving law enforcement agencies has both advantages and disadvantages: • Such agencies are usually much better equipped to process evidence than a business and are also prepared to handle the warrants and subpoenas necessary when documenting a case • The disadvantages of law enforcement involvement include possible loss of control over the chain of events following an incident—for example, the collection of information and evidence and the prosecution of suspects • A very real issue is the confiscation of vital equipment as evidence Law Enforcement Involvement (Continued)
© 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 43 Management of Information Security, 6th ed. - Whitman & Mattord As of this writing, the rules are as follows: 1) The people who design, develop, or deploy a computing artifact are morally responsible for that artifact, and for the foreseeable effects of that artifact. This responsibility is shared with other people who design, develop, deploy or knowingly use the artifact as part of a sociotechnical system. 2) The shared responsibility of computing artifacts is not a zero-sum game. The responsibility of an individual is not reduced simply because more people become involved in designing, developing, deploying, or using the artifact. Instead, a person’s responsibility includes being answerable for the behaviors of the artifact and for the artifact’s effects after deployment, to the degree to which these effects are reasonably foreseeable by that person. 3) People who knowingly use a particular computing artifact are morally responsible for that use. 4) People who knowingly design, develop, deploy, or use a computing artifact can do so responsibly only when they make a reasonable effort to take into account the sociotechnical systems in which the artifact is embedded. 5) People who design, develop, deploy, promote, or evaluate a computing artifact should not explicitly or implicitly deceive users about the artifact or its foreseeable effects, or about the sociotechnical systems in which the artifact is embedded.

Recommended

541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
541341322-3-ITE403-Whitman-Ch03-W3C1.pdf541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
ubaidullah75790
 
Whitman_Ch03.pptx
Whitman_Ch03.pptxWhitman_Ch03.pptx
Whitman_Ch03.pptx
Siphamandla9
 
Lecture 8- information technology slides
Lecture 8- information technology slidesLecture 8- information technology slides
Lecture 8- information technology slides
Aiman Niazi
 
Lecture 5.pptx
Lecture 5.pptxLecture 5.pptx
Lecture 5.pptx
DuncanWachira3
 
Guide to Computer Forencis and investigations
Guide to Computer Forencis and investigationsGuide to Computer Forencis and investigations
Guide to Computer Forencis and investigations
BurhanKhan774154
 
Personal, Legal, Ethical, and Organizational Issues of .docx
Personal, Legal, Ethical, and Organizational Issues of .docxPersonal, Legal, Ethical, and Organizational Issues of .docx
Personal, Legal, Ethical, and Organizational Issues of .docx
karlhennesey
 
Whitman_Ch05.pptx
Whitman_Ch05.pptxWhitman_Ch05.pptx
Whitman_Ch05.pptx
Siphamandla9
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to Security
Dr. Ahmed Al Zaidy
 

Recommended

541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
541341322-3-ITE403-Whitman-Ch03-W3C1.pdf541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
541341322-3-ITE403-Whitman-Ch03-W3C1.pdf
ubaidullah75790
 
Whitman_Ch03.pptx
Whitman_Ch03.pptxWhitman_Ch03.pptx
Whitman_Ch03.pptx
Siphamandla9
 
Lecture 8- information technology slides
Lecture 8- information technology slidesLecture 8- information technology slides
Lecture 8- information technology slides
Aiman Niazi
 
Lecture 5.pptx
Lecture 5.pptxLecture 5.pptx
Lecture 5.pptx
DuncanWachira3
 
Guide to Computer Forencis and investigations
Guide to Computer Forencis and investigationsGuide to Computer Forencis and investigations
Guide to Computer Forencis and investigations
BurhanKhan774154
 
Personal, Legal, Ethical, and Organizational Issues of .docx
Personal, Legal, Ethical, and Organizational Issues of .docxPersonal, Legal, Ethical, and Organizational Issues of .docx
Personal, Legal, Ethical, and Organizational Issues of .docx
karlhennesey
 
Whitman_Ch05.pptx
Whitman_Ch05.pptxWhitman_Ch05.pptx
Whitman_Ch05.pptx
Siphamandla9
 
Chapter 1 Introduction to Security
Chapter 1 Introduction to SecurityChapter 1 Introduction to Security
Chapter 1 Introduction to Security
Dr. Ahmed Al Zaidy
 
Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
TechSoup
 
ITT450 Chapter 1.pptx
ITT450 Chapter 1.pptxITT450 Chapter 1.pptx
ITT450 Chapter 1.pptx
AliffDarfriz
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Shawn Tuma
 
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
susanschei
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data SecurityChapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Dr. Ahmed Al Zaidy
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
Shawn Tuma
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
Shawn Tuma
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
Splunk
 
Whitman_Ch06.pptx
Whitman_Ch06.pptxWhitman_Ch06.pptx
Whitman_Ch06.pptx
Siphamandla9
 
Whitman_Ch02.pptx
Whitman_Ch02.pptxWhitman_Ch02.pptx
Whitman_Ch02.pptx
Siphamandla9
 
Cyber Risk in the Energy Industry
Cyber Risk in the Energy IndustryCyber Risk in the Energy Industry
Cyber Risk in the Energy Industry
Tim Christ Executive Leadership
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
Shawn Tuma
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
Shawn Tuma
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
MTG IT Professionals
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical Hacking
IRJET Journal
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
adabotor7
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
Adrian Dumitrescu
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Business Days
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
cyberprosocial
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 

More Related Content

Similar to Digital Forensics_Lecture.pptx

Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
TechSoup
 
ITT450 Chapter 1.pptx
ITT450 Chapter 1.pptxITT450 Chapter 1.pptx
ITT450 Chapter 1.pptx
AliffDarfriz
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Shawn Tuma
 
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
susanschei
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3Meg Weber
 
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data SecurityChapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
Dr. Ahmed Al Zaidy
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
Shawn Tuma
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
Shawn Tuma
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
Splunk
 
Whitman_Ch06.pptx
Whitman_Ch06.pptxWhitman_Ch06.pptx
Whitman_Ch06.pptx
Siphamandla9
 
Whitman_Ch02.pptx
Whitman_Ch02.pptxWhitman_Ch02.pptx
Whitman_Ch02.pptx
Siphamandla9
 
Cyber Risk in the Energy Industry
Cyber Risk in the Energy IndustryCyber Risk in the Energy Industry
Cyber Risk in the Energy Industry
Tim Christ Executive Leadership
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
Shawn Tuma
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
Shawn Tuma
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
MTG IT Professionals
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical Hacking
IRJET Journal
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
adabotor7
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
Adrian Dumitrescu
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Business Days
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
cyberprosocial
 

Similar to Digital Forensics_Lecture.pptx (20)

Security and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to KnowSecurity and Privacy: What Nonprofits Need to Know
Security and Privacy: What Nonprofits Need to Know
 
ITT450 Chapter 1.pptx
ITT450 Chapter 1.pptxITT450 Chapter 1.pptx
ITT450 Chapter 1.pptx
 
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...Why Your Organization Must Have a Cyber Risk Management Program and How to De...
Why Your Organization Must Have a Cyber Risk Management Program and How to De...
 
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
© 2018 Cengage Learning. All Rights Reserved. May not be cop.docx
 
2014 ota databreach3
2014 ota databreach32014 ota databreach3
2014 ota databreach3
 
Chapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data SecurityChapter 13 Vulnerability Assessment and Data Security
Chapter 13 Vulnerability Assessment and Data Security
 
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Denver 2017 (Lunch Keynote)
 
The Legal Case for Cybersecurity
The Legal Case for CybersecurityThe Legal Case for Cybersecurity
The Legal Case for Cybersecurity
 
GDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your DownfallGDPR Complaince: Don't Let SIEM BE Your Downfall
GDPR Complaince: Don't Let SIEM BE Your Downfall
 
Whitman_Ch06.pptx
Whitman_Ch06.pptxWhitman_Ch06.pptx
Whitman_Ch06.pptx
 
Whitman_Ch02.pptx
Whitman_Ch02.pptxWhitman_Ch02.pptx
Whitman_Ch02.pptx
 
Cyber Risk in the Energy Industry
Cyber Risk in the Energy IndustryCyber Risk in the Energy Industry
Cyber Risk in the Energy Industry
 
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
The Legal Case for Cybersecurity - SecureWorld Dallas 2017 (Lunch Keynote)
 
Contracting for Better Cybersecurity
Contracting for Better CybersecurityContracting for Better Cybersecurity
Contracting for Better Cybersecurity
 
6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back6 Biggest Cyber Security Risks and How You Can Fight Back
6 Biggest Cyber Security Risks and How You Can Fight Back
 
IRJET- Ethical Hacking
IRJET- Ethical HackingIRJET- Ethical Hacking
IRJET- Ethical Hacking
 
chapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxgggggggggggggggggggggggggggchapter 5.pptxggggggggggggggggggggggggggg
chapter 5.pptxggggggggggggggggggggggggggg
 
GDPR Part 1: Quick Facts
GDPR Part 1: Quick FactsGDPR Part 1: Quick Facts
GDPR Part 1: Quick Facts
 
Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020Adrian Ifrim - prezentare - Cyber Security Trends 2020
Adrian Ifrim - prezentare - Cyber Security Trends 2020
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
 

Recently uploaded

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
nkrafacyberclub
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 

Recently uploaded (20)

SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptxSecstrike : Reverse Engineering & Pwnable tools for CTF.pptx
Secstrike : Reverse Engineering & Pwnable tools for CTF.pptx
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 

Digital Forensics_Lecture.pptx

  • 1. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Organizational Liability and the Management of Digital Forensics Chapter 02: Compliance: Law and Ethics
  • 2. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 2 Management of Information Security, 6th ed. - Whitman & Mattord
  • 3. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 3 Management of Information Security, 6th ed. - Whitman & Mattord • Deterrence can prevent an illegal or unethical activity from occurring. Successful deterrence requires the institution of severe penalties, the probability of apprehension, and an expectation that penalties will be enforced • As part of an effort to sponsor positive ethics, a number of professional organizations have established codes of conduct and/or codes of ethics that their members are expected to follow • Laws are formally adopted rules for acceptable behavior in modern society. Ethics are socially acceptable behaviors. The key difference between laws and ethics is that laws bear the sanction of a governing authority and ethics do not Summary
  • 4. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 4 Management of Information Security, 6th ed. - Whitman & Mattord • Organizations formalize desired behaviors in documents called policies. Unlike laws, policies must be distributed, read, understood, explicitly agreed to by employees and uniformly enforced before they are enforceable • Civil law encompasses a wide variety of laws that regulate relationships between and among individuals and organizations. Criminal law addresses violations that harm society and that are prosecuted by the state. Tort law is a subset of civil law that deals with lawsuits by individuals rather than criminal prosecution by the state • U.S. copyright law extends intellectual property rights to the published word, including electronic publication • A number of key U.S. federal agencies are charged with the protection of American information resources and the investigation of threats or attacks against these resources Summary (Continued)
  • 5. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 5 Management of Information Security, 6th ed. - Whitman & Mattord • Digital forensics involves the preservation, identification, extraction, documentation, and interpretation of computer media for evidentiary and root cause analysis. E-discovery is the identification and preservation of evidentiary materials related to a specific legal action • Most organizations cannot sustain a permanent digital forensics team. Even so, people in the InfoSec group should be trained to understand and manage the forensics process • In digital forensics, all investigations follow the same basic methodology: identify relevant items of evidentiary value, acquire (seize) the evidence without alteration or damage, take steps to assure that the evidence is verifiably authentic at every stage and is unchanged from the time it was seized, analyze the data without risking modification or unauthorized access, and report the findings to the proper authority Summary (Continued)
  • 6. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. Self paced Reading: Digital Forensics Chapter 02: Compliance: Law and Ethics
  • 7. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 7 Management of Information Security, 6th ed. - Whitman & Mattord Cybercrime • Various names: Computer crime, High-tech crimes, or Cybercrime. 7
  • 8. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 8 Management of Information Security, 6th ed. - Whitman & Mattord Cybercrime • Cybercrime is used to describe criminal activity in which computers, mobiles, or networks are a tool, a target, or a place of criminal activity (contains evidence). •Electronic device as a target: Viruses, Denial-of-service attacks. •Electronic device as a tool: Identity theft, Phishing. •Electronic device contains evidence: emails, internet browsing, contacts, location data and images. 8 https://www.fbi.gov/about-us/investigate/cyber
  • 9. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 9 Management of Information Security, 6th ed. - Whitman & Mattord Cybercrime: examples • Cyber-based terrorism • Espionage • Computer intrusions: Hacking • Identity theft • Cyber financial fraud • Child exploitation • Cyber Money Laundering • Online Gambling • Harassment including Cyberstalking • Drug trafficking • Offensive content including Internet pornography 9
  • 10. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 10 Management of Information Security, 6th ed. - Whitman & Mattord More New Smart Devices 10
  • 11. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 11 Management of Information Security, 6th ed. - Whitman & Mattord Forensics Science • Forensic science is the application of science to criminal and civil laws. The aim is to determine the evidential value of the crime scene and related evidence. 11
  • 12. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 12 Management of Information Security, 6th ed. - Whitman & Mattord Forensics Science 12
  • 13. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 13 Management of Information Security, 6th ed. - Whitman & Mattord Digital Forensics •Digital forensics is a collection of specialized techniques, processes, and procedures used to preserve, extract, analyze, and present electronic evidence that is found in digital devices, often in relation to computer or cybercrime. 13
  • 14. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 14 Management of Information Security, 6th ed. - Whitman & Mattord Digital Forensics Process 14
  • 15. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 15 Management of Information Security, 6th ed. - Whitman & Mattord DFInvestigation Methodology 15
  • 16. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 16 Management of Information Security, 6th ed. - Whitman & Mattord Digital Forensics Specialties 16 1.Computer Forensics: Static & Live Acquisition 2.OS Forensics: Windows, Linux. 3.Mobile Forensics: Logical & Physical Extraction. 4.Network/Intrusion Forensics. 5.Malware Analysis: Reverse Engineering. 6.Open Source Intelligence. 7.Digital Forensics and Cloud Computing 8.Digital Forensics and Social Networks
  • 17. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 17 Management of Information Security, 6th ed. - Whitman & Mattord Slide 17 The Digital Crime Scene
  • 18. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 18 Management of Information Security, 6th ed. - Whitman & Mattord Slide 18 Getting Control and Officer Safety  Get Immediate Control of Devices  Computers  Mobile Devices  Storage Devices
  • 19. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 19 Management of Information Security, 6th ed. - Whitman & Mattord Slide 19 Getting Control and Officer Safety  Check for Destructive Activities  Drive Formatting/Wiping  Mobile Device Resetting/Destruction
  • 20. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 20 Management of Information Security, 6th ed. - Whitman & Mattord Slide 20 Getting Control and Officer Safety  If Destructive Activity Noted:  Computers • Pull the Power Plug from Computer (More on this topic to be covered elsewhere)
  • 21. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 21 Management of Information Security, 6th ed. - Whitman & Mattord Slide 21 Getting Control and Officer Safety  If Destructive Activity Noted:  Mobile Devices • Pull the Battery if Possible (More on this topic to be covered elsewhere)
  • 22. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 22 Management of Information Security, 6th ed. - Whitman & Mattord Slide 22 Identifying Devices What not to seize! • Devices that cannot store digital evidence. • Most Printers • Monitors • Keyboards However, don’t forget traditional evidence that may be on those devices. • Fingerprints • Bodily Fluids
  • 23. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 23 Management of Information Security, 6th ed. - Whitman & Mattord Slide 23 Evidence Preservation Running Computers • When in doubt, pull the plug! Running Cell Phones • If off, leave it off • If on, leave it on but protect with a Faraday Bag!
  • 24. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 24 Management of Information Security, 6th ed. - Whitman & Mattord Slide 24 Evidence Acquisition (Imaging and Cloning) • Forensic Imaging is the process of copying the data from a suspect device to a file or set of files on another device. • Forensic cloning is the process of ‘cloning’ one device to another device.
  • 25. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 25 Management of Information Security, 6th ed. - Whitman & Mattord Slide 25 Evidence Acquisition Cloning All data from drive Hard Drive Cloned Drive The drives are now identical
  • 26. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 26 Management of Information Security, 6th ed. - Whitman & Mattord Cell phone and Mobile Device Forensics 26
  • 27. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 27 Management of Information Security, 6th ed. - Whitman & Mattord Acquisition Phase 27 - The third phase in the Mobile Forensic Process is to perform acquisition. - Acquisition is the process of imaging or otherwise obtaining information from a mobile device and its associated media. - Data needs to be extracted from: SIM card, external memory card, and most importantly the handset memory microchip.
  • 28. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 28 Management of Information Security, 6th ed. - Whitman & Mattord What to Acquire? 28 Data stored electronically within the SIM Data stored externally within the memory expansion card such as Trans Flash Micro SD Data stored within the internal Memory Microchip
  • 29. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 29 Management of Information Security, 6th ed. - Whitman & Mattord Why to do acquisition? 29 - We never work on the original, we always try to perform things in forensically sound manner. - We do extraction, duplication, of the original and then examine the copy not the original. - This is very important in order to not affect the integrity of the evidence.
  • 30. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 30 Management of Information Security, 6th ed. - Whitman & Mattord Manual Extraction 30 - It is the most basic extraction method where an examiner manually accesses the phone through the user interface. - To ensure that all details are documented, this process is normally photographed or videotaped. - Only data accessible through the operating system is retrievable.
  • 31. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 31 Management of Information Security, 6th ed. - Whitman & Mattord 31
  • 32. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 32 Management of Information Security, 6th ed. - Whitman & Mattord Dealing with Password Protection 32 - Many mobile devices permit users to set a password to restrict access to the device. - For certain devices, it is possible to bypass or recover such protection. - It is generally inadvisable to guess a lock code or passphrase because some mobile devices will wipe their contents after too many failed attempts.
  • 33. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 33 Management of Information Security, 6th ed. - Whitman & Mattord UFED Phone Detective 33
  • 34. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 34 Management of Information Security, 6th ed. - Whitman & Mattord Device Information 34
  • 35. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 35 Management of Information Security, 6th ed. - Whitman & Mattord SMS (including deleted ones) 35
  • 36. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 36 Management of Information Security, 6th ed. - Whitman & Mattord Files including photos, videos 36
  • 37. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 37 Management of Information Security, 6th ed. - Whitman & Mattord Web Browsers Cache Analyzer 37
  • 38. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 38 Management of Information Security, 6th ed. - Whitman & Mattord Passwords can be retrieved 38
  • 39. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 39 Management of Information Security, 6th ed. - Whitman & Mattord WiFi Connections & Location Services 39
  • 40. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 40 Management of Information Security, 6th ed. - Whitman & Mattord Communication Activities 40
  • 41. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 41 Management of Information Security, 6th ed. - Whitman & Mattord • When an incident or disaster violates civil or criminal law, it is the organization’s responsibility to notify the proper authorities. • Selecting the appropriate law enforcement agency depends on the type of crime committed. Law Enforcement Involvement
  • 42. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 42 Management of Information Security, 6th ed. - Whitman & Mattord •Involving law enforcement agencies has both advantages and disadvantages: • Such agencies are usually much better equipped to process evidence than a business and are also prepared to handle the warrants and subpoenas necessary when documenting a case • The disadvantages of law enforcement involvement include possible loss of control over the chain of events following an incident—for example, the collection of information and evidence and the prosecution of suspects • A very real issue is the confiscation of vital equipment as evidence Law Enforcement Involvement (Continued)
  • 43. © 2018 Cengage. May not be copied, scanned, or duplicated, in whole or in part, except for use as permitted in a license distributed with a certain product or service or otherwise on a password-protected website for classroom use. 43 Management of Information Security, 6th ed. - Whitman & Mattord As of this writing, the rules are as follows: 1) The people who design, develop, or deploy a computing artifact are morally responsible for that artifact, and for the foreseeable effects of that artifact. This responsibility is shared with other people who design, develop, deploy or knowingly use the artifact as part of a sociotechnical system. 2) The shared responsibility of computing artifacts is not a zero-sum game. The responsibility of an individual is not reduced simply because more people become involved in designing, developing, deploying, or using the artifact. Instead, a person’s responsibility includes being answerable for the behaviors of the artifact and for the artifact’s effects after deployment, to the degree to which these effects are reasonably foreseeable by that person. 3) People who knowingly use a particular computing artifact are morally responsible for that use. 4) People who knowingly design, develop, deploy, or use a computing artifact can do so responsibly only when they make a reasonable effort to take into account the sociotechnical systems in which the artifact is embedded. 5) People who design, develop, deploy, promote, or evaluate a computing artifact should not explicitly or implicitly deceive users about the artifact or its foreseeable effects, or about the sociotechnical systems in which the artifact is embedded.

Editor's Notes

  1. As of this writing, the rules are as follows: 1. The people who design, develop, or deploy a computing artifact are morally responsible for that artifact, and for the foreseeable effects of that artifact. This responsibility is shared with other people who design, develop, deploy or knowingly use the artifact as part of a sociotechnical system. 2. The shared responsibility of computing artifacts is not a zero-sum game. The responsibility of an individual is not reduced simply because more people become involved in designing, developing, deploying, or using the artifact. Instead, a person’s responsibility includes being answerable for the behaviors of the artifact and for the artifact’s effects after deployment, to the degree to which these effects are reasonably foreseeable by that person. 3. People who knowingly use a particular computing artifact are morally responsible for that use. 4. People who knowingly design, develop, deploy, or use a computing artifact can do so responsibly only when they make a reasonable effort to take into account the sociotechnical systems in which the artifact is embedded. 5. People who design, develop, deploy, promote, or evaluate a computing artifact should not explicitly or implicitly deceive users about the artifact or its foreseeable effects, or about the sociotechnical systems in which the artifact is embedded. Compared to the codes of ethics discussed earlier, The Rules are few in number and quite general in nature. They are intended to apply to a broad spectrum of people involved in computer system design and development. The Rules have gathered broad support as useful guidelines by academics, practitioners, computer scientists, and philosophers from a number of countries [MILL11]. It seems likely that The Rules will influence future versions of codes of ethics by computer-related professional organizations.