This document provides an overview of Patricia Watson's background and experience in digital forensics and cybersecurity. It outlines her credentials and roles in digital forensics program management, legal forensic specialist work, and internships. The document then discusses various digital forensic skills and how they can be applied, including incident response, malware analysis, cybersecurity risk assessments, and litigation support. It emphasizes the importance of objectivity, skill diversification, and communication skills in this field.

1. Leveraging Digital Forensic
Skills to Deliver Cyber
Technology Solutions
Patricia Watson
MBA | EnCE | GCFA
11.06.12

2. Bio
• Digital Forensic Program Manager, Boise Inc
• Report to the Director of Internal Audit
• DF, eDiscovery, Cyber Security Risk Assessments
and IT Audits
• Legal Forensic Specialist, Washington Group
• Digital Forensic Student Intern at the Center
for Cyber Defenders (CCD), Sandia National
Labs in Albuquerque NM
• 3 Forensic Certifications: NTI, GCFA, EnCE
• Masters in Information Assurance, MBA and BA
MIS from UNM
• Part of the group that help start the
curriculum for the Information Assurance
Program
• UNM was one of the first universities to have a
Digital Forensics lab

3. Overview
 Digital Forensic Skills
 Forensic Examiners
 Incident Response
 Malware Analysis
 Cyber security risks assessments
 Litigation Support
 IT Governance, compliance and audits
 A Few Sources
 Questions?

4. Quote
“There’s zero
correlation between
being the best talker
and having the best
ideas” (Susan Cain)

5. Forensic Skills Set
 A broad range of technical, investigative,
procedural, and legal skills
 Disk geometry, file system anatomy, reverse
engineering, evidence integrity, COC and
criminal profiling
 The ability to function in a complex,
dynamic environment
 Computer technology as well as legal and
regulatory environments are constantly changing
 The ability to objectively testify in a
court of law
 Reproduce incident, interpret results, be
prepared for cross-examination

6. Forensic Examiners
 Introverts
 Good listeners (think first, talk later)
 Very private (foster confidentiality)
 Focus-driven (enjoy performing deep dive
analysis)
 Embrace solitude (enjoy looking for the needle
in a hay stack)
 Irony…“forens” Latin word for “belonging to
the public”

7. Incident Response
 Image acquisition
 RAID rebuild
 Data recovery and restoration
 Partition/volume recovery
 Analyzing log entries

8. Malware Analysis
 Forensic image is a great sandbox for malware
analysis
 Hash analysis, Memory dump, Timeline analysis

9. Cyber Security Risk Assessments
 Open ports
 Active services
 Hidden processes
 Open handles
 Network shares
 User lists
 OS fingerprinting

11. Litigation Support
 Preservation of ESI
 Proximity keyword searching
 Complex keyword crafting
 Interpretation of FRCP
 De-duping
 Load files
 Export native ESI

12. IT Governance/Compliance/Audits
 PCI compliance
 HIPPA compliance
 Antitrust compliance
 Intellectual property
 Identifying policy violations

13. In summary…
 Objectivity is of essence
 Never underestimate the importance of
skillset diversification
 Continuously seek to enhance your
communication skills
 Seek opportunities to collaborate
 “Excellence is not about technical
competence but character” (Ernest
Laurence)

14. A few Sources
• Techy Stuff:
• NIST Guide to Integrating Forensic Techniques into Incident Response:
http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf
• US-CERT CSET: http://www.us-cert.gov/control_systems/satool.html
• Soft Skills:
• Working with Emotional Intelligence by Daniel Goleman
• Great Communication Secrets of Great Leaders by John Baldoni
• Leading Your Boss: The Subtle Art of Managing Up by John Baldoni
• TED, Ideas worth Spreading: http://www.ted.com/talks
• Professional Organizations:
• HTCIA , ACFE, ISACA, ISSA…

15. Questions?
PatriciaWatson@BoiseInc.com