Computer ForensicsFacultyScott GreeneofGreat Scott Enterprises Inc Copyright Great Scott EnteThe Professional Computer Consulting Computer Forensics Firm YearIncidentsIncrease20028209456 2 ID: 520805
Download Pdf The PPT/PDF document "great scott enterprises inc 2003 2004 th..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
©Great Scott Enterprises,Inc. 2003, 2004. The Professional Computer Consulting & Computer Forensics Firm. Computer Forensics:Faculty:Scott GreeneofGreat Scott Enterprises, Inc. Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. YearIncidentsIncrease2002:82,09456% 2003:137,52968% 2004:233,79970%? 2005:397,45870%2006:675,67970%2007:1,148,65570% Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. The lawsFederal Guidelines for Searching and Seizing ComputersWere originally written in 1994They were supplemented in 1997 and 1999They were completely revised in 2001And supplemented again in 2002States are still grappling with electronic discovery rules Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Evidence Collection Sources of Evidence:Cell PhonesFax MachinesStorage Media includes:Hard Disk DrivesFloppy DisksBackup tapesCD Rom disksE-prom and Memory chips Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Evidence Collection Sources of Evidence:ISP servers example:The FBI developed Carnivore ( DCS1000 ) to wiretap communications that go through Internet service providers. Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. requirements such as the proper Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. How not to do things .The law firm overwrote the data!!!!The machine was on when we arrived.The owner of the machine had rigged the machine with some pretty sophisticated software that automatically and a question was either skipped or answered wrong in the boot process.The data that the law firm sought was completely destroyed. Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. How not to do things .The IT department overwrote the data!!!Employee deleted data from hard disk drivebut didnt delete it from the recycle binTechnology department recovered the data using some standard data toolsbut destroyed the evidence that proved the employee deleted the data in the first placethis made our job much much harder than it had to be Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Case ExampleBackground informationVictim Company, Inc. sells information over the Internet. It is done via paid company.Perpetrators R Us, LLC competes with Victim Company, Inc. selling either identical or similar information. Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Case ExampleBackground InformationVictim Company, Inc. had a pretty sophisticated data center with a good Washington state. And that the IP address used was registered to Perpetrators R Us. Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Case ExampleValidate that Perpetrators R Us were coming into the system and reading or copying data.Document same for possible use in civil caseBe able to testify to the accuracy in Affidavit and court. Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Case ExampleSecure the existing logsImaged the logging server driveBacked up the Oracle Database that was viewed. It also had a log that we wanted to cross reference.Document the methods that were being used to Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Create / install a logging server accessible only to me.Come in from an IP unknown to the VictimsUsing a login generated by Victims for my use enter the system and review data just like a normal userDo this while on-site to certify that no tampering of the data Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Case ExampleCross reference the incidents with the server software.Build database tables that could contain entries from each type of logValidate the entries Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. What to do if you have an incidentWhat to do if you or a client have an incident?Call a professional!Independent investigation holds up better in courtKeep all recordsDates times etc.Freeze the machine(s)Its important to cross reference machines Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Things to keep in mindWhen creating software applications the more links between the outside world and the inside world, the better Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Things to keep in mindImplement appropriate procedures to identify and notify individuals and units of the need to preserve electronic and other records needed for pending or threatened litigation. Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Things to keep in mindWhen you are tracking intrusions, generally machine.Logs are too easily created or edited.Security must be tight Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Things to keep in mind Publicize policies and procedures regarding case of threatened litigation, and train lawyers and business people on when and how to carry out their responsibilities. Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Things to keep in mindImplement appropriate procedures to identify and notify individuals and units of the need to preserve electronic and other records needed for pending or threatened litigation. Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. BRUCE SCHNEIER, E-MAIL SECURITY: HOW TO Copyright Great Scott EnteThe Professional Computer Consulting & Computer Forensics Firm. Contact InformationScott Greene, SCFEGreat Scott Enterprises, IncEvidence Solutions520-795-7166866-795-7166