Chapter 3 First Response.

Slides:

Advertisements

Similar presentations

Calculating mL/hr RATE from DOSAGE ORDERED BCTC Nursing Student Resource Center Renee Felts, RN.

Advertisements

Guide to Computer Forensics and Investigations, Second Edition

Database Management Systems

By Drudeisha Madhub Data Protection Commissioner Date:

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

Adult Learning Academy

C ALCULATING M L/ HR FROM DOSAGE PER KG. 1 ST STEP First, calculate dose per minute. 3 mcg/kg/min x 95.9 kg = mcg/min.

ADVANCED MANUFACTURING PROGRAMS Info Session North Montco Technical Career Center Wednesday, February 13, :30 – 6:30 pm.

Chemical Safety BT 202 Biotechnology Techniques II.

Brush up on Math BCTC Nursing Student Resource Center Renee Felts, RN.

LinkedIn Workshop Presented by: DOL Grant Career Coach Diana Sukut: ;

Health Technology Business & Industry Leadership Team Name:______________________________ Company:___________________________ Healthcare: check 1. Patient.

Unit 6 Review Flashcards Unit 6 Review Flashcards ALA: Pre-Algebra Unit 6 Integers.

Subtracting Integers ALA: Pre-Algebra Unit 6 Integers.

MATERIAL SAFETY DATA SHEETS (MSDS) Heather Wipijewski, CVT This workforce solution was funded by a grant awarded under the President’s Community-Based.

Work Readiness Program Willingness To Learn. Objectives Describe why an employer values an employee who expresses a willingness to learn. Describe why.

Developing a One-Stop Resource Center JoEllen Space, Director Online Programs Community College System of NH.

Cat Forelimb Muscles. Long Head- Triceps brachii m. Lateral Head-Triceps brachii m. Spinous head-Deltoideus m. Acromial Head-Deltoideus Brachiocephalicus.

Health eWorkforce Consortium A Hero’s Welcome to Health IT: A RAPID GROWTH INDUSTRY BECKONS NEW TALENT.

Unit 4 Review Flashcards Unit 4 Review Flashcards ALA: Pre-Algebra Unit 4 Ratios and Proportions.

Summer Working Connections Linux+ Virtual Labs Julie Hietschold Tuesday, July 14, 2015.

Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.

Greater Than > Less Than Review Greater Than > Less Than Review ALA: Pre-Algebra Unit 1 Whole Numbers.

Healthcare Safety and Standard Precautions Competencies 5-6.

Using Evaluation and Data To Support Continuous Improvement: Recognizing Key Turning Points COSGROVE & ASSOCIATES BRAGG & ASSOCIATES.

Career Mapping - 2. Bachelor’s Degree Continued Education: General electives Biology Chemistry Theoretical knowledge Critical thinking Writing (Additional.

Healthcare Safety and Standard Precautions Competencies 7-8.

Exponent Flashcards ALA: Pre-Algebra Unit 6 Integers.

Work Readiness Program Introduction. Objectives List reasons a person is considered a “Good Employee” List reasons a person is considered a “Good Employee”

Test Taking Skills. Strategies for Mental and Physical Preparation 1. Get plenty of sleep the night before 2. Eat a good breakfast 3. Arrive 5-10 minutes.

Summer Working Connections Linux+ Virtual Labs Julie Hietschold Friday, July 17, 2015.

Balancing Act What Reading Teachers Want Writing Teachers to Know and What Writing Teachers Want Reading Teachers to Know.

Restriction Mapping of Plasmid DNA. Restriction Maps Restriction enzymes can be used to construct maps of plasmid DNA Restriction enzymes can be used.

Welcome to... A Game of X’s and O’s This workforce solution was funded by a grant awarded under the President’s Community-Based Job Training Grants as.

Introduction to Medical Terminology. Knowledge how medical terms are built Lots of memorization of the various medical word components Once know the components.

Pumps. PUMP FAMILY TREE CENTRIFUGAL PUMP ADVANTAGES This type of pump is cheaper and requires less maintenance They will operate with a constant head.

Summer Working Connections Linux+ Virtual Labs Julie Hietschold Wednesday, July 15, 2015.

Summer Working Connections Linux+ Virtual Labs Julie Hietschold Thursday, July 16, 2015.

Amy Kong Mathematics Faculty. Using Google Hangouts to Enhance Online Teaching.

Pumps. DIAPHRAGM PUMPS DIAPHRAGM PUMP DIAGRAM(cont’d)

Unit 7 Review Flashcards Unit 7 Review Flashcards ALA: Pre-Algebra Unit 7 Algebra.

SURP 2014 – SUMMER UNDERGRADUATE RESEARCH PROGRAM Connecticut Health & Life Sciences Career Initiative is 100% funded by a $12.1 million USDOL Trade Adjustment.

Qualities and Characteristics of a Health Care Worker.

How Might We?. THE VISION: MoHealthWINs is a Transformative Process that Can Help Missouri Lead the Nation in Educational Attainment.

Lockout Tagout Procedures Why? MoManufacturingWINs Precision Machining Technology ME 100 – Measurement, Materials & Safety.

Summer Working Connections Linux+ Virtual Labs Julie Hietschold Monday, July 13, 2015.

This material is licensed under the Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit

This material is licensed under the Creative Commons Attribution 4.0 Unported License. To view a copy of this license, visit

Right Angle Trigonometry MoManufacturingWINs Precision Machining Technology ME 100 – Measurement, Materials & Safety.

MoManufacturingWINs Precision Machining Technology ME 100 – Measurement, Materials & Safety.

5/8 numerator denominator Mixed number Improper Fraction MoManWINs Precision Machining Technology ME Measurement, Materials & Safety This workforce.

EnCase Computer Forensics

Presentation on Conversions between English and Metric Systems

Petroleum Instrumentation NGT 160

Contact Jessica Stumpff at for questions

SEARCHING, VIEWING AND BOOKMARKING

Wake Technical CC Located in Raleigh, NC

Advanced Computer Forensics

Acing the Job Application

Rigging & Lifting COMPLETION TECHNICIAN Chain Hoist Chain sling Sling

Module 6 – Sand & Propant COMPLETION TECHNICIAN

P1 P2 P3 Wire #1 Wire #2 Wire #3a Wire #3b Wire #4 Wire #5 Wire #6

Chapter 2: Soils Investigation

1 ElE Ground Stud Detail A 1 GROUND STUD ASSY

Chapter 5 EnCase Concepts.

“Information Technology” Certificate

PLACEHOLDER FOR YOUR LOGO

PLACEHOLDER FOR YOUR LOGO

Measuring Devices Technology Readiness Training

Presentation transcript:

Chapter 3 First Response

Planning and Preparation - 1 The Who, What, When, Where and How Physical Location Type of location – residence, business, apartment building Size – Internet access, office or floor or whole business, multiple buildings, neighborhood Personnel Know who will be present during your incident-response planning Will you be working at a business during business hours with workers present Get to know personnel – can you find a “friendly” administrator you know is not involved Is the suspect known Find out as much about them as possible Where they work, username, email, home address, car, photo, etc.

Planning and Preparation - 2 The Who, What, When, Where and How Computer Systems What OS, type of computer Encryption – indication Network – wireless, wired etc, servers, backups, proxy, firewalls What type of evidence – child pornography, bootleg software, “booked books” Admin. Password – who has them, admin helpful or part of the problem Seized or on location – in a lab or within a limited amount of time What your authority is - searching What to take with you Digital camera, cables, cords, floppy, usb, Forensic boot, gloves, image RAM, portable field computer/laptop, adapters, labels, bags, hubs, PC reference guide, etc.

Planning and Preparation - 3 Search Authority Search Warrant Consent to search Call from victim Corporate counsel Policy Court order for civil suit WE are BOUND by the SEARCH AUTHORITY All 1st responders need to be aware of the limits Specific computers, file types, user files etc. Must stay within the boundaries Contingency plan for evidence that might be discovered in plain sight exceeding the search authority Usually you must leave behind a list of what was taken and the warrant

Handling Evidence at the Scene - 1 Securing the Scene Safety #1 priority Perimeter control - secure area and provide ongoing security Recording and Photographing the Scene How things are found when you enter the scene Recorder – takes detailed notes of everything seized Photographer – Photographs or videos area Search-and-Seizure specialist – seizes and bags and tags non-digital evidence Digital evidence search-and-Seizure specialist – seizes, bags and tags digital evidence

Handling Evidence at the Scene - 2 Considerations for Seizing Computer Evidence Physical Evidence Fingerprints, hairs, fibers etc. Coordinate your efforts with other examiners Bare minimum – use latex gloves as a standard practice Tyvek suit if other fibers or bodily tissue might be examined PROTECT EVIDENCE – digital and physical

Handling Evidence at the Scene - 3 Volatile Digital Evidence Turn your attention to capturing digital evidence RAM – current state might be a necessity for your investigation EnCase – Snapshot Analysis and imaging of live systems Utilize tools such as CryptHunter to see if encryption is enabled If you don’t have a live capture option you must use command line tools Should research and try before you complete any investigations with these tools

Handling Evidence at the Scene - 4 Shutdown Procedures Chart on page 107 Dictated by OS OS – usually pull the plug WIN Flavors up to 7 Linux/Unix Mac Servers – proper shutdown Might be other reasons to do something different Bagging and Tagging Chain of Custody Proper handling to lab

DOL Disclaimer and CCBY This workforce product was funded by a grant awarded by the U.S. Department of Labor’s Employment and Training Administration. The product was created by the grantee and does not necessarily reflect the official position of the U.S. Department of Labor. The Department of Labor makes no guarantees, warranties, or assurances of any kind, express or implied, with respect to such information, including any information on linked sites, and including, but not limited to accuracy of the information or its completeness, timeliness, usefulness, adequacy, continued availability or ownership. Except where otherwise noted, this work by Central Maine Community College is licensed under the Creative Commons Attribution 4.0 International License.