Digital Forensics in the Corporation

Slides:



Advertisements
Similar presentations
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Advertisements

PPB Forensics – May 2010 IP Theft IT Forensic Solutions Chris Hatfield Senior Manager, IT Forensics.
Investigation Myths and Facts November 29, 2011 IOT Security: Caroline Drum Bradley.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
1 E-Commerce Introduction Professor Joshua Livnat, Ph.D., CPA 311 Tisch Hall New York University 40 W. 4th St. NY NY Tel. (212) Fax (212)
Network security policy: best practices
Guide to Computer Forensics and Investigations, Second Edition
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
Electronic Public Record What is it, and Where Can Agency Lawyers Find It?
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.
IT Security for Users By Matthew Moody.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Electronic Discovery refers to the discovery of electronic documents and data…including , web pages, word processing files, computer databases, and.
Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO
Visual Evidence / E-Discovery LLC Visual Evidence / E-Discovery LLC 60th Annual Meeting of the Ohio Regional Association of Law Libraries E-Discovery &
Company LOGO Computer Security and Forensics By Kim Cassinelli, Eriko Yamaguce and Stefan Schuebel.
Computer Forensics Principles and Practices
PRIVACY, SECURITY & ID THEFT PREVENTION - TIPS FOR THE VIGILANT BUSINESS - SMALL BUSINESS & ECONOMIC DEVELOPMENT FORUM October 21, WITH THANKS TO.
Dangerous Documents. Legal Compliances State and federal laws Contractual obligations Subject to an affirmative legal duty to establish and maintain certain.
DOE V. NORWALK COMMUNITY COLLEGE, 248 F.R.D. 372 (D. CONN. 2007) Decided July 16, 2002.
Computer Forensics Peter Caggiano. Outline My Background What is it? What Can it do and not do? Goals Evidence Types of forensics Future problems How.
OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.
EDiscovery Preservation, Spoliation, Litigation Holds, Adverse Inferences. September 15, 2008.
Forensic Procedures 1. Assess the situation and understand what type of incident or crime is to be investigated. 2. Obtain senior management approval to.
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
Project Scenario # 3 Daniel Gomez. I am the Information Systems Security Manager at Western Technical College. A virus has penetrated the network firewall.
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Lexmundi.com TRADE SECRET PROTECTION IN THE DIGITAL AGE Eric H. Rumbaugh Partner Michael Best & Friedrich LLP Lex Mundi member firm for Wisconsin This.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Legal Holds Department of State Division of Records Management Kevin Callaghan, Director.
E-Discovery And why it matters to a SSA. What is E-Discovery? E-Discovery is the process during litigation of discovering information relevant to litigation.
Chapter 6 Discovering the Scope of the Incident Spring Incident Response & Computer Forensics.
Computer Systems Networking. What is a Network A network can be described as a number of computers that are interconnected, allowing the sharing of data.
Heartland Surgical Specialty Hospital, LLC v. Midwest Division, Inc 2007 WL (D. Kan. Apr. 9, 2007)
Mr C Johnston ICT Teacher BTEC IT Unit 09 - Lesson 11 Network Security.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.
18-1 PRENTICE HALL ©2008 Pearson Education, Inc. Upper Saddle River, NJ FORENSIC SCIENCE An Introduction By Richard Saferstein.
By: Taysha Johnson. What is an insider threat? 1.A current or former employee, contractor, or other business partner who has or had authorized access.
CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.
By: Tom Maloney. Overview What is ProDiscover What it can be used for A few quick tools A real example ProDiscover vs. ENCASE ProDiscover IR Applications.
Networking Objectives Understand what the following policies will contain – Disaster recovery – Backup – Archiving – Acceptable use – failover.
Internet Vulnerabilities & Criminal Activity Internet Forensics 12.1 April 26, 2010 Internet Forensics 12.1 April 26, 2010.
8 – Protecting Data and Security
Defining Networking Chapter 2.
Blackboard Security System
Planning for Application Recovery
BY: NASUMBA KIZITO KWATUKHA
Server Machines By Brett Gunder COSC 101.
Discovering Computers 2010: Living in a Digital World Chapter 14
Risk Management of Digitized Data
Guide to Computer Forensics and Investigations Fifth Edition
Investigation Myths and Facts
Lecture 14: Business Information Systems - ICT Security
Information Technology (IT) Department
Forensics Week 11.
An Introduction to Public Records Office of the General Counsel
Unfortunately, any small business could face the risk of a data breach or cyber attack. Regardless of how big or small your business is, if your data,
Unit# 5: Internet and Worldwide Web
BACHELOR’S THESIS DEFENSE
BACHELOR’S THESIS DEFENSE
Vulnerability Reporting Process
Electronic Discovery Sabrina Jones 4/14/2011.
AIR-T11 What We’ve Learned Building a Cyber Security Operation Center: du Case Study Tamer El Refaey Senior Director, Security Monitoring and Operations.
Anatomy of a Common Cyber Attack
On-Site Investigations
Presentation transcript:

Digital Forensics in the Corporation A Walk Through of Risk

SMU Dept Computer Science D. Kall Loper, Ph.D. www.loperforensic.com info@loperforensic.com 817-991-6956 SMU Dept Computer Science

The Data The data for this study was drawn from 230 cases over the last 4 years. These cases were drawn from a mid-sized forensic corporation in Texas. This summary data represents cases investigated in detail. Many have been litigated to conclusion. No attempt is made to generalize these results. You will do that without my help.

Source of Cases Forensic Referral 62 Forensic Vendor 5 Law Firm 110 Individual 6 Corporation, Direct 46

How it was discovered Selling the division: A defense contractor 3 top engineers left en masse A new job: A banking executive The boss knew The IT guy did it: A transportation company Customers called The trouble with entrepreneurs… Sold the company and went into business again Nosy employees: HR data and economic harm Employees suddenly make demands

The proof Selling the division: A defense contractor Work computers reveal negotiations A new job: A banking executive Link files lead to external device The IT guy did it: A transportation company Regular contact to servers from new competitor The trouble with entrepreneurs Financial records/record fragments on computers Nosy employees: HR data and economic harm Copies of privileged documents on computers Network connection found as well

The Solutions Preserve employee’s hard disk drives. Network audit software. Restrict USB devices Restrict Webmail Backup Retention/Testing Create Policies

The Employee Love Triangle provides several illustrations of forensic techniques and integration with external counsel. Case Study

Personal Relationship IT Neckbeard HR Vice President HR Director Personal Relationship IT Director (has ABBA poster) HR Worker

The threatening letters contained information known only to HR and the executives.

The neckbeard that had been fired was considered a prime suspect by the company and the company’s IT staff. The company requested an external security audit.

Compromised Security

An examination of the IT director’s desktop computer yielded nothing. Further examination yielded several chat fragments indicating his relationship with the HR Director.

An external IP address was discovered accessing Outlook Web Access (OWA) during off hours (about 10:00pm). A subpoena served on the Internet service provider, Verizon, yielded the name of an old friend.

An interview by the VP of Human Resources and counsel with the old friend yielded the IT Director. He resigned… …and took his Abba poster with him.

Case Study Troubles with Tapes A large company is sued and compelled to produce a series of backups of E-mail during the discovery phase. Case Study

Corporate MS Exchange E-mail ~Pub.edb & ~Priv.edd logs Tape backup The Old System

Corporate MS Exchange E-mail ~Pub.edb & ~Priv.edd The New System, Actual Theoretical logs Virtual Tape Tape backup

The Risks Do you understand your backup system? Hardware? Software? Do you understand the requirements that may be placed on your company by the courts? Can you explain that you haven’t spoiled the data? Do you understand the penalties?

Definition Spoliation “The intentional destruction of evidence and when it is established, fact finder may draw inference that evidence destroyed was unfavorable to party responsible.” - Black’s Law Dictionary Definition

The Solution Be able to recover your data. Preserve Protect Policies Pay

D. Kall Loper, Ph.D. www.loperforensic.com info@loperforensic.com 817-991-6956

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.