By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

Slides:

Advertisements

Similar presentations

Identification and Disposition of Official University Records University of Texas at Arlington Records Management.

Advertisements

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Australian Competition & Consumer Commission

Intro to Computer Forensics CSC 485/585. Objectives  Understand the roles and responsibilities of a computer forensic examiner.  Understand the “Safety.

The next generation in digital forensics Mobile Phones A New Frontier in Digital Forensics BK Forensics.

29e CONFÉRENCE INTERNATIONALE DES COMMISSAIRES À LA PROTECTION DES DONNÉES ET DE LA VIE PRIVÉE 29 th INTERNATIONAL DATA PROTECTION AND PRIVACY COMMISSIONERS.

Evidence Collection & Admissibility Computer Forensics BACS 371.

August 19, 2014 watch me!.  Describe the steps to take when processing a crime scene  Describe how to package evidence  Explain the importance of preserving.

Guide to Computer Forensics and Investigations, Second Edition

Determining the True Root Cause(s) of Accidents and Safety Incidents Incident Investigation and Analysis.

BACS 371 Computer Forensics

Coping with Electronic Records Setting Standards for Private Sector E-records Retention.

AUDITING INFORMATION TECHNOLOGY USING COMPUTER ASSISTED AUDIT TOOLS AND TECHNIQUES.

Chapter 3 Preparing and Evaluating a Research Plan Gay and Airasian

Photocopies Occasionally need uncontrolled copies

Introduction to Computer Forensics Fall Computer Crime Computer crime is any criminal offense, activity or issue that involves computers (

Data Acquisition Chao-Hsien Chu, Ph.D.

Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.

CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.

Guide to Computer Forensics and Investigations, Second Edition

WWLC Standard Operating Procedures Presented by Frank Hall, Laboratory Certification Coordinator.

Phases of Computer Forensics 1 Computer Forensics BACS Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,

7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.

Data management in the field Ari Haukijärvi 2nd EHES training seminar.

Recordkeeping for Good Governance Toolkit Digital Recordkeeping Guidance Funafuti, Tuvalu – June 2013.

Unit 5.6 Evidence and Sampling.

Ecords Management Records Management Paul Smallcombe Records & Information Compliance Manager.

Computer Forensics Principles and Practices

Preserving Forensic Evidence Lt. Scott A. Stephens Spokane Police Department Major Crimes Unit.

© Sapphire 2006 Computer Misuse in the Workplace You only get one chance..... David Horn You only get one chance...

Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.

Safeguarding Research Data Policy and Implementation Challenges Miguel Soldi February 24, 2006 THE UNIVERSITY OF TEXAS SYSTEM.

STANKIEWICZ. Essential Questions and Learning What is the purpose of criminal Investigation? What are the basic steps in criminal investigations? What.

Preparing for the worst,

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

Draft TIP for E-rate. What is E-rate? The E-rate provides discounts to assist schools and libraries in the United States to obtain affordable telecommunications.

1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

Crime Scene Investigation. Basic Premise The actions taken at the onset of an investigation are vitally important to the successful resolution of the.

Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.

FIREFIGHTER II LESSON 17. STEPS IN FIRE CAUSE DETERMINATION Noting, protecting, reporting evidence Noting, protecting, reporting evidence Analyzing.

Criminal Investigation: An Overview

Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.

_______________________________________________________________________________________________________________ ____________ Successfully Investigating.

Crime Scene Investigator. About Crime scene investigators (CSIs) go by many names, including: –evidence technician, –crime scene technician, –forensic.

Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.

Legal Holds Department of State Division of Records Management Kevin Callaghan, Director.

Preservation and Collection of a Crime Scene By Mike Wiehe.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Surveying and Scheduling Records of OCIO Presented by Jennifer Wright Smithsonian Institution Archives Records Management Team February 16, 2005.

Surveying and Scheduling Records of SCEMS Presented by Ginger Yowell & Mitch Toda Smithsonian Institution Archives Records Management Team October 2, 2007.

Crime Scene Basics Forensic Science.

BCCO PCT #4 PowerPoint INTERMEDIATE CRIME SCENE SEARCH TCOLE Course # to 40 hours AND UNIT THREE.

Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.

Digital Forensics Market Analysis: By Forensic Tools; By Application (Network Forensics, Mobile Forensics, Database Forensics, Computer Forensics) - Forecast.

Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.

RISK MANAGEMENT FOR COMMUNITY EVENTS. Today’s Session Risk Management – why is it important? Risk Management and Risk Assessment concepts Steps in the.

CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.

MANAGEMENT of INFORMATION SECURITY, Fifth Edition

Computer Forensics By: Chris Rozic.

Wisconsin Department of Public Instruction

Chapter 3 First Response.

Packaging Evidence Essential Question: How do we demonstrate the proper techniques for collecting and packaging physical evidence found at the crime scene?

Forensic Science The Crime Scene.

Setting Actuarial Standards

Introduction to Computer Forensics

Digital Forensics Dr. Bhavani Thuraisingham

1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.

Good Spirit School Division

Presentation transcript:

By Drudeisha Madhub Data Protection Commissioner Date:

Electronic Evidence Electronic Evidence requires Using high technology to investigate. Investigating high technology crimes. Creating a digital evidence forensic unit. Presenting digital evidence in the courtroom.

Examples

Electronic Evidence When dealing with digital evidence, the following general forensic and procedural principles should be applied: Actions taken to secure and collect digital evidence should not affect the integrity of that evidence. Persons conducting an examination of digital evidence should be trained for that purpose. Activity relating to the seizure, examination, storage, or transfer of digital evidence should be documented, preserved, and available for review. Through all of this, the examiner should be cognisant of the need to conduct an accurate and impartial examination of the digital evidence.

How is digital evidence processed? 1. Assessment. Computer forensic examiners should assess digital evidence thoroughly with respect to the scope of the case to determine the course of action to take. 2. Acquisition. Digital evidence, by its very nature, is fragile and can be altered, damaged, or destroyed by improper handling or examination. Examination is best conducted on a copy of the original evidence. The original evidence should be acquired in a manner that protects and preserves the integrity of the evidence.

How is digital evidence processed? 3. Examination The purpose of the examination process is to extract and analyze digital evidence. Extraction refers to the recovery of data from its media. Analysis refers to the interpretation of the recovered data and putting it in a logical and useful format. 4. Documentation and reporting. Actions and observations should be documented throughout the forensic processing of evidence. This will conclude with the preparation of a written report of the findings.

Training of Personnel Computer forensics as a discipline demands: Specially trained personnel, Support from management, The necessary funding to keep a unit operating and Ongoing training plan due to the dynamic nature of the IT field

Partnering with other institutions The Data Protection Office is partnering with its Canadian Counterpart to assist the office in setting up a forensic lab. We rely on the council of Europe for guidance and training in Mauritius. The Action plan has already been scheduled to take all stakeholders on board i.e the Judiciary and Enforcement Departments.

Evidence handling and retention Guidelines are being established for receiving, processing, documenting, and handling evidence and work products associated with the examination. Note: Evidence identified as contraband, such as child pornography, may require special consideration, such as obtaining specific contraband-related seizure and search warrants. It is important to remember that other forensic disciplines might be able to recover other evidence, such as fingerprints on the hard drive, hair or fibers in the keyboard, and handwritten disk labels or printed material. In these instances, procedures should be developed to determine the order and manner in which examinations should be performed to reap full evidentiary value.

Case Processing Standard operating procedures (SOPs) are being developed for preserving and processing digital evidence. SOPs should be general enough to address the basic steps in a routine forensic examination while providing flexibility to respond to unique circumstances arising from unforeseen situations.

Developing technical procedures Identifying the task or problem. Proposing possible solutions. Testing each solution on a known control sample. Evaluating the results of the test. Finalising the procedure.

Onsite considerations Consider safety of personnel at the scene. Always ensure the scene is properly secured before and during the search.

Onsite considerations In some cases, the examiner may only have the opportunity to do the following while onsite: Identify the number and type of computers. Determine if a network is present. Interview the system administrator and users. Identify and document the types and volume of media, including removable media. Document the location from which the media was removed.

Onsite considerations Identify offsite storage areas and/or remote computing locations. Identify proprietary software. Evaluate general conditions of the site. Determine the operating system in question.

Onsite considerations Whenever circumstances require an onsite examination to be conducted, attempt should be made to control the environment. Assessment considerations might include the following: The time needed onsite to accomplish evidence recovery. Logistic and personnel concerns associated with long- term deployment. The impact on the business due to a lengthy search. The suitability of equipment, resources, media, training, and experience for an onsite examination.

Onsite considerations If evidence is located that was not authorised in the original search authority, determine what additional legal process may be necessary to continue the search (e.g., warrant, amended consent form). Contact legal advisors for assistance if needed.

Computer Forensics Tool Testing (CFTT)

Thank You