1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

Slides:

Advertisements

Similar presentations

Identifying and Responding to Security Incidents in the Law Firm

Advertisements

Philippine Cybercrime Efforts

Cyber Security and Data Protection Presented by Mrs Drudeisha Madhub (Data Protection Commissioner ) Tel: Helpdesk:+230.

ELOC Bank Table Top Exercise Executive Leadership of Cybersecurity Austin, TX December 3,

1. Intro What is PremiumAV? Antivirus engine Features of PremiumAV. Classification of PremiumAV. PremiumAV LAB Re-Branding or Private Label Why Re- Branding.

The development of Internet A cow was lost in Jan 14th If you know where it is, please contact with me. My QQ number is QQ is one of the.

Information Security Overview in the Israeli E-Government April 2010 Ministry of Finance – Accountant General E-government Division.

Forensic and Investigative Accounting Chapter 15 Cybercrime Management: Legal Issues © 2007 CCH. All Rights Reserved W. Peterson Ave. Chicago, IL.

Challenges facing law enforcement agencies in the fight against cybercrime.

Malware Response Infrastructure Planning and Design Published: February 2011 Updated: November 2011.

Security Controls – What Works

Know the Client Own the Problem Share the Solution The 2005 Case for Information Technology Security October 14, 2004.

Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.

Norman SecureSurf Protect your users when surfing the Internet.

1 Challenges For A Credit Bureau In Emerging Markets.

Company LOGO Copyright Carrie Kerskie Data Breach & Identity Theft By Carrie Kerskie Kerskie Group, Inc.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

COMPUTER CRIME AND TYPES OF CRIME Prepared by: NURUL FATIHAH BT ANAS.

1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.

Securing Information Systems

What have you known about cybercrime? What do you want to know about cybercrime?

Tutorial Chapter 5. 2 Question 1: What are some information technology tools that can affect privacy? How are these tools used to commit computer crimes?

Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #6 Forensics Services September 10, 2007.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

 An orderly analysis, investigation, inquiry, test, inspection, or examination along a “paper trail” in the search for fraud, embezzlement, or hidden.

Security Professional Services. Security Assessments Vulnerability Assessment IT Security Assessment Firewall Migration Custom Professional Security Services.

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Cyber Security Nevada Businesses Overview June, 2014.

L ESSON 2 A website is a collection of different types of data, which can be anything like text, graphics, videos etc. combined together to provide.

℠ Pryvos ℠ Computer Security and Forensic Services May 27, 2015 Copyright © 2015 Pryvos, Inc. 1.

 It is a branch of FORENSIC SCIENCE for legal evidence found in computer  It refers to detail investigation of the computers to carry out required tasks.

International Telecommunication Union Geneva, 9(pm)-10 February 2009 BEST PRACTICES FOR ORGANIZING NATIONAL CYBERSECURITY EFFORTS James Ennis US Department.

Advanced attack techniques Advanced attack techniques Increased by passing techniques against the existing detection methods such as IDS and antivirus.

Insurance of the risk Policy covers & underwriting issues Stephen Ridley, Senior Development Underwriter.

Introduction: Information security services. We adhere to the strictest and most respected standards in the industry, including: -The National Institute.

CYBER CRIMES PREVENTIONS AND PROTECTIONS Presenters: Masroor Manzoor Chandio Hira Farooq Qureshi Submitted to SIR ABDUL MALIK ABBASI SINDH MADRESA TUL.

Tamra Pawloski Jeff Miller. The views, information, and content expressed herein are those of the authors and do not necessarily represent the views of.

1 Executive Leadership of Cybersecurity Austin, TX December 3, 2014 ELOC Bank Table Top Exercise.

Cybercrime What is it, what does it cost, & how is it regulated?

Computer crimes.

CONTROLLING INFORMATION SYSTEMS

Reducing data loss by threats detection. InfoWatch Traffic Monitor & Workplace Security. Andrey Sokurenko Business Development Director.

West Midlands Police response to Cybercrime: Local, Regional and National capabilities DCI Iain Donnelly.

Role Of Network IDS in Network Perimeter Defense.

Protecting Yourself from Fraud including Identity Theft Advanced Level.

MIS323 – Business Telecommunications Chapter 10 Security.

Regional Telecommunications Workshop on FMRANS 2015 Presentation.

ONLINE COURSES - SIFS FORENSIC SCIENCE PROGRAMME - 2 Our online course instructors are working professionals handling real-life cases related to various.

Friday 22nd April 2016 DS Chris Greatorex SEROCU

1 AFCOM Data Center World March 15, 2016 Moderator: Donna Jacobs, MBA Panel: Greg Hartley Bill Kiss Adam Ringle, MBA ITM 9.2 The New Security Challenge:

EUROPEAN SECURITY POLICY A SNAPSHOT ON SURVEILLANCE AND PRIVACY DESSI WORKSHOP, CPH 24 JUNE 2014 Birgitte Kofod Olsen, Chair Danish Council for Digital.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Cyber Security – Client View Peter Gibbons | Head of Cyber Security, Group Business Services Suppliers’ Summer Conference 15/07/2015.

Computer Forensics. OVERVIEW OF SEMINAR Introduction Introduction Defining Cyber Crime Defining Cyber Crime Cyber Crime Cyber Crime Cyber Crime As Global.

EAST AFRICAN DATA HANDLERS DATA SECURITY/MOBILITY

CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

Gift Card Risk Mitigation – Presentation A

Springhill Group South Korea, Springhill Group: Learn What A CFE Can Do For You Group of Springhill South Korea.

Equipo 1 Tema: Crímenes cibernéticos en 2016 Ana Yansi Mejía Mendoza (Informática) Lucia Arellano García (Derecho) Margarita Núñez Rosales (Lengua extranjera)

Joe, Larry, Josh, Susan, Mary, & Ken

Wealth Recovery International

8 Building Blocks of National Cyber Strategies

Andy Hall – Cyber & Tech INSURANCE Specialist

AFRICAN UNION- 23RD-27TH July 2018 PRESENTER: Mr. Nawa J.T Samatebele

Challenges and Successes in the Zambian ICT Security Sector

1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.

Chapter 13: The IT Professional

Internet Safety By: Ayana Shiggs.

Internet Safety By: Ayana Shiggs.

Presentation transcript:

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

2 Group-IB The first and only private company in Russia engaged in consulting in the field of computer crime investigation and computer forensics Assistance to law enforcement authorities on particularly difficult cases Since 2003 We have partners and researchers in 43 countries Unique staff – 30 people 24\7 Incident response

3 Problem №1: Information Security in Russia Information Security is a business It isn’t about fighting Cyber Crimes

4 Development vectors of Information Security and Cyber Crimes Cyber Crimes Information Security Technology Objective: a profit Information security and cyber-crime industry making progress in different directions. Nevertheless, cyber-criminals use same technologies as does information security (or better).

5 Responsibility and Ideal Security Ideal security Classic information security

6 Group-IB

GROUP-IB SERVICES Cyber crime investigationsIncident responseDDoS prevention and protection Law enforcmentForensic labInternet banking fraud 7

8 Group-IB software projects GROUP-IB ANTI-FRAUD GROUP-IB CyberCop System GROUP-IB INTERNET BRAND GUARD GIB anticybercrime software Solutions are new type cloud computing software which helps: 1.To Detect 2.To Prevent 3.To Stop 4.To Investigate

GROUP-IB ANTI-FRAUD SOFTWARE 9 More than 100 successful fraudulent transactions every day, losses for 2010 in Russia = $ GIB Anti-Fraud Solution: the solution that can control the security of your clients and help you to protect their money Internet-banking system audit Antimalware protection Fraud detection Prevention from remote banking frauds Evidence collection

GROUP-IB INTERNET BRAND GUARD GIB Brand Guard Solution protect the most important what you have – REPUTATION. It is priceless. GIB Brand Guard Solution is a new type cloud computing software: 24*7 online monitoring online detection of misuse of brand in Internet cybersquatting protection antifishing prevention from false association 10

11 Group-IB CyberCop System GIB CyberCop System: the system that can save $ millions per day Protection against DDoS-attack GIB HoneyNet ( honeypots) 24*7 online monitoring 43 countries around the world ProActive Incident Response Immediate response to the threat Prevent, protect and identify

INVESTIGATION OF INFORMATION SECURITY INCIDENTS Group-IB performs the entire spectrum of work connected with violation of information security private and legal personality: Restoring timeline of event; Detection causes of incident; Detection persons involved in incident; Information security support for prevention incidents; Legal support. 12

FORENSIC LAB Group-IB has one of the best laboratories in Russia for carrying out forensic researches and data recovery We have the advanced equipment for carrying out of the most difficult researches Our equipment allows to collect as fast as possible proofs with maintenance of their safety and an invariance Hardware reduce time of gathering of proofs for 40 % The equipment for data recovery allows to restore the valuable information even from technically faulty data carriers Hardware accelerators allow to reduce essentially time of selection of the password or a key.. We have the software – recognized as the standard de-facto in the world of computer criminalistics and law enforcement bodies The software allows to conduct researches of all known file and operating systems Software allow to analyze files of various formats and to take from them necessary proofs The software allows to decipher the ciphered contents, to select passwords and confidential keys Our experts use the advanced techniques of carrying out forensic examinations The approaches developed in our laboratory to carrying out forensic researches are used in laboratories of the USA and Canada 13

INCIDENT RESPONSE Service to respond promptly to incidents include: Immediate consultation certified professionals, with the departure 24 * 7; Operational development strategies to respond to the incident, taking into account international practices and information security incident management features of your company; Surgical removal of critical security vulnerabilities and develop recommendations to improve protection of information; Develop and implement a plan for investigation of the incident; Rapid provision of information on the initial stage of investigation and recommendations for early recovery of business processes; Providing a complete list of necessary actions to fully recover after the incident; Providing a full report, including information on performance; Meeting participants to work together individuals to discuss the work done to address the incident and clarify all the details. 14

INTERNATIONAL PARTNERSHIP Group-IB works closely with organizations investigate cyber - crime and respond to incidents around the world Group to respond to incidents (CERT) in 43 countries Antivirus companies Forensic companies Institute of USA and Europe International Organization of Computer Forensics ACFE Interpol division Centers study of information security threats 15

16 The last high-profile case Group-IB, Economic Crimes Division and Dept K MVD eliminate a group of hackers who develop and spread of the viruses “ WinLock “. 10 hackers have been arrested

17 Successful criminal cases DDoS Bonnets developing Internet banking fraud Malvare developing Websites hacking Phishing Financial fraud

18 Clients and partners

Group-IB SOLUTION GROUP-IB is ready to offer a full range of services to respond to, deter and investigate incidents, aimed at reducing a financial, operational and reputational risks. 1 Develop and formalize a process of incident management. 2 Analysis of the settings systems and IT services to the permanent availability of information necessary for proper and effective response and investigation of incidents. 3 Legal and expert support. 4 Responding to and investigating incidents. 5 Organization of monitoring public networks for handling the brand for the timely response. 6 Phishing protection, monitoring of the Internet. 7 Protection against DDoS (Distributed Denial of Service). 8 Recovering data 19

20 Ilya Sachkov CEO Group-IB Thank you. Questions?