© Sapphire 2006 Computer Misuse in the Workplace You only get one chance..... David Horn You only get one chance...

Slides:



Advertisements
Similar presentations
Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, ITIL Certified.
Advertisements

OC RIMS Cyber Safety & Security Incident Response.
Unit 4- Assignment 3 P5, P6, M2 BTEC Business Level 3.
Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, CRMA.
Review Questions Business 205
Australian Competition & Consumer Commission
BUS VIDEO RECORDINGS COLLECTION – PROCESSING - REDACTION - SHARING WHAT IS RIGHT FOR YOUR DISTRICT?
The Data Protection (Jersey) Law 2005.
The Legal Series: Employment Law I. Objectives Upon the completion of training, you will be able to: Understand the implications of Title VI Know what.
COEN 252 Computer Forensics
Chapter Extension 24 Computer Crime and Forensics © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Evidence Collection & Admissibility Computer Forensics BACS 371.
Workshop on Harmonizing Cyberlaw in the ECOWAS region ( Procedural Law in the Budapest Convention ) Ghana, Accra 17 – 21 March 2014, Kofi Annan International.
Guide to Computer Forensics and Investigations, Second Edition
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
BACS 371 Computer Forensics
It’s a Computer, M’Lud! Neil Barrett. Introduction The law and computers The law and computers The nature of computer evidence The nature of computer.
Developing a Records & Information Retention & Disposition Program:
Evidence Computer Forensics. Law Enforcement vs. Citizens  Search must have probable cause –4 th amendment search warrant  Private citizen not subject.
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
COS/PSA 413 Day 5. Agenda Questions? Assignment 2 Redo –Due September 3:35 PM Assignment 3 posted –Due September 3:35 PM Quiz 1 on September.
Network security policy: best practices
By Drudeisha Madhub Data Protection Commissioner Date:
Data Acquisition Chao-Hsien Chu, Ph.D.
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
Guide to Computer Forensics and Investigations, Second Edition
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.
CYBER FORENSICS PRESENTER: JACO VENTER. CYBER FORENSICS - AGENDA Dealing with electronic evidence – Non or Cyber Experts Forensic Imaging / Forensic Application.
Guide to Computer Forensics and Investigations, Second Edition
Phases of Computer Forensics 1 Computer Forensics BACS Management Information Systems for the Information Age 5e, Haag, Cummings, McCubbrey, 2005,
Teaching Digital Forensics w/Virtuals By Amelia Phillips.
7 Handling a Digital Crime Scene Dr. John P. Abraham Professor UTPA.
Investigating Cybercrime DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Recordkeeping for Good Governance Toolkit Digital Recordkeeping Guidance Funafuti, Tuvalu – June 2013.
Dr Richard Overill Department of Informatics King’s College London Cyber Sleuthing or the Art of the Digital Detective.
Amicus Legal Consultants THE DEPLOYMENT OF SPECIAL INVESTIGATIVE MEANS IN PROACTIVE ANTI-CORRUPTION INVESTIGATIONS.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Ecords Management Records Management Paul Smallcombe Records & Information Compliance Manager.
Computer Forensics Principles and Practices
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. System Forensics, Investigation, and Response.
Module 13: Computer Investigations Introduction Digital Evidence Preserving Evidence Analysis of Digital Evidence Writing Investigative Reports Proven.
STANKIEWICZ. Essential Questions and Learning What is the purpose of criminal Investigation? What are the basic steps in criminal investigations? What.
1J. M. Kizza - Ethical And Social Issues Module 13: Computer Investigations Introduction Introduction Digital Evidence Digital Evidence Preserving Evidence.
The health and safety act was introduced to protect the welfare of people of the workplace. Before being introduced in 1974 it was estimated that 8.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
Chapter 2 Understanding Computer Investigations Guide to Computer Forensics and Investigations Fourth Edition.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
Chapter 5 Processing Crime and Incident Scenes Guide to Computer Forensics and Investigations Fourth Edition.
Computer Forensics Presented By:  Anam Sattar  Anum Ijaz  Tayyaba Shaffqat  Daniyal Qadeer Butt  Usman Rashid.
ISO/IEC 27001:2013 Annex A.8 Asset management
How these affect the use of computers. There are 4 main types of legislation that affect the use of computers. 1.Data Protection Act 2.Copyright 3.Computer.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
Surveying and Scheduling Records of OCIO Presented by Jennifer Wright Smithsonian Institution Archives Records Management Team February 16, 2005.
Surveying and Scheduling Records of SCEMS Presented by Ginger Yowell & Mitch Toda Smithsonian Institution Archives Records Management Team October 2, 2007.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Computer Forensics Tim Foley COSC 480 Nov. 17, 2006.
Computer Forensics By Chris Brown. Computer Forensics Defined Applying computer science to aid in the legal process Utilization of predefined set of procedures.
By Jason Swoyer.  Computer forensics is a branch of forensic science pertaining to legal evidence found in computers and digital storage mediums.  Computer.
Intrusion Detection MIS ALTER 0A234 Lecture 12.
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
CHAP 6 – COMPUTER FORENSIC ANALYSIS. 2 Objectives Of Analysis Process During Investigation: The purpose of this process is to discover and recover evidences.
PhD Oral Exam Presentation
Information management and communication
1 Advanced Cyber Security Forensics Training for Law Enforcement Building Advanced Forensics & Digital Evidence Human Resource in the Law Enforcement sector.
Digital forensics Andrej Brodnik Andrej Brodnik: Digital forensics.
Good Spirit School Division
Forensic Recovery of Evidence Device (FRED)
The Freedom of Information and Data Protection Legislation An Overview
On-Site Investigations
Presentation transcript:

© Sapphire 2006 Computer Misuse in the Workplace You only get one chance..... David Horn You only get one chance...

© Sapphire 2006 Or do you ? of circumstances. opportunity n., pl., -ties. A favourable or advantageous circumstance or combination of circumstances. chance n. The unknown and unpredictable element in happenings that seems to have no assignable cause. Test

© Sapphire 2006 Opportunity A brief guide to: What, when, why and how. You only get one opportunity!

© Sapphire 2006 Digital Forensics The process of deriving evidence from digital media Requires that the data is shown to be reliably obtained –Is not changed in any way –Is complete –Can be repeated And very importantly, that it can be understood. Digital forensics – first steps

© Sapphire 2006 SOURCES OF COMPUTER EVIDENCE Personal Computers Server Computers Removable media Automatically-produced log files Evidence Types

© Sapphire 2006 BASIC PRINCIPLES OF COMPUTER FORENSICS The forensic examination of the contents of a computer is a skilled job and special procedures, techniques and tools are required to ensure that any information that is retrieved can be presented as evidence in a Court of Law. Evidential Integrity Requires that the material being examined is not changed in any way. What is examined must be an exact copy of the original. Continuity of Evidence Refers to the means used to vouch for the actions that have taken place regarding the item under examination. This covers the seizure, handling and storage of equipment and copies of the data. Never forget

© Sapphire 2006 Incident Response Teams First steps

© Sapphire 2006 Key roles and responsibilities What technical skills are required What training is required Management

© Sapphire 2006 Key roles and responsibilities Officer In charge Forensic Investigators and Auditors Independence Working within the law and your policies Roles & Responsibiities

© Sapphire 2006 What training will be needed? Product Training Incident Response Techniques Health and Safety Computer Misuse Act and relevant law Internal Policies...more…more…more… Training

© Sapphire 2006 Current Practice ACPO Guidelines

© Sapphire 2006 THE PRINCIPLES OF COMPUTER-BASED EVIDENCE (ACPO)‏ Principle 1 No action taken should change data held on a computer or other media which may subsequently be relied upon in Court. Principle 2 In exceptional circumstances where a person finds it necessary to access original data held on a target computer, that person must be competent to do so and to give evidence explaining the relevance and implications of their actions. ACPO Guidelines

© Sapphire 2006 THE PRINCIPLES OF COMPUTER-BASED EVIDENCE (ACPO)‏ Principle 3 An audit trail or other record of all processes applied to computer-based evidence should be created and preserved. An independent third party should be able to examine those processes and obtain the same result. Principle 4 The Officer in charge of the case is responsible for ensuring that the law and these principles are adhered to. This applies to the possession of, and access to, information contained in a computer. They must be satisfied that anyone accessing the computer, or any use of a copying device, complies with these laws and principles. ACPO Guidelines

© Sapphire 2006 Search and Seizure Secure the evidence

© Sapphire 2006 Pre-seizure planning What you will need Who should be on your response team Step by step computer incident response procedure Incident response

© Sapphire 2006 PRE-SEARCH PREPARATION The forensic unit – i.e. the imaging / investigation hw and sw An adequate toolkit – screwdrivers, pliers Plenty of Stationery Digital camera Disk boxes Mobile telephone Blank floppy disks / CDs A torch Data Cables of every variety Network Card Power extensions Pre search preparation

© Sapphire 2006 EVIDENCE PROCESS Identify What sources are available? Seize ‘Bag and Tag’ Best Evidence Transport Safely and responsibly take the best evidence to a secure location Receive Accept responsibility for the evidence Store Ensure securely held free from risk of contamination Evidence process

© Sapphire 2006 EVIDENCE PROCESS Preserve Take a reliable copy of the evidence Reserve Put the original Best Evidence source in a secure place Analyse Investigate the evidence on the preserved copy Produce Identify the exhibits that establish facts Testify Create a statement and go to court Evidence process

© Sapphire 2006 On Site Server room challenges

© Sapphire 2006 ON SITE Machines switched on and operating Clearly transferring data receiving incriminating data receiving exonerating data receiving routine data may be overwriting evidence on the disk may be overwriting evidence in memory On-site Seizure

© Sapphire 2006 MACHINES WHICH ARE SWITCHED ON Secure the area and log your actions On-site Seizure

© Sapphire 2006 MACHINES WHICH ARE SWITCHED OFF Be satisfied that the computer is actually switched off - not in hibernate mode - not running a blank screensaver. On-site Seizure

© Sapphire 2006 ESSENTIAL KIT Integrated (imaging) Solution: EnCase – now up to version 6.8 FTK – Access Data Third Party Plug-ins: QuickView ACDSee WinRar IrfanView KaZAlyser NetAnalysis PDA Seizure Examiner Forensic Tools

© Sapphire 2006 Legal Issues Points to consider

© Sapphire 2006 THE LAW AND COMPUTERS Computer Misuse Act 1990 Data Protection Act 1998 Laws of Pornography –Obscene Publications Act 1959 –Protection of Children Act 1978 –Criminal Justice Act 1988 –Sexual Offences Act 2003 Laws of ‘Harm’ –Theft Act 1968 / 1978 –Offences Against the Person Act 1861 Your policies & the law

© Sapphire 2006 Advice to Beginners There are some very powerful tools available. But with great power comes great responsibility, and as a potential forensics investigator, it is your responsibility to learn how to use the tools properly. Simple mistakes and good intentions can completely destroy digital evidence. It is strongly recommended that aspiring investigators learn about digital forensics, and practice on controlled systems before attempting to collect evidence from a real system. Summary

© Sapphire 2006 Questions? Questions

© Sapphire 2006 Offices in the: North, Scotland & London, David Horn Contact Details

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.