Presentation is loading. Please wait.

Presentation is loading. Please wait.

Digital Forensics in the Corporation

Published byGilbert Dubé Modified over 6 years ago

Similar presentations

Presentation on theme: "Digital Forensics in the Corporation"— Presentation transcript:

1 Digital Forensics in the Corporation
A Walk Through of Risk

2 SMU Dept Computer Science
D. Kall Loper, Ph.D. SMU Dept Computer Science

3 The Data The data for this study was drawn from 230 cases over the last 4 years. These cases were drawn from a mid-sized forensic corporation in Texas. This summary data represents cases investigated in detail. Many have been litigated to conclusion. No attempt is made to generalize these results. You will do that without my help.

4 Source of Cases Forensic Referral 62 Forensic Vendor 5 Law Firm 110
Individual 6 Corporation, Direct 46

5 How it was discovered Selling the division: A defense contractor
3 top engineers left en masse A new job: A banking executive The boss knew The IT guy did it: A transportation company Customers called The trouble with entrepreneurs… Sold the company and went into business again Nosy employees: HR data and economic harm Employees suddenly make demands

6 The proof Selling the division: A defense contractor
Work computers reveal negotiations A new job: A banking executive Link files lead to external device The IT guy did it: A transportation company Regular contact to servers from new competitor The trouble with entrepreneurs Financial records/record fragments on computers Nosy employees: HR data and economic harm Copies of privileged documents on computers Network connection found as well

7 The Solutions Preserve employee’s hard disk drives.
Network audit software. Restrict USB devices Restrict Webmail Backup Retention/Testing Create Policies

8 The Employee Love Triangle provides several illustrations of forensic techniques and integration with external counsel. Case Study

9 Personal Relationship
IT Neckbeard HR Vice President HR Director Personal Relationship IT Director (has ABBA poster) HR Worker

10 The threatening letters contained information known only to HR and the executives.

11 The neckbeard that had been fired was considered a prime suspect by the company and the company’s IT staff. The company requested an external security audit.

12 Compromised Security

13 An examination of the IT director’s desktop computer yielded nothing.
Further examination yielded several chat fragments indicating his relationship with the HR Director.

14 An external IP address was discovered accessing Outlook Web Access (OWA) during off hours (about 10:00pm). A subpoena served on the Internet service provider, Verizon, yielded the name of an old friend.

15 An interview by the VP of Human Resources and counsel with the old friend yielded the IT Director. He resigned… …and took his Abba poster with him.

16 Case Study Troubles with Tapes
A large company is sued and compelled to produce a series of backups of during the discovery phase. Case Study

17 Corporate MS Exchange E-mail
~Pub.edb & ~Priv.edd logs Tape backup The Old System

18 Corporate MS Exchange E-mail
~Pub.edb & ~Priv.edd The New System, Actual Theoretical logs Virtual Tape Tape backup

19 The Risks Do you understand your backup system?
Hardware? Software? Do you understand the requirements that may be placed on your company by the courts? Can you explain that you haven’t spoiled the data? Do you understand the penalties?

20 Definition Spoliation
“The intentional destruction of evidence and when it is established, fact finder may draw inference that evidence destroyed was unfavorable to party responsible.” - Black’s Law Dictionary Definition

21 The Solution Be able to recover your data. Preserve Protect Policies
Pay

22

23 D. Kall Loper, Ph.D. www.loperforensic.com info@loperforensic.com

Download ppt "Digital Forensics in the Corporation"

Similar presentations

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
PPB Forensics – May 2010 IP Theft IT Forensic Solutions Chris Hatfield Senior Manager, IT Forensics.

PPB Forensics – May 2010 IP Theft IT Forensic Solutions Chris Hatfield Senior Manager, IT Forensics.
Investigation Myths and Facts November 29, 2011 IOT Security: Caroline Drum Bradley.

Investigation Myths and Facts November 29, 2011 IOT Security: Caroline Drum Bradley.
Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,

Evidor: The Evidence Collector Software using for: Software for lawyers, law firms, corporate law and IT security departments, licensed investigators,
COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.

COS/PSA 413 Day 3. Agenda Questions? Blackboard access? Assignment 1 due September 3:35PM –Hands-On Project 1-2 and 2-2 on page 26 of the text Finish.
1 E-Commerce Introduction Professor Joshua Livnat, Ph.D., CPA 311 Tisch Hall New York University 40 W. 4th St. NY NY 10012 Tel. (212) 998-0022 Fax (212)

1 E-Commerce Introduction Professor Joshua Livnat, Ph.D., CPA 311 Tisch Hall New York University 40 W. 4th St. NY NY Tel. (212) Fax (212)
Network security policy: best practices

Network security policy: best practices
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.

Cloud Computing How secure is it? Author: Marziyeh Arabnejad Revised/Edited: James Childress April 2014 Tandy School of Computer Science.
1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.

1 Title ECI: Anatomy of a Cyber Investigation Who Are the Actors.
Electronic Public Record What is it, and Where Can Agency Lawyers Find It?

Electronic Public Record What is it, and Where Can Agency Lawyers Find It?
Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.

Section Seven: Information Systems Security Note: All classified markings contained within this presentation are for training purposes only.
Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.

Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.
Electronic Discovery refers to the discovery of electronic documents and data…including e-mail, web pages, word processing files, computer databases, and.

Electronic Discovery refers to the discovery of electronic documents and data…including , web pages, word processing files, computer databases, and.
Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO

Responding to a Security Incident Maryland Security Day March 2, 2004 Joy Hughes, CIO
Visual Evidence / E-Discovery LLC Visual Evidence / E-Discovery LLC 60th Annual Meeting of the Ohio Regional Association of Law Libraries E-Discovery &

Visual Evidence / E-Discovery LLC Visual Evidence / E-Discovery LLC 60th Annual Meeting of the Ohio Regional Association of Law Libraries E-Discovery &
Company LOGO Computer Security and Forensics By Kim Cassinelli, Eriko Yamaguce and Stefan Schuebel.

Company LOGO Computer Security and Forensics By Kim Cassinelli, Eriko Yamaguce and Stefan Schuebel.
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices

Similar presentations

Ads by Google