Presentation is loading. Please wait.

Presentation is loading. Please wait.

The process side of forensic investigations Patrick Green Network and Security Manager.

Published byBrent Davis Modified over 8 years ago

Similar presentations

Presentation on theme: "The process side of forensic investigations Patrick Green Network and Security Manager."— Presentation transcript:

1 The process side of forensic investigations Patrick Green Network and Security Manager

2 NB IANAL Advice based on experience Every time you think it finished, the goal posts move

3 What is forensics? scientific tests or techniques used in connection with the detection of crime. Court ready

4 Its not just about technology The defense needs to be able to repeat the process You have to prove no alteration Beyond reasonable doubt

5 It is about people You are not proving guilt (or innocence) Providing evidence for the court to determine guilt or innocence Presenting facts Expert opinion

6 It is about process Good process underlines forensics Who does what

7 Technology is used To back up the process To help the investigator As an audit trail To do the work

8 What does process look like? Understand the case What are you investigating What data sources will you need What do you need to provide

9 Step 1 Define the scope "All emails going to xyz@example.com" "All emails from xyz@example.com" "All files on the hard drive which are of AVI format”

10 Step 2 Identify where data will come from How do you ensure they are secure How do you analyze them Prove secure after analysis What about virtual machines?

11 Step 3 Get sign off Legal HR Head of Department Anyone else?

12 NB (2) Have the right paperwork And kit

13

14

15 Thoughts Some of the systems you will use will depend on what you are analysing Read only is always better - “read reply” emails Test first

16 Remember to Checksum everything Document each step taken

17 Oh, and… Analyze the data!

18 Then Write your report It’s a defense of every step Shows no tampering Highlights any conflicts of interest

19 Be aware of the law No fishing expeditions Think about who you are investigating Stick to the scope Document what you did Write down your process Make sure you have sign off

20 Get certified? M812 Digital forensics Certified Forensic Investigation Practitioner (CFIP) qualification GIAC Certified Forensic Analyst (GCFA)

21 Prepare Create a kit bag with everything in it Update software Practice techniques Its *always* urgent

Download ppt "The process side of forensic investigations Patrick Green Network and Security Manager."

Similar presentations

Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, ITIL Certified.

Practical Application of Computer Forensics Lisa Outlaw, CISA, CISSP, ITIL Certified.
Complex Recovery/ Data Reduction DFRWS 2002. Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.

Complex Recovery/ Data Reduction DFRWS Technical Issues Lots of info to be recovered in in deleted file space Partial data recovery: does this give.
2:05 sec Today you will be learning about how to conduct and participate in a mock trial. You will become familiar with some basic courtroom procedures.

2:05 sec Today you will be learning about how to conduct and participate in a mock trial. You will become familiar with some basic courtroom procedures.
Outline of Topics  Introduction  CPR, law and expectations  IT issues  Disclosure process.

Outline of Topics  Introduction  CPR, law and expectations  IT issues  Disclosure process.
COEN 252 Computer Forensics

COEN 252 Computer Forensics
Evidence Collection & Admissibility Computer Forensics BACS 371.

Evidence Collection & Admissibility Computer Forensics BACS 371.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
We’ve got what it takes to take what you got! NETWORK FORENSICS.

We’ve got what it takes to take what you got! NETWORK FORENSICS.
MD5 Summary and Computer Examination Process Introduction to Computer Forensics.

MD5 Summary and Computer Examination Process Introduction to Computer Forensics.
BACS 371 Computer Forensics

BACS 371 Computer Forensics
Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.

Dr. Bhavani Thuraisingham The University of Texas at Dallas (UTD) June 2011 Legal, Regulations, Compliance and Investigations.
Computer Forensics Principles and Practices

Computer Forensics Principles and Practices
Computer Forensics Mr.PRAWEE PROMPONMUANG M.Sc(Forensic Science) NO.515020181-9.

Computer Forensics Mr.PRAWEE PROMPONMUANG M.Sc(Forensic Science) NO
By Drudeisha Madhub Data Protection Commissioner Date: 12.08.14.

By Drudeisha Madhub Data Protection Commissioner Date:
Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.

Security+ All-In-One Edition Chapter 20 – Forensics Brian E. Brzezicki.
COEN 152 Computer Forensics Introduction to Computer Forensics.

COEN 152 Computer Forensics Introduction to Computer Forensics.
Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.

Introduction to Data Forensics CIS302 Harry R. Erwin, PhD School of Computing and Technology University of Sunderland.
Guide to Computer Forensics and Investigations, Second Edition

Guide to Computer Forensics and Investigations, Second Edition
Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.

Guide to Computer Forensics and Investigations, Second Edition Chapter 2 Understanding Computer Investigation.
3Digital Evidence in the Courtroom Dr. John P. Abraham Professor of Computer Science UTPA.

3Digital Evidence in the Courtroom Dr. John P. Abraham Professor of Computer Science UTPA.

Similar presentations

Ads by Google