09-11-2012, 05:57 PM
Forensics
Forensics.ppt (Size: 1.01 MB / Downloads: 124)
The Goal of Forensics
Forensics seeks to provide an accurate representation of extracted data: find out the truth
How was it lost?
What was lost?
What are my obligations concerning the loss?
Forensics vs. Incident Handling
Closely tied together, but different
Data collection starts immediately as a part of incident handling
Data analysis is not a part of incident handling
The incident can sometimes be closed before forensic analysis is complete
Applicable Statutes (3)
Pen Registers and Trap and Trace Devices, 18USC3121-27
Pen/trap or Trap & Trace
Real-time collection of header information
What is header information?
Regulatory Issues
Gramm-Leach-Bliley Act of 1999 (GLBA)
Protect consumer personal financial data
Health Insurance Portability and Accountability Act of 1996 (HIPAA)
Federal privacy protection for individually identifiable health information
Public Firms
SEC, NASD requirements for document retention
Data in Unexpected Places
Anti-virus alerts, real-time anti-virus scans
License enforcement / application metering
[anything]Management Software
Patch management
Software management
Configuration management
Asset management
Gathering Data from People
Interviews
With others
With the suspect
Interview Techniques
Never reveal what you do or do not know
Did you ever ask a first grader what happened in school today?
Conclusion
Definition of Forensics
Tell the story: what was lost, how it was lost
Be able to understand process in building legally sound case
Complex issues
Identify forensic capabilities you will need in a typical corporate environment
Only you know your topology