About this presentation Agenda Digital forensics is a diverse - - PowerPoint PPT Presentation

about this presentation agenda
SMART_READER_LITE
LIVE PREVIEW

About this presentation Agenda Digital forensics is a diverse - - PowerPoint PPT Presentation

Mar 05, 2023 419 likes •536 views

1 About this presentation Agenda Digital forensics is a diverse subject area. Lets talk a bit About me about the basics and then view the application of those basics through the lens of demos The forensic process Fun stuff Fall 2020

slide-1
SLIDE 1

1

Agenda About this presentation

Digital forensics is a diverse subject area. Let’s talk a bit about the basics and then view the application of those basics through the lens of demos Fall 2020 About me Fun stuff The forensic process

slide-2
SLIDE 2

2

Dominic Sellitto, CISSP

vCISO

Strategy Tech’ Risk Dev Sports

Skills

About me

whoami

About Me

Education:

  • Bachelor of Science, Business Administration
  • Master of Science, MIS

Security experience:

  • Consultant/Senior Consultant, Cyber Risk

services, Deloitte

  • Lead Cybersecurity Consultant, Loptr LLC

Professional affiliations:

  • ISC^2; Certified Information Systems Security

Professional (CISSP)

  • Buffalo Electronic Crimes Task Force

Publications:

  • Vulnerability Assessment (ISACA, 2017)

Hats worn:

  • Virtual CISO
  • Project Manager
  • Security Analyst
  • Security Monitoring Analyst
  • Security Architect
slide-3
SLIDE 3

3

Introduction to digital forensics

What is digital forensics?

Digital forensics is “the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data."

  • NIST SP 800-86, Guide to Integrating Forensic Techniques into Incident Response (Pg. 15)

Digital forensics may also be referred to as:

  • Computer and Network forensics
  • Data forensics
slide-4
SLIDE 4

4

Introduction to digital forensics

Phases of the forensics process

NIST 800-86: Guide to Integrating Forensic Techniques into Incident Response describes the 4 phases of the forensics process as follows:

Examination Analysis Reporting Collection

Source: NIST 800-86: Guide to Integrating Forensic Techniques into Incident Response

slide-5
SLIDE 5

5

Introduction to digital forensics

Enabling factors

In order to repeatably execute the process, you need some things…

Examination Analysis Reporting Collection People:

  • Investigators
  • IT professionals
  • Incident response team
  • In-house vs. outsourced

Location:

  • Lab / room
  • Access control
  • Monitoring

Finances:

  • Tools (licensing)
  • Technologies
  • Training

Governance:

  • Policies
  • Procedures
  • Standards

Source: NIST 800-86: Guide to Integrating Forensic Techniques into Incident Response

slide-6
SLIDE 6

6

Introduction to digital forensics

Forensic areas of practice

You might just think of forensics as examining hard drives, but it’s much more than that:

Media forensics Malware analysis Memory forensics Network forensics Mobile forensics Cloud forensics Email forensics Digital media manipulation IoT forensics Automobile forensics

slide-7
SLIDE 7

7

Introduction to digital forensics

Network forensics

Packets contain all of the information being sent across a network, including the source and destination machine, protocol being used, and the actual data being sent. Network logs are records of network events— they tell you that something happened over the network (like source, destination, protocol) but do not contain the actual data that was sent.

slide-8
SLIDE 8

8

Introduction to digital forensics

Network forensics: Wireshark

Let’s talk about Wireshark…

slide-9
SLIDE 9

9

Introduction to digital forensics

Digital media manipulation

Which of these is fake?

slide-10
SLIDE 10

10

Introduction to digital forensics

Malware analysis…

What’s that program really doing?

slide-11
SLIDE 11

11

Introduction to digital forensics

Email forensics…

Oh look, a phish!