Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, - - PowerPoint PPT Presentation

forensics for managers
SMART_READER_LITE
LIVE PREVIEW

Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, - - PowerPoint PPT Presentation

Jun 22, 2023 415 likes •699 views

Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, NSA/IAM 703-961-9456 Extension 128 Introduction US Marines, Special Intelligence Communicator Bachelors in Management Masters of Business Administration Solaris

slide-1
SLIDE 1

x

Forensics for Managers

Ryan Washington

MBA, CISSP, CCE, CEH, NSA/IAM

703-961-9456 Extension 128

slide-2
SLIDE 2

2

Introduction

◆ US Marines, Special Intelligence Communicator ◆ Bachelors in Management ◆ Masters of Business Administration ◆ Solaris Administrator ◆ Computer Nerd

slide-3
SLIDE 3

3

Purpose of Presentation

◆ Awareness ◆ Knowledge ◆ Attributes ◆ Key Terminology

slide-4
SLIDE 4

4

What is/are Forensic(s)?

◆ “Computer Forensics is the application of the

scientific method to digital media in order to establish factual information for judicial

  • review. This process often involves

investigating computer systems to determine whether they are or have been used for illegal

  • r unauthorized activities. Mostly, computer

forensics experts investigate data storage devices, either fixed like hard disks or removable like compact disks and solid state devices.

S

  • u

t h e a s t C

  • m

p u t e r F

  • r

e n s i c s a n d S e c u r i t y h t t p : / / s e c

  • m

p u t e r f

  • r

e n s i c s . c

  • m

/ i n d e x . p h p ?

  • p

t i

  • n

= c

  • m

_ c

  • n

t e n t & t a s k = v i e w & i d = 2 & I t e m i d = 4 8

slide-5
SLIDE 5

5

What is/are Forensic(s)? (continued)

◆ Identify sources of

documentary or

  • ther digital evidence

◆ Preserve the

evidence

◆ Analyze the evidence

Computer forensics experts:

slide-6
SLIDE 6

6

What is it REALLY?

◆ “Find Stuff” ◆ Deleted Files ◆ Corporate Theft

slide-7
SLIDE 7

7

Key Terminology

Image

E01

.dd ◆

Unallocated Space

Unused Space

Carve

Mount

Logs

Partition

Root Kit

Malware

Steg

Dongle

Header

Backdoor

Hash

Logical

Physical

…sound like a pro

slide-8
SLIDE 8

8

Why Do We Need Forensics?

◆ You Don’t…

Or…DO you?

◆ Different Skill Set ◆ Intrusions ◆ Employee Theft ◆ Corporate Malfeasance ◆ Human Resources Matters

slide-9
SLIDE 9

9

Who Wants Our Information?

◆ Governments ◆ Contractors ◆ Secrets ◆ Corporations ◆ Contractors ◆ Secrets ◆ Thieves ◆ Information ◆ MONEY

slide-10
SLIDE 10

10

Why Would Someone Attack Us?

◆ Angry ◆ Make a Statement ◆ Random ◆ Weak Security ◆ Strong Security ◆ Paid

slide-11
SLIDE 11

11

Tools

◆ Sleuthkit/Autopsy ◆ Wetstone Technologies ◆ ProDiscover ◆ Encase ◆ Forensic Toolkit (FTK) ◆ Paraben

slide-12
SLIDE 12

12

Linux and Freeware

◆ PRO

Free

Open Source

Distributed

◆ CON

No Technical Assistance

More Man-hours

Deeper Trouble…

Pricing on $oftware

http://www.securityfocus.com/infocus/ 1503 http://www.tucofs.com/tucofs/tucofs.a sp?mode=mainmenu http://www.e-fense.com/helix/ http://fire.dmzs.com/ http://s-t-d.org/ http://www.opensourceforensics.org/t

  • ols/unix.html
slide-13
SLIDE 13

13

Wetstone Technologies

◆ PRO

Price

Easy to Use

Malware/Stego

◆ CON

Hashing

Basic

http://www.wetstonetech.com/f/index.htm

GEM- $995 FPro- $1095 Livewire $8995

slide-14
SLIDE 14

14

Prodiscover

PRO

Price

Perl * ◆

CON

“Pay per filesystem”

Pay for Perl ability

Pay for More

http://www.techpathways.com/Desktop Default.aspx?tabindex=0&tabid=1

PD Win- $995 PD Forensic- $2195 PD Invest- $9995 PD IR- $12995

slide-15
SLIDE 15

15

EnCase

PRO

Robust

Market Share

Training ◆

CON

Price

Support

Enscript

Training

http://www.guidancesoftware.com/

Forensic- $3700-7200 Enterprise- ~$200,000

slide-16
SLIDE 16

16

AccessData FTK/UTK

◆ PRO

Price

Index

“Dummy Proofing”

◆ CON

False Sense of Completeness/Security

Heavy Upfront

http://www.accessdata.com/

FTK- $1095 UTK- $1949

slide-17
SLIDE 17

17

Paraben

◆ PRO

Distributed

Price

◆ CON

Distributed

Training

http://www.paraben-forensics.com

Modules- $99-895 P2- $1495 P2 Enterprise $6995

slide-18
SLIDE 18

18

Why Do These Tools Cost So Much?

◆ Cover Costs (of course…) ◆ Profit (of course…) ◆ Multi-Tasking ◆ Powerful ◆ “Easy to Use” ◆ Court Tested!!! ◆ Technical Assistance

slide-19
SLIDE 19

19

Forensics Salaries ($USD)

◆ Junior

$60,000 - $80,000

◆ Mid-Level

$75,000 - $100,000

◆ Senior

$90,000 - $150,000

◆ “Well Known” Senior

$110,000 - $300,000

◆ Contractor/Independent/Hourly

Over $200,000

slide-20
SLIDE 20

20

Hiring Considerations

◆ Experience

Where? When?

Commercial? Law Enforcement?

◆ Education

University? Learning Center? Discovery Channel?

◆ Certifications

CISSP, EnCE, ACE, GIAC, CCE, CFCE

◆ Personality

?

Integrity

Honesty

slide-21
SLIDE 21

21

Time is Money… in a perfect world

◆ Hard Drive Size ◆ Expenses ◆ Level of Expertise ◆ Retainer ◆ Imaging Fee ◆ Admin Fee

$0 $10,000 $20,000 $30,000 $40,000 $50,000 $60,000 $70,000 $80,000 $90,000 One HD 5 HD 20 HD

Hours Junior Mid Senior

slide-22
SLIDE 22

22

Outsource or Hire?

Full-Time? Full-Time? Contract? Contract? Part-Time? Part-Time?

slide-23
SLIDE 23

23

“It wasn’t raining when Noah built the Ark.”

  • Howard Ruff
slide-24
SLIDE 24

24

Final Considerations

◆ How often are “Forensic Services” needed? ◆ Multi-tasked Person? ◆ Trusted Outsourced Company? ◆ Investigation Costs >, =, < Possible loss of

data?

◆ Remember…You Get What You Pay For….

slide-25
SLIDE 25

25

Questions?

slide-26
SLIDE 26

x

  • Expertise. Integrity. Past Performance.

Ryan Washington

rwashington@crucialsecurity.com Work 571-223-3426 Cell 571-437-3722