forensics for managers
play

Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, - PowerPoint PPT Presentation

Jun 22, 2023 •415 likes •698 views

Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, NSA/IAM 703-961-9456 Extension 128 Introduction US Marines, Special Intelligence Communicator Bachelors in Management Masters of Business Administration Solaris

  1. Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, NSA/IAM 703-961-9456 Extension 128

  2. Introduction ◆ US Marines, Special Intelligence Communicator ◆ Bachelors in Management ◆ Masters of Business Administration ◆ Solaris Administrator ◆ Computer Nerd 2

  3. Purpose of Presentation ◆ Awareness ◆ Knowledge ◆ Attributes ◆ Key Terminology 3

  4. What is/are Forensic(s)? ◆ “Computer Forensics is the application of the scientific method to digital media in order to establish factual information for judicial review. This process often involves investigating computer systems to determine whether they are or have been used for illegal or unauthorized activities. Mostly, computer forensics experts investigate data storage devices , either fixed like hard disks or removable like compact disks and solid state devices. S o u t h e a s t C o m p u t e r F o r e n s i c s a n d S e c u r i t y h t t p : / / s e c o m p u t e r f o r e n s i c s . c o m / i n d e x . p h p ? o p t i o n = c o m _ c o n t e n t & t a s k = v i e w & i d = 2 0 & I t e m i d = 4 8 4

  5. What is/are Forensic(s)? (continued) Computer forensics experts: ◆ Identify sources of documentary or other digital evidence ◆ Preserve the evidence ◆ Analyze the evidence 5

  6. What is it REALLY? ◆ “Find Stuff” ◆ Deleted Files ◆ Corporate Theft 6

  7. Key Terminology …sound like a pro Image Malware ◆ ◆ E01 ◆ Steg ◆ .dd ◆ Dongle ◆ Unallocated Space ◆ Header ◆ Unused Space ◆ Backdoor ◆ Carve ◆ Hash ◆ Mount ◆ Logical ◆ Logs ◆ Physical ◆ Partition ◆ Root Kit ◆ 7

  8. Why Do We Need Forensics? ◆ You Don’t… Or…DO you? ◆ ◆ Different Skill Set ◆ Intrusions ◆ Employee Theft ◆ Corporate Malfeasance ◆ Human Resources Matters 8

  9. Who Wants Our Information? ◆ Governments ◆ Contractors ◆ Secrets ◆ Corporations ◆ Contractors ◆ Secrets ◆ Thieves ◆ Information ◆ MONEY 9

  10. Why Would Someone Attack Us? ◆ Angry ◆ Make a Statement ◆ Random ◆ Weak Security ◆ Strong Security ◆ Paid 10

  11. Tools ◆ Sleuthkit/Autopsy ◆ Wetstone Technologies ◆ ProDiscover ◆ Encase ◆ Forensic Toolkit (FTK) ◆ Paraben 11

  12. Pricing on $oftware Linux and Freeware ◆ PRO Free ◆ Open Source ◆ http://www.securityfocus.com/infocus/ Distributed ◆ 1503 ◆ CON http://www.tucofs.com/tucofs/tucofs.a sp?mode=mainmenu No Technical Assistance ◆ http://www.e-fense.com/helix/ More Man-hours ◆ http://fire.dmzs.com/ Deeper Trouble… ◆ http://s-t-d.org/ http://www.opensourceforensics.org/t ools/unix.html 12

  13. Wetstone Technologies ◆ PRO http://www.wetstonetech.com/f/index.htm Price ◆ Easy to Use ◆ Malware/Stego GEM- $995 ◆ FPro- $1095 ◆ CON Livewire $8995 Hashing ◆ Basic ◆ 13

  14. Prodiscover PRO ◆ http://www.techpathways.com/Desktop Price Default.aspx?tabindex=0&tabid=1 ◆ Perl * ◆ CON ◆ PD Win- $995 “Pay per filesystem” ◆ PD Forensic- $2195 Pay for Perl ability ◆ Pay for More PD Invest- $9995 ◆ PD IR- $12995 14

  15. EnCase PRO ◆ http://www.guidancesoftware.com/ Robust ◆ Market Share ◆ Forensic- $3700-7200 Training ◆ Enterprise- ~$200,000 CON ◆ Price ◆ Support ◆ Enscript ◆ Training ◆ 15

  16. AccessData FTK/UTK ◆ PRO http://www.accessdata.com/ Price ◆ Index ◆ FTK- $1095 “Dummy Proofing” ◆ UTK- $1949 ◆ CON False Sense of ◆ Completeness/Security Heavy Upfront ◆ 16

  17. Paraben http://www.paraben-forensics.com ◆ PRO Distributed Modules- $99-895 ◆ Price P2- $1495 ◆ ◆ CON P2 Enterprise $6995 Distributed ◆ Training ◆ 17

  18. Why Do These Tools Cost So Much? ◆ Cover Costs (of course…) ◆ Profit (of course…) ◆ Multi-Tasking ◆ Powerful ◆ “Easy to Use” ◆ Court Tested!!! ◆ Technical Assistance 18

  19. Forensics Salaries ($USD) ◆ Junior $60,000 - $80,000 ◆ ◆ Mid-Level $75,000 - $100,000 ◆ ◆ Senior $90,000 - $150,000 ◆ ◆ “Well Known” Senior $110,000 - $300,000 ◆ ◆ Contractor/Independent/Hourly Over $200,000 ◆ 19

  20. Hiring Considerations ◆ Experience Where? When? ◆ Commercial? Law Enforcement? ◆ ◆ Education University? Learning Center? Discovery Channel? ◆ ◆ Certifications CISSP, EnCE, ACE, GIAC, CCE, CFCE ◆ ◆ Personality ? ◆ Integrity ◆ Honesty ◆ 20

  21. Time is Money… in a perfect world ◆ Hard Drive Size ◆ Expenses $90,000 ◆ Level of Expertise $80,000 ◆ Retainer $70,000 ◆ Imaging Fee $60,000 ◆ Admin Fee Hours $50,000 Junior $40,000 Mid Senior $30,000 $20,000 $10,000 $0 One 5 HD 20 HD HD 21

  22. Outsource or Hire? Part-Time? Full-Time? Part-Time? Full-Time? Contract? Contract? 22

  23. “It wasn’t raining when Noah built the Ark.” -Howard Ruff 23

  24. Final Considerations ◆ How often are “Forensic Services” needed? ◆ Multi-tasked Person? ◆ Trusted Outsourced Company? ◆ Investigation Costs >, =, < Possible loss of data? ◆ Remember…You Get What You Pay For…. 24

  25. Questions? 25

  26. x Expertise. Integrity. Past Performance. Ryan Washington rwashington@crucialsecurity.com Work 571-223-3426 Cell 571-437-3722

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

About this presentation : Learning : What is Digital Forensics ? Political : Digital

About this presentation : Learning : What is Digital Forensics ? Political : Digital

An introduction to digital forensics About this presentation : Learning : What is Digital Forensics ? Political : Digital Forensics and Open Sources licensing Tool time : Digital Forensics Framework Presented by Solal Jacob core dev.

444 views • 30 slides
CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to

CSN08101 Digital Forensics Lecture 1A: Introduction to Forensics Lecture 1A: Introduction to Forensics Module Leader: Dr Gordon Russell Lecturers: Robert Ludwiniak Digital Forensics You will learn in this module: The principals of

1.09k views • 34 slides
CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 5: Image Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Forensics for Graphics Files Types of graphics file formats Type of data compression How to locate

362 views • 25 slides
2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York

2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York

2015-2017 (c) P.Pale: Computer Forensics 2015-10-17 File System Forensics A New York computer forensics firm found that 40% of the hard disk drives it recently purchased in bulk orders on eBay contained personal, private and sensitive

884 views • 70 slides
Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking

Digital forensics and malware Digital forensics According to Wikipedia, you could be looking for: attribution, alibis and statements, intent, evaluation of source, document authentication File carving ( e.g. , bifragment gap carving)

630 views • 13 slides
CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 7: Mobile Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Overview of Mobile Forensics Originated in Europe and focused on the GSM SIM card. Roaming of Devices

694 views • 17 slides
Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics

Image Forensics of High Dynamic Range Imaging 10th International Workshop on Digital-Forensics &amp; Watermarking P. J. Bateman, A. T. S. Ho, and J. A. Briffa This research is sponsored by an EPSRC/Charteris CASE Award Image Forensics

703 views • 38 slides
Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class Teaching forensics at of students UL FRI

Teaching digital forensics in a large class of students Teaching digital forensics in a large class Teaching forensics at of students UL FRI Generating customized disk images Gaper Fele-or University of Ljubljana, Faculty of

446 views • 23 slides
Android: forensics and reverse engineering Raphal Rigo - ANSSI 26/11/2010 Agence nationale de

Android: forensics and reverse engineering Raphal Rigo - ANSSI 26/11/2010 Agence nationale de

Android: forensics and reverse engineering Raphal Rigo - ANSSI 26/11/2010 Agence nationale de la A N S S I scurit des systmes dinformation Introduction Forensics: context Forensics: memory Forensics: filesystem Reverse

545 views • 36 slides
Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to

Digital Forensics for SSC Solvers Daniel Kouril EGI CSIRT Digital Forensics Methods to collect and analyze (digital) evidence Three basic phases Data collection, Analysis, Reporting Triage Various sources of information

307 views • 20 slides
CSE 469: Computer and Network Forensics Topic 6: Email Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 6: Email Forensics Dr. Mike Mabey | Spring 2019

CSE 469: Computer and Network Forensics Topic 6: Email Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics Email System Components User agents / Webmail: Composing, editing, and reading mail messages. Mail

687 views • 49 slides
Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively

FloCon 2015 Conference January 15, 2015 Portland, Oregon Preventive Digital Forensics: Creating Preventive Digital Forensics Systems to Proactively Resolve Computer Security Incidents in Organizations JESUS RAMIREZ PICHARDO (PMP, GCFA,

333 views • 30 slides
CSE 469: Computer and Network Forensics Topic 8: Cloud and Web Forensics Dr. Mike Mabey | Spring

CSE 469: Computer and Network Forensics Topic 8: Cloud and Web Forensics Dr. Mike Mabey | Spring

CSE 469: Computer and Network Forensics Topic 8: Cloud and Web Forensics Dr. Mike Mabey | Spring 2019 CSE 469: Computer and Network Forensics What is The Cloud? A computing storage system that provides on-demand network access for

613 views • 25 slides
SQL SERVER Anti-Forensics Cesar Cerrudo Introduction Sophisticated attacks requires leaving

SQL SERVER Anti-Forensics Cesar Cerrudo Introduction Sophisticated attacks requires leaving

SQL SERVER Anti-Forensics Cesar Cerrudo Introduction Sophisticated attacks requires leaving as few evidence as possible Anti-Forensics techniques help to make forensics investigations difficult Anti-Forensics can be a never

657 views • 38 slides
Anti-Forensics: Techniques, Detection and Countermeasures Simson L. Garfinkel Naval Postgraduate

Anti-Forensics: Techniques, Detection and Countermeasures Simson L. Garfinkel Naval Postgraduate

Anti-Forensics: Techniques, Detection and Countermeasures Simson L. Garfinkel Naval Postgraduate School What is Anti-Forensics? Computer Forensics: Scientific Knowledge for collecting, analyzing, and presenting evidence to the courts

322 views • 15 slides
Nuix Workshop Introduction to Forensics W HAT IS C OMPUTER F ORENSICS ? Computer

Nuix Workshop Introduction to Forensics W HAT IS C OMPUTER F ORENSICS ? Computer

Nuix Workshop Introduction to Forensics W HAT IS C OMPUTER F ORENSICS ? Computer forensics, also called cyber forensics, is the applica6on of scien6fic method to computer

464 views • 33 slides
Dioc e se of Bisma r c k Pa r ish Se r vic e s Payroll Se rvic e s 97 Par ishe s

Dioc e se of Bisma r c k Pa r ish Se r vic e s Payroll Se rvic e s 97 Par ishe s

10/ 29/ 2019 Dioc e se Of Bisma r c k Dio c e se o f Bisma rc k Pa rish Busine ss Offic e F o rums Pa rish Busine ss Offic e F o rum Spring &amp; F a ll Oc to b e r 24 &amp; 25, 2019 2 L o c a tio ns Cre ssy Ab e rle T o ny Cha p

305 views • 13 slides
Random Forests and other Ensembles of Independent Predictors Prof. Mike Hughes Many slides

Random Forests and other Ensembles of Independent Predictors Prof. Mike Hughes Many slides

Tufts COMP 135: Introduction to Machine Learning https://www.cs.tufts.edu/comp/135/2020f/ Random Forests and other Ensembles of Independent Predictors Prof. Mike Hughes Many slides attributable to: Liping Liu and Roni Khardon (Tufts) T. Q.

652 views • 27 slides
Edition: May 2020 2 FORWARD LOOKING STATEMENT This presentation contains forward-looking

Edition: May 2020 2 FORWARD LOOKING STATEMENT This presentation contains forward-looking

Edition: May 2020 2 FORWARD LOOKING STATEMENT This presentation contains forward-looking statements regarding the business, operations and prospects of BGSF and industry factors affecting it. Forward- looking statements may include, but are not

604 views • 26 slides
DELEGATE n i n e m n BUSINESS r a o g g v MEETING y i a n

DELEGATE n i n e m n BUSINESS r a o g g v MEETING y i a n

e i DELEGATE n i n e m n BUSINESS r a o g g v MEETING y i a n t a i February 7, 2009 t o i n o n IDEAS Mark James Long-Range Program and Property Planning

560 views • 45 slides
Doing the Unthinkable Learning to Forgive Ephesians 4:30-32 30) And do not grieve the Holy

Doing the Unthinkable Learning to Forgive Ephesians 4:30-32 30) And do not grieve the Holy

Doing the Unthinkable Learning to Forgive Ephesians 4:30-32 30) And do not grieve the Holy Spirit of God, by whom you were sealed for the day of redemption. 31) Let all bitterness and wrath and anger and clamor and slander be put away from

300 views • 16 slides
ProtoGENI and undergraduate courses Gary Wong 1 1 2 2 3 3 4 4 Getting started

ProtoGENI and undergraduate courses Gary Wong 1 1 2 2 3 3 4 4 Getting started

ProtoGENI and undergraduate courses Gary Wong 1 1 2 2 3 3 4 4 Getting started Professor creates new project approved by testbed admin TAs then join that project (group leader) approved by the project head Students also

299 views • 11 slides
Colossians 3:12-14 NIV 12 Therefore, as Gods chosen people, holy and dearly loved, clothe

Colossians 3:12-14 NIV 12 Therefore, as Gods chosen people, holy and dearly loved, clothe

Colossians 3:12-14 NIV 12 Therefore, as Gods chosen people, holy and dearly loved, clothe yourselves with compassion, kindness, humility, gentleness and patience. 13 Bear with each other and forgive one another if any of you has a grievance

293 views • 27 slides
DECEMBER 15, 1967 SILVER BRIDGE COLLAPSE Elders are the eye-bars on the bridge of truth.

DECEMBER 15, 1967 SILVER BRIDGE COLLAPSE Elders are the eye-bars on the bridge of truth.

DECEMBER 15, 1967 SILVER BRIDGE COLLAPSE Elders are the eye-bars on the bridge of truth. Leadership matters (verb) in leadership matters (noun). WARNING PASSAGES Matthew 7:15 Acts 20:29-30 II Timothy 3:6-7 II Peter 2:1 I John 4:1 Jude

303 views • 17 slides

More recommend