CPE Credits: 7
Description:
Traditional forensics professionals use fingerprints, DNA typing, and ballistics analysis to make their case.
Infosec professionals have to develop new tools for collecting, examining and evaluating data in an effort to establish intent, culpability, motive, means, methods and loss resulting from e-crimes.
This overview seminar will introduce the attendee to the broad field of cyber forensics and present the various tools and techniques designed to maintain control over organizational assets, digital or otherwise. This seminar covers computer forensics theory and methodology. It is not limited to the use of a specific software tool.
Audience:
This presentation is intended for:
· Internal and external auditors (IT, financial, operational)
· Information Security Managers
· Attorneys and law enforcement professionals
· Company Board members
· Executive and Senior management
· Management consultants
· Records Management Professionals
· Big 4 Senior Managers/Partners
· C-suite members (CFO, CTO, CRO, CEO, COO, CIO, CSO, CXO, CECO, CPO, et. al)
· Security and Risk Compliance Officers
· Directors of Human Recourses
· Anyone interested in obtaining a better understanding of and general introduction to cyber forensics.
Prerequisites: Attendees should possess a basic understanding of information technology concepts. Learning level – basic. No advanced preparation is required for this seminar.
Objectives:
After completing this seminar, participants will be able to:
· Identify, establish and maintain a physical "chain of custody."
· Pinpoint computer security risks and remedies.
· Determine incident responses and priorities in a cyber forensic investigation.
· Develop policies for the preservation of computer evidence.
· Implement solid computer forensics processing methods and procedures.
· Develop the documentation of computer forensics findings for executive management review.
· Coordinate Forensic Pre-Incident Preparation.
· Identify, establish and maintain a physical "chain of custody."
· Determine procedures necessary for gathering of all pertinent “Live” information.
· Identify volatile data, photos, physical media, and log files.
· Perform forensic acquisition of physical media.
· Identify various forensic toolkits and associated methodologies.
· Determine procedures necessary to conduct sound forensic analysis of the collected information.
· Identify essential components of a forensic analysis report.
· Communicate findings from a cyber forensic investigation to non-technical audiences.
Course Outline:
1. Cyber Forensics Defined
2. Junk Science Attack and the Investigator
3. Rules of Evidence – Importance and Application to Forensic Investigations
4. Establishing a Credible Chain of Custody
5. Burn the Witness – Will You Be a Victim?
6. Beginning an Investigation – Taking the Critical, Correct First Steps
7. Investigation Methodology – The Good, the Bad, and the Dangerous
8. Essential Steps in Preparing and Conducting an Investigation
9. Creating a Safety Net
10. Creating a Forensic Start-up Disk
11. Preparing the Evidence Drive on the Processing Machine
12. The Forensic Process - Taking Control of the Computer and Its Environment.
13. Potential Exposures – Minimizing Your Risk and Exposure
14. Uncovering Digital Evidence – Where Is It and How Do I Find It?
15. Computer DNA – All You Need To Know
16. Documentation Methodologies – Preserving Evidence and Creating Audit Trails
17. I’ve Gathered Evidence Now What?
18. Presenting the Evidence Report - Successfully
19. Summary
Dr. Marcella's seminar is based on research and findings from his 2008 book, Cyber Forensics: A Field Manual for Collecting, Examining, and Preserving Evidence of Computer Crimes (second edition), published by Taylor & Francis/CRC Press, ISBN 0-8493-8328-5, www.crcpress.com.