IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
Avoiding Cybertraps
1. Avoiding Cybertraps
Incident Response, Computer Forensics,
and Risk Management
Frederick S. Lane
San Diego County Office of Ed. JPA
San Diego, CA
29 October 2013
www.FrederickLane.com
Cybertraps.wordpress.com
2. Background and Expertise
• Attorney and Author of 7
Books
• Computer Forensics
Expert -- 15 years
• Over 100 criminal cases
• Lecturer on ComputerRelated Topics – 20+
years
• Computer user
(midframes, desktops,
laptops) – 35+ years
• 10 yrs on Burlington VT
School Board
www.FrederickLane.com
Cybertraps.wordpress.com
3. Lecture Overview
Headache-Inducing Headlines
Common Types of Incidents
Electronic Evidence Is Everywhere
Preparing for the Inevitable
Risks for Administrators and
Teachers
• A Quick Intro to Computer
Forensics
•
•
•
•
•
www.FrederickLane.com
Cybertraps.wordpress.com
4. Headache-Inducing Headlines
• “Parents Sue School District After Their
13-Year-Old's Suicide Following Sexting
Bullying” – Hillsborough Cty., Florida
• “Parents sue Lockhart school district
after teacher charged with sexual
assault” – Lockhart, TX
• “School Cyberbullying Victims Fight
Back In Lawsuits” – WV, PA, GA
• “School Employees Sue Cyberbullying
Students” – TX, PA
www.FrederickLane.com
Cybertraps.wordpress.com
5. A Tangled Mobile Web
www.FrederickLane.com
Cybertraps.wordpress.com
6. Common Types of Incidents
• Employment Issues
• Harassment/Hostile Work Environment
• Disciplinary Issues
• Student Misconduct
• Cyberbullying & Cyberharassment
• Sexting
• Teacher/Student Misconduct
• Student Attacks on Teachers
• Inappropriate Relationships
www.FrederickLane.com
Cybertraps.wordpress.com
7. E-Evidence Is Everywhere
• Inventory Possible Devices
•
•
•
Computers (Desktops, Laptops, Servers)
Mobile Devices (Phones, Tablets)
Peripherals (USBs, CDs, external drives, etc.)
• Inventory Possible Types of Data
•
•
•
•
•
•
Communication (E-Mail, IMs, Texts, etc.)
Social Media (Facebook, Twitter, etc.)
Web Activity (URLs, cookies, bookmarks, etc.)
Network Logs and Access Data
Cloud Storage (Dropbox, Flickr, Boxy, etc.)
Deleted Data
www.FrederickLane.com
Cybertraps.wordpress.com
8. Whose Data Is It Anyway?
• Where Did the Incident Occur?
•
•
On-Campus vs. Off-Campus
Zone of District Responsibility Is Growing
• Who Owns and Uses the Device?
•
•
Misconduct Using School-Owned Equipment
Misconduct Using Privately-Owned Equipment
• Who Runs the Service?
•
•
•
Evidence Hosted by District
Evidence Created by Teachers/Students
Evidence Hosted by 3rd Parties
www.FrederickLane.com
Cybertraps.wordpress.com
9. Pre-Incident Preparation
• Policies and Procedures
•
•
•
District Decisions re Access, Services, Storage
AUPs for Staff and Students
Data Handling and Response Protocols
• Professional Development for Teachers
and Staff
•
•
•
Typically First Responders
Potential Legal Risks
Technology Is Continually Changing
• Student Education
•
Critical Component of K-12 Curricula
www.FrederickLane.com
Cybertraps.wordpress.com
10. Response to Civil Litigation
• Preservation of Potentially
Relevant Evidence
• Adherence to Established Policies for
Handling Data
• Notice of Litigation or Reasonable
Anticipation of Litigation
• Discovery Requests
• Privacy Concerns
• Burdensomeness of Requests
• Production of Data Held by 3rd Parties
www.FrederickLane.com
Cybertraps.wordpress.com
11. Response to Criminal Activity
• Anticipate Prosecution and/or
Disciplinary Proceedings
• Adherence to Policy/Process Is Critical
• Involve Law Enforcement ASAP
• Protect and Preserve Data
• Restrict Access to Potentially Relevant
Data
• Hire a Computer Forensics Expert?
• Some Evidence Is Radioactive
www.FrederickLane.com
Cybertraps.wordpress.com
12. Risks for Admins. & Teachers
• Good Intentions, Bad Outcome
• “Sherlock Holmes” Syndrome
• Forwarding Content for Advice
• The Cover-Up Is Always Worse
• Trying to Protect Colleagues and Friends
• Desire to Protect District by Handling InHouse
• “Delete” Is a Myth
www.FrederickLane.com
Cybertraps.wordpress.com
13. A Cautionary Tale
www.FrederickLane.com
• Ting-Yi Oei, now 64
• Assistant Principal at
Freedom HS in So.
Riding, VA (Loudoun
County)
• Told to investigate rumors
of sexting at HS
• “Inappropriate” image
was forwarded to Oei’s
cellphone, then computer
• Charged with “failure to
report,” then contributing
to delinquency of a minor
• Charges ultimately
dismissed
Cybertraps.wordpress.com
14. Computer Forensics 101
• Field Previews
• Acquisition & Mirror Images
• Some Data Are More Fragile Than
Others
• Speed Is Of the Essence
• Powerful Forensics Tools
• Data Recovery and Analysis
• IP Addresses Link to Real World
• 4th Amendment and Privacy
Concerns
www.FrederickLane.com
Cybertraps.wordpress.com
15. Current Projects
• Cybertraps for Educators (2014)
• Safe Student and School Employee
Relationships (2014)
• Cybertraps.wordpress.com
• CPCaseDigest.com
• MessageSafe.com
• Informational Web Sites:
• www.FrederickLane.com
• www.ComputerForensicsDigest.com
• www.CybertrapsfortheYoung.com
www.FrederickLane.com
Cybertraps.wordpress.com
17. Avoiding Cybertraps
Incident Response, Computer Forensics,
and Risk Management
Frederick S. Lane
San Diego County Office of Ed. JPA
San Diego, CA
29 October 2013
www.FrederickLane.com
Cybertraps.wordpress.com