SlideShare ist ein Scribd-Unternehmen logo

Leveraging Digital Forensics | Patricia Watson

Patricia M Watson
Patricia M Watson
Technologie
1 von 15
Downloaden Sie, um offline zu lesen
Leveraging Digital Forensic Skills to Deliver Cyber Technology Solutions Patricia Watson MBA | EnCE | GCFA 11.06.12
Bio • Digital Forensic Program Manager, Boise Inc • Report to the Director of Internal Audit • DF, eDiscovery, Cyber Security Risk Assessments and IT Audits • Legal Forensic Specialist, Washington Group • Digital Forensic Student Intern at the Center for Cyber Defenders (CCD), Sandia National Labs in Albuquerque NM • 3 Forensic Certifications: NTI, GCFA, EnCE • Masters in Information Assurance, MBA and BA MIS from UNM • Part of the group that help start the curriculum for the Information Assurance Program • UNM was one of the first universities to have a Digital Forensics lab
Overview  Digital Forensic Skills  Forensic Examiners  Incident Response  Malware Analysis  Cyber security risks assessments  Litigation Support  IT Governance, compliance and audits  A Few Sources  Questions?
Quote “There’s zero correlation between being the best talker and having the best ideas” (Susan Cain)
Forensic Skills Set  A broad range of technical, investigative, procedural, and legal skills  Disk geometry, file system anatomy, reverse engineering, evidence integrity, COC and criminal profiling  The ability to function in a complex, dynamic environment  Computer technology as well as legal and regulatory environments are constantly changing  The ability to objectively testify in a court of law  Reproduce incident, interpret results, be prepared for cross-examination
Forensic Examiners  Introverts  Good listeners (think first, talk later)  Very private (foster confidentiality)  Focus-driven (enjoy performing deep dive analysis)  Embrace solitude (enjoy looking for the needle in a hay stack)  Irony…“forens” Latin word for “belonging to the public”
Incident Response  Image acquisition  RAID rebuild  Data recovery and restoration  Partition/volume recovery  Analyzing log entries
Malware Analysis  Forensic image is a great sandbox for malware analysis  Hash analysis, Memory dump, Timeline analysis
Cyber Security Risk Assessments  Open ports  Active services  Hidden processes  Open handles  Network shares  User lists  OS fingerprinting
Litigation Support  Preservation of ESI  Proximity keyword searching  Complex keyword crafting  Interpretation of FRCP  De-duping  Load files  Export native ESI
IT Governance/Compliance/Audits  PCI compliance  HIPPA compliance  Antitrust compliance  Intellectual property  Identifying policy violations
In summary…  Objectivity is of essence  Never underestimate the importance of skillset diversification  Continuously seek to enhance your communication skills  Seek opportunities to collaborate  “Excellence is not about technical competence but character” (Ernest Laurence)
A few Sources • Techy Stuff: • NIST Guide to Integrating Forensic Techniques into Incident Response: http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf • US-CERT CSET: http://www.us-cert.gov/control_systems/satool.html • Soft Skills: • Working with Emotional Intelligence by Daniel Goleman • Great Communication Secrets of Great Leaders by John Baldoni • Leading Your Boss: The Subtle Art of Managing Up by John Baldoni • TED, Ideas worth Spreading: http://www.ted.com/talks • Professional Organizations: • HTCIA , ACFE, ISACA, ISSA…
Questions? PatriciaWatson@BoiseInc.com

Empfohlen

6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...
Damir Delija
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draft
Damir Delija
 
Database forensics
Database forensicsDatabase forensics
Database forensics
Denys A. Flores, PhD
 
Cause 11 im final
Cause 11 im finalCause 11 im final
Cause 11 im final
cavapyta
 
PEARC17: Workshop on Trustworthy Scientific Cyberinfrastructure. Cybersecurit...
PEARC17: Workshop on Trustworthy Scientific Cyberinfrastructure. Cybersecurit...PEARC17: Workshop on Trustworthy Scientific Cyberinfrastructure. Cybersecurit...
PEARC17: Workshop on Trustworthy Scientific Cyberinfrastructure. Cybersecurit...
Florence Hudson
 
Data mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaData mining in security: Ja'far Alqatawna
Data mining in security: Ja'far Alqatawna
Maribel García Arenas
 
Rrw – a robust and reversible watermarking technique for relational data
Rrw – a robust and reversible watermarking technique for relational dataRrw – a robust and reversible watermarking technique for relational data
Rrw – a robust and reversible watermarking technique for relational data
LeMeniz Infotech
 
Digital Forensics: The next 10 years
Digital Forensics: The next 10 yearsDigital Forensics: The next 10 years
Digital Forensics: The next 10 years
Al Imran, CISA
 

Empfohlen

6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...6528 opensource intelligence as the new introduction in the graduate cybersec...
6528 opensource intelligence as the new introduction in the graduate cybersec...
Damir Delija
 
Why i hate digital forensics - draft
Why i hate digital forensics - draftWhy i hate digital forensics - draft
Why i hate digital forensics - draft
Damir Delija
 
Database forensics
Database forensicsDatabase forensics
Database forensics
Denys A. Flores, PhD
 
Cause 11 im final
Cause 11 im finalCause 11 im final
Cause 11 im final
cavapyta
 
PEARC17: Workshop on Trustworthy Scientific Cyberinfrastructure. Cybersecurit...
PEARC17: Workshop on Trustworthy Scientific Cyberinfrastructure. Cybersecurit...PEARC17: Workshop on Trustworthy Scientific Cyberinfrastructure. Cybersecurit...
PEARC17: Workshop on Trustworthy Scientific Cyberinfrastructure. Cybersecurit...
Florence Hudson
 
Data mining in security: Ja'far Alqatawna
Data mining in security: Ja'far AlqatawnaData mining in security: Ja'far Alqatawna
Data mining in security: Ja'far Alqatawna
Maribel García Arenas
 
Rrw – a robust and reversible watermarking technique for relational data
Rrw – a robust and reversible watermarking technique for relational dataRrw – a robust and reversible watermarking technique for relational data
Rrw – a robust and reversible watermarking technique for relational data
LeMeniz Infotech
 
Digital Forensics: The next 10 years
Digital Forensics: The next 10 yearsDigital Forensics: The next 10 years
Digital Forensics: The next 10 years
Al Imran, CISA
 
Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015
Dr Robert D. Childs
 
Rrw—a robust and reversible watermarking technique for relational data
Rrw—a robust and reversible watermarking technique for relational dataRrw—a robust and reversible watermarking technique for relational data
Rrw—a robust and reversible watermarking technique for relational data
I3E Technologies
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 years
Mehedi Hasan
 
Fully Integrated Defense Operation
Fully Integrated Defense OperationFully Integrated Defense Operation
Fully Integrated Defense Operation
Rob Fry
 
Acc 626 slidecast
Acc 626 slidecastAcc 626 slidecast
Acc 626 slidecast
j9lai
 
Greg Kinne - Bio
Greg Kinne - BioGreg Kinne - Bio
Greg Kinne - Bio
Greg Kinne
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital Forensic
Aung Thu Rha Hein
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
Damir Delija
 
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
Florence Hudson
 
weaver_resume2
weaver_resume2weaver_resume2
weaver_resume2
Rhiannon Weaver
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
Aung Thu Rha Hein
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
00heights
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
Cleverence Kombe
 
Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
primeteacher32
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation
Damir Delija
 
The Forensic Lab
The Forensic LabThe Forensic Lab
The Forensic Lab
primeteacher32
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
amiable_indian
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
Soumen Debgupta
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements
Sonali Parab
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
prashant3535
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
Somya Johri
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
Nikhil Mashruwala
 

Weitere ähnliche Inhalte

Was ist angesagt?

Acc 626 slidecast
Acc 626 slidecastAcc 626 slidecast
Acc 626 slidecast
j9lai
 
Greg Kinne - Bio
Greg Kinne - BioGreg Kinne - Bio
Greg Kinne - Bio
Greg Kinne
 

Was ist angesagt? (13)

Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015Resiliency-Part One -11-3-2015
Resiliency-Part One -11-3-2015
 
Rrw—a robust and reversible watermarking technique for relational data
Rrw—a robust and reversible watermarking technique for relational dataRrw—a robust and reversible watermarking technique for relational data
Rrw—a robust and reversible watermarking technique for relational data
 
Digital forensics research: The next 10 years
Digital forensics research: The next 10 yearsDigital forensics research: The next 10 years
Digital forensics research: The next 10 years
 
Fully Integrated Defense Operation
Fully Integrated Defense OperationFully Integrated Defense Operation
Fully Integrated Defense Operation
 
Acc 626 slidecast
Acc 626 slidecastAcc 626 slidecast
Acc 626 slidecast
 
Greg Kinne - Bio
Greg Kinne - BioGreg Kinne - Bio
Greg Kinne - Bio
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital Forensic
 
Draft current state of digital forensic and data science
Draft current state of digital forensic and data science Draft current state of digital forensic and data science
Draft current state of digital forensic and data science
 
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
PEARC17: ARCC Identity and Access Management, Security and related topics. Cy...
 
weaver_resume2
weaver_resume2weaver_resume2
weaver_resume2
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
The Future of Digital Forensics
The Future of Digital ForensicsThe Future of Digital Forensics
The Future of Digital Forensics
 
Digital Forensic
Digital ForensicDigital Forensic
Digital Forensic
 

Andere mochten auch

Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
Soumen Debgupta
 

Andere mochten auch (9)

Data Acquisition
Data AcquisitionData Acquisition
Data Acquisition
 
LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation LTEC 2013 - EnCase v7.08.01 presentation
LTEC 2013 - EnCase v7.08.01 presentation
 
The Forensic Lab
The Forensic LabThe Forensic Lab
The Forensic Lab
 
Forensic Lab Development
Forensic Lab DevelopmentForensic Lab Development
Forensic Lab Development
 
Cyber forensic standard operating procedures
Cyber forensic standard operating proceduresCyber forensic standard operating procedures
Cyber forensic standard operating procedures
 
Forensic laboratory setup requirements
Forensic laboratory setup requirements Forensic laboratory setup requirements
Forensic laboratory setup requirements
 
Digital Crime & Forensics - Presentation
Digital Crime & Forensics - PresentationDigital Crime & Forensics - Presentation
Digital Crime & Forensics - Presentation
 
Computer forensics powerpoint presentation
Computer forensics powerpoint presentationComputer forensics powerpoint presentation
Computer forensics powerpoint presentation
 
Computer forensics ppt
Computer forensics pptComputer forensics ppt
Computer forensics ppt
 

Ähnlich wie Leveraging Digital Forensics | Patricia Watson

Forensics for IT, final attempt
Forensics for IT, final attemptForensics for IT, final attempt
Forensics for IT, final attempt
j9lai
 
Forensics for IT - ACC 626
Forensics for IT - ACC 626Forensics for IT - ACC 626
Forensics for IT - ACC 626
j9lai
 
Acc 626 slidecast - Forensics for IT
Acc 626 slidecast - Forensics for ITAcc 626 slidecast - Forensics for IT
Acc 626 slidecast - Forensics for IT
j9lai
 
Acc 626 slidecast
Acc 626 slidecastAcc 626 slidecast
Acc 626 slidecast
j9lai
 
ACC 626 - Forensics for IT
ACC 626 - Forensics for ITACC 626 - Forensics for IT
ACC 626 - Forensics for IT
j9lai
 
ACC 626 - Forensics for IT
ACC 626 - Forensics for ITACC 626 - Forensics for IT
ACC 626 - Forensics for IT
j9lai
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Damir Delija
 

Ähnlich wie Leveraging Digital Forensics | Patricia Watson (20)

CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
CLASS 2018 - Palestra de Denis Prado (Security Intelligence Sales Leader Lati...
 
Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst Applied cognitive security complementing the security analyst
Applied cognitive security complementing the security analyst
 
IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!IOCs Are Dead—Long Live IOCs!
IOCs Are Dead—Long Live IOCs!
 
Careers in Cyber Security
Careers in Cyber SecurityCareers in Cyber Security
Careers in Cyber Security
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011
 
Database development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwgDatabase development and security certification and accreditation plan pitwg
Database development and security certification and accreditation plan pitwg
 
Road map for actionable threat intelligence
Road map for actionable threat intelligenceRoad map for actionable threat intelligence
Road map for actionable threat intelligence
 
N.sai kiran IIITA AP
N.sai kiran IIITA APN.sai kiran IIITA AP
N.sai kiran IIITA AP
 
encase enterprise
encase enterprise encase enterprise
encase enterprise
 
Enhancing Soft Power: using cyberspace to enhance Soft Power
Enhancing Soft Power: using cyberspace to enhance Soft PowerEnhancing Soft Power: using cyberspace to enhance Soft Power
Enhancing Soft Power: using cyberspace to enhance Soft Power
 
Why do women love chasing down bad guys?
Why do women love chasing down bad guys? Why do women love chasing down bad guys?
Why do women love chasing down bad guys?
 
Forensics for IT, final attempt
Forensics for IT, final attemptForensics for IT, final attempt
Forensics for IT, final attempt
 
Forensics for IT - ACC 626
Forensics for IT - ACC 626Forensics for IT - ACC 626
Forensics for IT - ACC 626
 
Acc 626 slidecast - Forensics for IT
Acc 626 slidecast - Forensics for ITAcc 626 slidecast - Forensics for IT
Acc 626 slidecast - Forensics for IT
 
Acc 626 slidecast
Acc 626 slidecastAcc 626 slidecast
Acc 626 slidecast
 
ACC 626 - Forensics for IT
ACC 626 - Forensics for ITACC 626 - Forensics for IT
ACC 626 - Forensics for IT
 
ACC 626 - Forensics for IT
ACC 626 - Forensics for ITACC 626 - Forensics for IT
ACC 626 - Forensics for IT
 
Acc 626 slidecast - Forensics for IT
Acc 626 slidecast - Forensics for ITAcc 626 slidecast - Forensics for IT
Acc 626 slidecast - Forensics for IT
 
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
Encase cybersecurity alat za proaktivnu kontrolu korporativne it sigurnosti 2
 
Access data
Access dataAccess data
Access data
 

Mehr von Patricia M Watson

CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 Watson
Patricia M Watson
 
CyberSecThreats_R_U_atRisk_Watson
CyberSecThreats_R_U_atRisk_WatsonCyberSecThreats_R_U_atRisk_Watson
CyberSecThreats_R_U_atRisk_Watson
Patricia M Watson
 
ISACA President Letter | Patricia Watson | 2013
ISACA President Letter | Patricia Watson | 2013ISACA President Letter | Patricia Watson | 2013
ISACA President Letter | Patricia Watson | 2013
Patricia M Watson
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
Patricia M Watson
 
Computer Forensics | Patricia Watson | 2004
Computer Forensics | Patricia Watson | 2004Computer Forensics | Patricia Watson | 2004
Computer Forensics | Patricia Watson | 2004
Patricia M Watson
 
IT Governance | 2013 Interface Conf | Watson
IT Governance | 2013 Interface Conf | WatsonIT Governance | 2013 Interface Conf | Watson
IT Governance | 2013 Interface Conf | Watson
Patricia M Watson
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
Patricia M Watson
 
Cyber Security | Patricia Watson
Cyber Security | Patricia WatsonCyber Security | Patricia Watson
Cyber Security | Patricia Watson
Patricia M Watson
 

Mehr von Patricia M Watson (9)

CIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 WatsonCIA Trifecta ISACA Boise 2016 Watson
CIA Trifecta ISACA Boise 2016 Watson
 
CyberSecThreats_R_U_atRisk_Watson
CyberSecThreats_R_U_atRisk_WatsonCyberSecThreats_R_U_atRisk_Watson
CyberSecThreats_R_U_atRisk_Watson
 
Securing your cyberspace_Watson
Securing your cyberspace_WatsonSecuring your cyberspace_Watson
Securing your cyberspace_Watson
 
ISACA President Letter | Patricia Watson | 2013
ISACA President Letter | Patricia Watson | 2013ISACA President Letter | Patricia Watson | 2013
ISACA President Letter | Patricia Watson | 2013
 
Cyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise ChapterCyber Security Threats | IIA Boise Chapter
Cyber Security Threats | IIA Boise Chapter
 
Computer Forensics | Patricia Watson | 2004
Computer Forensics | Patricia Watson | 2004Computer Forensics | Patricia Watson | 2004
Computer Forensics | Patricia Watson | 2004
 
IT Governance | 2013 Interface Conf | Watson
IT Governance | 2013 Interface Conf | WatsonIT Governance | 2013 Interface Conf | Watson
IT Governance | 2013 Interface Conf | Watson
 
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia WatsonSCADA Cyber Sec | ISACA 2013 | Patricia Watson
SCADA Cyber Sec | ISACA 2013 | Patricia Watson
 
Cyber Security | Patricia Watson
Cyber Security | Patricia WatsonCyber Security | Patricia Watson
Cyber Security | Patricia Watson
 

Kürzlich hochgeladen

08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
Puma Security, LLC
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 

Kürzlich hochgeladen (20)

Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 

Leveraging Digital Forensics | Patricia Watson

  • 1. Leveraging Digital Forensic Skills to Deliver Cyber Technology Solutions Patricia Watson MBA | EnCE | GCFA 11.06.12
  • 2. Bio • Digital Forensic Program Manager, Boise Inc • Report to the Director of Internal Audit • DF, eDiscovery, Cyber Security Risk Assessments and IT Audits • Legal Forensic Specialist, Washington Group • Digital Forensic Student Intern at the Center for Cyber Defenders (CCD), Sandia National Labs in Albuquerque NM • 3 Forensic Certifications: NTI, GCFA, EnCE • Masters in Information Assurance, MBA and BA MIS from UNM • Part of the group that help start the curriculum for the Information Assurance Program • UNM was one of the first universities to have a Digital Forensics lab
  • 3. Overview  Digital Forensic Skills  Forensic Examiners  Incident Response  Malware Analysis  Cyber security risks assessments  Litigation Support  IT Governance, compliance and audits  A Few Sources  Questions?
  • 4. Quote “There’s zero correlation between being the best talker and having the best ideas” (Susan Cain)
  • 5. Forensic Skills Set  A broad range of technical, investigative, procedural, and legal skills  Disk geometry, file system anatomy, reverse engineering, evidence integrity, COC and criminal profiling  The ability to function in a complex, dynamic environment  Computer technology as well as legal and regulatory environments are constantly changing  The ability to objectively testify in a court of law  Reproduce incident, interpret results, be prepared for cross-examination
  • 6. Forensic Examiners  Introverts  Good listeners (think first, talk later)  Very private (foster confidentiality)  Focus-driven (enjoy performing deep dive analysis)  Embrace solitude (enjoy looking for the needle in a hay stack)  Irony…“forens” Latin word for “belonging to the public”
  • 7. Incident Response  Image acquisition  RAID rebuild  Data recovery and restoration  Partition/volume recovery  Analyzing log entries
  • 8. Malware Analysis  Forensic image is a great sandbox for malware analysis  Hash analysis, Memory dump, Timeline analysis
  • 9. Cyber Security Risk Assessments  Open ports  Active services  Hidden processes  Open handles  Network shares  User lists  OS fingerprinting
  • 10.
  • 11. Litigation Support  Preservation of ESI  Proximity keyword searching  Complex keyword crafting  Interpretation of FRCP  De-duping  Load files  Export native ESI
  • 12. IT Governance/Compliance/Audits  PCI compliance  HIPPA compliance  Antitrust compliance  Intellectual property  Identifying policy violations
  • 13. In summary…  Objectivity is of essence  Never underestimate the importance of skillset diversification  Continuously seek to enhance your communication skills  Seek opportunities to collaborate  “Excellence is not about technical competence but character” (Ernest Laurence)
  • 14. A few Sources • Techy Stuff: • NIST Guide to Integrating Forensic Techniques into Incident Response: http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf • US-CERT CSET: http://www.us-cert.gov/control_systems/satool.html • Soft Skills: • Working with Emotional Intelligence by Daniel Goleman • Great Communication Secrets of Great Leaders by John Baldoni • Leading Your Boss: The Subtle Art of Managing Up by John Baldoni • TED, Ideas worth Spreading: http://www.ted.com/talks • Professional Organizations: • HTCIA , ACFE, ISACA, ISSA…