Leveraging Digital Forensics | Patricia Watson
-
date post
21-Oct-2014 -
Category
Technology
-
view
322 -
download
0
description
Transcript of Leveraging Digital Forensics | Patricia Watson
Leveraging Digital Forensic
Skills to Deliver Cyber
Technology Solutions
Patricia Watson MBA | EnCE | GCFA
11.06.12
Bio
• Digital Forensic Program Manager, Boise Inc
• Report to the Director of Internal Audit
• DF, eDiscovery, Cyber Security Risk Assessments and IT Audits
• Legal Forensic Specialist, Washington Group
• Digital Forensic Student Intern at the Center for Cyber Defenders (CCD), Sandia National Labs in Albuquerque NM
• 3 Forensic Certifications: NTI, GCFA, EnCE
• Masters in Information Assurance, MBA and BA MIS from UNM
• Part of the group that help start the curriculum for the Information Assurance Program
• UNM was one of the first universities to have a Digital Forensics lab
Overview
Digital Forensic Skills
Forensic Examiners
Incident Response
Malware Analysis
Cyber security risks assessments
Litigation Support
IT Governance, compliance and audits
A Few Sources
Questions?
Quote
“There’s zero
correlation between
being the best talker
and having the best
ideas” (Susan Cain)
Forensic Skills Set
A broad range of technical, investigative,
procedural, and legal skills
Disk geometry, file system anatomy, reverse
engineering, evidence integrity, COC and
criminal profiling
The ability to function in a complex,
dynamic environment
Computer technology as well as legal and
regulatory environments are constantly changing
The ability to objectively testify in a
court of law
Reproduce incident, interpret results, be
prepared for cross-examination
Forensic Examiners
Introverts
Good listeners (think first, talk later)
Very private (foster confidentiality)
Focus-driven (enjoy performing deep dive
analysis)
Embrace solitude (enjoy looking for the needle
in a hay stack)
Irony…“forens” Latin word for “belonging to
the public”
Incident Response
Image acquisition
RAID rebuild
Data recovery and restoration
Partition/volume recovery
Analyzing log entries
Malware Analysis
Forensic image is a great sandbox for malware
analysis
Hash analysis, Memory dump, Timeline analysis
Cyber Security Risk Assessments
Open ports
Active services
Hidden processes
Open handles
Network shares
User lists
OS fingerprinting
Litigation Support
Preservation of ESI
Proximity keyword searching
Complex keyword crafting
Interpretation of FRCP
De-duping
Load files
Export native ESI
IT Governance/Compliance/Audits
PCI compliance
HIPPA compliance
Antitrust compliance
Intellectual property
Identifying policy violations
In summary…
Objectivity is of essence
Never underestimate the importance of
skillset diversification
Continuously seek to enhance your
communication skills
Seek opportunities to collaborate
“Excellence is not about technical
competence but character” (Ernest
Laurence)
A few Sources
• Techy Stuff: • NIST Guide to Integrating Forensic Techniques into Incident Response:
http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf
• US-CERT CSET: http://www.us-cert.gov/control_systems/satool.html
• Soft Skills: • Working with Emotional Intelligence by Daniel Goleman
• Great Communication Secrets of Great Leaders by John Baldoni
• Leading Your Boss: The Subtle Art of Managing Up by John Baldoni
• TED, Ideas worth Spreading: http://www.ted.com/talks
• Professional Organizations: • HTCIA , ACFE, ISACA, ISSA…
Questions?