Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer...
Transcript of Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer...
![Page 1: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/1.jpg)
Navigating Data Privacy Issues and Performing Computer Forensics in Corruption Investigations
International Pharmaceutical Compliance Congress May 2011
![Page 2: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/2.jpg)
Data Protection and Computer Forensics Slide 2
Agenda
► A brief introduction to data protection ► Data identification and preservation ► Computer forensics ► Corruption-specific analysis examples
![Page 3: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/3.jpg)
Data Protection and Computer Forensics Slide 3
DATA PROTECTION
![Page 4: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/4.jpg)
Data Protection and Computer Forensics Slide 4
OECD Data Protection Principles
► Notice ► Purpose ► Consent ► Security ► Disclosure ► Access ► Accountability
![Page 5: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/5.jpg)
Data Protection and Computer Forensics Slide 5
EU Data Protection Directive
► Incorporates OECD principles ► Conditions under which data may be processed
► Transparency ► Legitimate purpose ► Proportionality
► Varying implementations by country ► Non-EU data protection ► Other local or company considerations
► Unions or workers councils ► Company policies
![Page 6: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/6.jpg)
Data Protection and Computer Forensics Slide 6
Safe Harbor Principles
► Notice ► Choice ► Onward transfer ► Security ► Data integrity ► Access ► Enforcement
![Page 7: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/7.jpg)
Data Protection and Computer Forensics Slide 7
DATA IDENTIFICATION AND PRESERVATION
![Page 8: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/8.jpg)
Data Protection and Computer Forensics Slide 8
Electronic Discovery Process Model
Source: EY based on edrm.net
Information management
Keywords and batches
Data review and analysis
Report preparation
Results presentation
Volume of data Relevance
IdentificationPreservation
and Collection
Data processing and culling
Data extraction
![Page 9: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/9.jpg)
Data Protection and Computer Forensics Slide 9
Data Sources
Email Server(s)
Corporate Network (Intranet)
Employees’ workstations (desktop computers)
User Documents Emails
Other
File Server(s) – Network Shares
User documents Emails
Other
Employees’ portable computers
Other data sources
Portable devices Backup tapes Portable USB drives
![Page 10: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/10.jpg)
Data Protection and Computer Forensics Slide 10
0% 10% 20% 30% 40% 50% 60% 70% 80% 90%
Other
Video
Instant Messaging
Photos
Financial statements
Invoices
Databases
User docs
E-mails
Data types
Source: http://www.renewdata.com/pdf/ESG-Brief-RenewData-1008.pdf
![Page 11: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/11.jpg)
Data Protection and Computer Forensics Slide 11
Increasing storage capabilities
Source: EY
![Page 12: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/12.jpg)
Data Protection and Computer Forensics Slide 12
Increasing number of electronic documents
Source: EY
![Page 13: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/13.jpg)
Data Protection and Computer Forensics Slide 13
Data processing
eDiscovery system
Lotus Notes Database,nsf
Deduplication Indexing Data review
Data culling – narrowind down the number of emails and documents
Facilitating the review Analysis, documentation, classification
![Page 14: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/14.jpg)
Data Protection and Computer Forensics Slide 14
Data culling
Filtering the relevant items. Deduplication
Applying the keywords
Data review
Data collection ~ 140 GB / HDD
Data processing Export ~ 15 GB of data ► ~ 45 000 emails ► ~ 5 000 files
Data review Assigned for review ► ~ 1 000 - 1 500 emails and files
Production Preparation of production files ► ~ 10-20 docs per custodian
![Page 15: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/15.jpg)
Data Protection and Computer Forensics Slide 15
Identification – Common Issues
► Lack of an information management program ► Uncoordinated/de-centralized IT ► Addressing consent for former or unavailable employees ► Legacy systems ► Encrypted devices, hard drives or email boxes ► User usage patterns are not known
![Page 16: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/16.jpg)
Data Protection and Computer Forensics Slide 16
Preservation – Common Issues
► Document hold notices ► Rewriting of backup tapes ► Lack of understanding of what is maintained on servers ► Data for former employees ► Mobile/detachable media ► Information stored on clouds
![Page 17: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/17.jpg)
Data Protection and Computer Forensics Slide 17
Collection – Common issues
► Logistics ► Availability of devices ► Time to verify images ► Access to servers ► Understanding what media may be relevant ► What NOT to image ► Restoration of backup media ► Documentation of chain of custody ► EU data protection and the safe harbor
![Page 18: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/18.jpg)
Data Protection and Computer Forensics Slide 18
COMPUTER FORENSICS
![Page 19: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/19.jpg)
Data Protection and Computer Forensics Slide 19
Computer Forensics Basics
► Bit-by-bit image of the physical hard drive ► Data can also be forensically acquired from other
media ► Chain of custody assisted through MD5 hash ► Generally requires direct access to a custodian’s
computer ► Can be inconvenient for users ► Key questions:
► What do you hope to obtain from the hard drive imaging? ► What data will you analyze from the image?
![Page 20: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/20.jpg)
Data Protection and Computer Forensics Slide 20
Computer Forensics Analysis
► Samples of data available ► User data files (e.g. Office documents, emails, media) ► Internet history and cookies ► Recoverable deleted files ► RAM and file slack ► Registry information
► Snapshot of media at one point in time; triangulation with other sources may be more effective
► May provide hints to other data ► Deleted files are overwritten after time ► Analysis other than of user data files can be labor
intensive
![Page 21: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/21.jpg)
Data Protection and Computer Forensics Slide 21
CORRUPTION-SPECIFIC ANALYSIS EXAMPLES
![Page 22: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/22.jpg)
Data Protection and Computer Forensics Slide 22
Corruption-specific Analysis Examples
► Existence/use of other email accounts ► Traffic patterns between users ► Attempts to change data or obscure transactions
► Registry ► Deleted files ► Transaction and master file logs ► Transactions at odd hours
► Keyword searches ► User files from forensic images ► All files loaded onto an eDiscovery platform ► Structured data description fields
![Page 23: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/23.jpg)
Data Protection and Computer Forensics Slide 23
Corruption-specific Analysis Examples (continued)
► Accounting data analysis ► Transaction in accounts of interest ► Vendors with multiple bank accounts ► Bank accounts in unexpected countries ► Vendors in countries with poor Corruption Perception Index
scores ► Repeating transactions ► Payments to vendors that appear to be individuals ► Master files changes
![Page 24: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/24.jpg)
Data Protection and Computer Forensics Slide 24
Questions?
![Page 25: Navigating Data Privacy Issues and Performing Computer ...Slide 19 Data Protection and Computer Forensics Computer Forensics Basics Bit-by-bit image of the physical hard drive Data](https://reader035.fdocuments.in/reader035/viewer/2022071407/60fd9dd00dbd087a7f640c73/html5/thumbnails/25.jpg)
Data Protection and Computer Forensics Slide 25
SanDee I. Priser Zone Leader - Forensic Technology & Discovery Services Eschborn (Frankfurt), Germany +49 6196 996 27681 [email protected]