A Glimpse Into Digital Forensics

7/31/2019 A Glimpse Into Digital Forensics

1/19

Click to edit Master subtitlestyle

6/12/12

Click icon to addpicture

A Glimpse Into DigitalForensics

Methods for Preventing Employee Theft & Embezzlement in the

Digital Age

rvminc.com

Gregory M. CancillaRVM Director ofForensics

Presentedby
http://www.rvminc.com/http://www.rvminc.com/


2/19

6/12/12

Terminology

Digital Forensics-The application of science to theidentification, collection, examination, and analysis of data[Electronically Stored Information (ESI)] while preserving the integrityof the information and maintaining a strict chain of custody for thedata.SOURCE: Special Publication (SP) 800 series (SP 800-86)

Forensic Specialist- A professional who locates, identifies,collects, analyzes, and examines data while preserving the integrityand maintaining a strict chain of custody of information discovered.

SOURCE: Special Publication (SP) 800 Series (SP 800-72)


3/19

6/12/12

Information created, manipulated,communicated, stored, and best utilized indigital form, requiring the use of computerhardware and software.

- Kenneth J. Withers, Managing Director, The Sedona Conference

NORTHWESTERN JOURNAL OF TECHNOLOGY AND INTELLECTUALPROPERTY

Spring 2006

What is Electronically StoredInformation (ESI)?


4/19

6/12/12

Computers

Custodian local & home drives

PrintersServers

Network shares

Collaboration software & tools

Cloud

Dropbox

Mobile devices e.g., iPad, Android, Blackberry, iPhone

Back up tapes

USB drives

Memory cards

PDAs

Smart phones

Digital cameras

Any storage device

Possible Sources of ESI


5/19

6/12/12

Email servers

Microsoft Exchange

GroupWise

Lotus Notes

Web hosted email Gmail

Hotmail

Email archives

Symantec Enterprise Vault

FrontBridge Zantaz EAS

Sample Types of ESI


6/19

6/12/12

ESI Hot Topic: Mobile Devices

www.rvminc.com

Mobile devices are ubiquitous wellsprings of ESI

including:

Emails

Text messages

Contacts

Calendars

Pictures

Taken or stored

Videos

Call Logs

Websites visited

Downloads


7/196/12/12

Take a snapshot in certaincircumstances as employeeleaves

Should the computer be usedafter incident occurs?

What is a forensic copy?

Computer Forensics


8/196/12/12

Self Collection (i.e., IT personnel) Lets let the IT staff do it

Why invest in a forensic expert over ITpersonnel for data collections?

Verifies complete, defensible data collection

Preserves metadata

Maintains chain of custody Neutral third party

Self Collection vs. Forensic

Expert


9/196/12/12

Self-Collection Pitfalls-Data that is not properlyhandled can result in:

Inadvertent evidence corruption (spoliation)

Lackof proper chain of custody

Improper judgment callby custodian as to what isresponsive

Goingtoo broad ornarrowwith data collection

o ec ng :Self Collection vs. Forensics Expert

Continued


10/19

6/12/12

Why choose a forensic expert over IT personnelfor data collections?

Ghost Image

Preservation of metadata

Maintaining chain of custody

Logging

IT vs. Forensic Expert


11/19

6/12/12

Examples of Digital ForensicsOfferings

Meet and Confer Consultation

Forensic Harvesting(on-site, off-site, or remote)

Preservation of metadata

Maintenance of chain of custody

Handheld Forensics

Targeted Collection

Forensic Analysis

Filters, Boolean, Keywords Date range


12/19

6/12/12

Considerations for Engaging a ForensicExpert

Certifications EnCase Certified Examiner (EnCE)

AccessData Certified Examiner (ACE)

Safe Harbor Certification

Software Open Source vs. Closed Source

Training

Experience

Tips for retaining a forensic expert


13/19


14/19

6/12/12

Technology

forensic experts use cutting-edge technologyand follow strictprocedural guidelinesto ensure the accuracy of thepreservation of evidence

Some of the key forensic toolsexpertsuse and are certified ininclude:

Guidance Softwares EnCase

AccessDatas Forensic Toolkit (FTK)

Parabens Network Email Examiner

Kroll Ontracks Power Controls

Cellebrites Universal Forensics Extraction Device(UFED)


15/19

6/12/12

Forensic experts can assist clients in responding to litigation

via:

Consulting clients counsel on Meet and Conferappointments

Preemptively preparing forensically sound data

collection Developing models for legal hold preservation

Bolstering defensibility

Satisfying best practices standards and legalrequirements

Devising practices and implement technology forcommunication and enforcing legal hold compliance

Assisting client counsel in preparation for depositions

Serving as an expert witness

Responding to Litigation


16/19

6/12/12

Examples of Litigation Matters ForForensic Expert Engagement

Commercial litigation Product Liability

Corporate and transactional

Regulatory SEC

Mergers & Acquisitions

Second Requests

Intellectual property Trademark infringement

Theft of intellectual property Tem orar Restrainin Order TRO


17/19

6/12/12

Questions & Comments

G C ill E CE ACE


18/19

6/12/12

Greg Cancilla, EnCE, ACE is a

Certified Computer Forensic

Engineer and the Director of

Forensics at RVM. He is

experienced in the preservation,

identification, extraction,

documentation and

Greg Cancilla, EnCE, ACEDirector of Forensics
http://www.rvminc.com/


19/19

RVM New York(Headquarters)800.525.7915

[email protected] Pine Street, 10th Floor

New York, NY 10005 RVM Chicago

RVM Cleveland

212.693.1525

rvminc.com
http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/mailto:[email protected]://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/http://www.rvminc.com/mailto:[email protected]

A Glimpse Into Digital Forensics

Documents

Transcript of A Glimpse Into Digital Forensics