Professional Documents
Culture Documents
Week 1: Computer Forensics and Investigations As A Profession
Week 1: Computer Forensics and Investigations As A Profession
Week 1: Computer Forensics and Investigations As A Profession
Understanding Computer
Forensics
Definition
cont
cont
cont
cont
Man pleads guilt to hacking intrusion and theft of
data costing company $5.8 million
Daniel Jeremy was charged with illegally
accessing a protected computer and stealing
customer databases from Acxiom that
maintains customer information for automotive
manufacturers, bank, credit card issuers, and
retailers, among others. Daniel worked as a
computer system administrator.
cont
- Servers
- Workstations
- Personal Digital Assistants (PDAs)
- Other devices (removable media, printers,
webcams, faxes, and copiers.
Auditing
Auditing is the process of tracking users and
their actions on a network.
You should audit access use and rights changes
to prevent unauthorized or unintentional
access by a guest or restricted user account.
This will prevent access to sensitive or protected
resources.
cont
- Auditing should be a clear-cut plan built around
goals and policies.
- When deciding what to audit, first identify
potential resources at risk within your network
environment.
- These resource might be sensitive files,
financial applications, and personnel files.
cont
- Set up the audit policy through the operating
system tools
- It is useful to monitor successful as well as
failed access attempts
- Auditing is resource intensive and can easily
add additional load to your server
- Make time to view the logs
cont
- Courts requires information instead of
equipment be seized, and information must be
ample and unaltered.
- Computer forensic examiners can help
prosecute a case with advice about how to
present computer-related evidence in court.
cont
- Team members should be the following personnel:
- The team should come from Security and IT personnel.
- Someone to deal with communication with management
and employees
- Someone to deal with communication with vendors,
business partners and press
- Developers of in-house applications and interfaces
- Database managers
cont
- Assembling the response team
- Diagnosing the problem and identifying
possible solutions and setting priorities.
- Gathering all the information learned about the
incident
- Communicating the incident (other people like
press,clients).