SlideShare a Scribd company logo
1 of 20
Download to read offline
“Why have a Digital Investigative
        Infrastructure”

Kevin Wharram CISSP, CISM, CEH
Technical Manager – Guidance Software Inc. – The Maker of EnCase
                                             © 2008 Guidance Software, Inc. All Rights Reserved.
P A G E       1




© 2008 Guidance Software, Inc. All Rights Reserved.
Agenda
                                                                               P A G E       2




Industry Headlines
Cause and Cost of data breaches
Identify some methods on how data is taken
Identify Challenges in protecting data
What to do after you have a had a data breach
Case Study
EnCase Enterprise




                                             © 2008 Guidance Software, Inc. All Rights Reserved.
Industry Headlines
                                                                                                                 P A G E       3




                                        T.J. Maxx Breach Costs Hit
                                        $17 Million

                      BOSTON - Information from at least 45.7 million
                      credit and debit cards was stolen by hackers who
                      accessed TJX’s customer information in a security
                      breach that the discount retailer disclosed more
                      than two months ago.




                   Thieves setup data                                      Old hard drives still full
                   supermarkets                                            of sensitive data


Web criminals are stepping back from infecting         Hard drives full of confidential data are still
computers themselves and creating "one-stop            turning up on the second-hand market,
shops" which offer gigabytes of data for a fixed       researchers have reported.
price. Credit card details are cheap, however, the
log files of big companies can go for up to $300




                                                                               © 2008 Guidance Software, Inc. All Rights Reserved.
                                                                                                                              3
Cause of Data Breaches
                                                                                   P A G E       4




 Source : The Ponemon Institute - (PGP Survey)


                                                 © 2008 Guidance Software, Inc. All Rights Reserved.
                                                                                                4
Cost of Data Breaches
                                                                                P A G E       5




Key Statistics

   Data breaches cost US companies an average of
   $197 for every record lost
   The size of the losses examined ranged from from
   $225,000 to almost $35 million
   Source : The Ponemon Institute




                                              © 2008 Guidance Software, Inc. All Rights Reserved.
                                                                                             5
What type of Data are at Risk?
                                                                               P A G E       6




 Intellectual Property          Customer Data
   Design Documents               Personal Data
   Source Code                    Credit card numbers
   Trade secrets                  Customer financial data

 Corporate Data                 Government Data
   Financial data                 Economic data i.e.
   Mergers & Acquisition info     Dobanda – “what is it
                                  worth?”
   HR data i.e. employee
   data                           Intelligence information

   Marketing and Sales data       Law Enforcement
                                  Information

                                             © 2008 Guidance Software, Inc. All Rights Reserved.
                                                                                            6
What leads to a Data Breach
                                                                                P A G E       7




Lack of senior management understanding and
recognition of a problem
Criminal / Malicious Intent
Lack of internal processes and controls
Weak internal controls (role and access right changes)
Vulnerability Management / Patching practices
Organisation Culture (they owe me attitude)
Incidental opportunities




                                              © 2008 Guidance Software, Inc. All Rights Reserved.
                                                                                             7
How is Data Taken?
                                                                                P A G E       8




Portable storage devices – USB, Cameras, PDA’s etc
iPods and MP3 players – “PodSlurping”
email – personal webmail i.e. Yahoo, Google, etc
Taking out or sending DVD / CD’s
Spear Phishing – targeting specific companies for
information; then using that information to steal data
Exploiting corporate systems, networks and laptops
through system and software vulnerabilities
Using telephone conference pin numbers




                                              © 2008 Guidance Software, Inc. All Rights Reserved.
                                                                                             8
Challenges facing Companies
                                                                               P A G E       9




Confusing Regulatory environment – EU Data
Protection Directive 95/46/EC, Internet Banking Code
MCTI, International Banking Regulation, SOX, PCI
compliance, etc
Ensuring sensitive data is not located in unauthorised
areas of the network
Not being able to remediate instances of confidential
information residing where it shouldn't be
Not being able to remediate instances of unauthorised
applications, software and files on systems
Not having a procedural and technical infrastructure
in place to respond to security breaches


                                             © 2008 Guidance Software, Inc. All Rights Reserved.
                                                                                            9
P A G E       10




My Data is gone! – “what do I do?”




                           © 2008 Guidance Software, Inc. All Rights Reserved.
                                                                        10
Incident Response
                                                                               P A G E       11




Don’t panic
Follow your incident response plan and
procedures
Investigate completely using a forensically
sound investigation platform
Disclose information only on a need to know
basis
Clean up & Remediate




                                              © 2008 Guidance Software, Inc. All Rights Reserved.
                                                                                           11
Inadequate Incident Response
                                                                 P A G E       12




   OPERATING SYSTEM
                             You can’t
                               FIX
                             or STOP
                             what you
                            can’t FIND
                             … quickly

                         SK!
                        I SK!
                       RI
                       R


  HARD DISK & MEMORY
                                © 2008 Guidance Software, Inc. All Rights Reserved.
Case Study

Global 100 Technology Firm –
EnCase Data Audit & Policy Enforcement
                                                                                                       P A G E       13




Situation                        Solution                          Results
 Global 100 computer               EnCase Data Audit &               Targeted audit of over 50
 entertainment company             Policy Enforcement                devices in one day including;
 suspected IP leakage across       implemented in 24 hours           laptops, desktops, servers,
 the network                       at a central site                 email accounts, USB’s and
                                                                     internet histories
 Need to search global             EnCase identified the
                                                                     Zero disruption to the
 network spanning 91               suspect had access to             business
 countries                         numerous other
                                   workstations & servers            Entire investigation took 2
 Goal was to identify              across the network                weeks from start to finish
 source, all instances of                                            with significant cost savings
 leaked IP, identify the trail     Audit performed                   vs. outsource options
 to external sites, preserve       overnight on all endpoints,
                                                                     EnCase Data Audit deployed
 evidence, and remediate           including a 4 terabyte            as part of a standard IP &
                                   server, to find files             HR audit process company-
 Process required
 significant stealth so as to                                        wide
 not alert employees



“The non-disruptive element of EnCase minimized the financial, commercial and operational impact
of the leaked IP and accelerated the successful resolution of this incident.”
                     CEO & President - European Operations, Global 100 Technology Firm


                                                                      © 2008 Guidance Software, Inc. All Rights Reserved.
EnCase Enterprise
                                                                             P A G E       14




EnCase Enterprise is a powerful, network-enabled,
multi-platform enterprise investigation solution.
EnCase enables immediate response to computer-
related incidents of any kind and enables thorough
forensics platform and framework allowing
organisations to immediately respond to enterprise
information incidents and threats.




                                            © 2008 Guidance Software, Inc. All Rights Reserved.
                                                                                         14
Benefits of EnCase Enterprise
                                                                                P A G E       15




Contain and reduce corporate fraud
Conduct network-enabled forensic
investigations for anything, anywhere,
anytime
Perform a complete compromise assessments
after a security intrusion
Reduce business disruption and losses due to
security breaches
Respond to more security incidents with less
manpower
Conduct network-enabled HR investigations


                                               © 2008 Guidance Software, Inc. All Rights Reserved.
The “Data Iceberg”
                                                                       P A G E       16




              Data found by common tools
               (such as Windows Explorer)


                Additional data uncovered by
                EnCase Enterprise
                Purposely deleted files
                Renamed to disguise content
                Concealed files
                Misplaced / Difficult to locate files



16
                                      © 2008 Guidance Software, Inc. All Rights Reserved.
Examples of where EnCase helps
                                                                                                      P A G E       17




Threat / challenge                                 Examples
Leavers                   Possible unfair dismissal claims
                          Corporate espionage – taking out confidential data
Employee Integrity        Harassing co workers
                          Pornography - (Civil Action can be brought upon by an employee for
                          being affected by porn
HR Policy Breaches        E-mail misconduct
                          Internet misconduct
                          PC / Desktop misuse (Personal Software)
Audits                    Software audits
                          SOX audits
Regulatory Compliance     EU Data Directive 95 / 46
Fraud                     Investigating various forms of fraud
IP Theft                  Investigating IP theft within your organisation
Legal Cases               Helping legal with various request for legal cases
Malware & Rootkits        Investigating and finding various forms of Malware and Rootkits
Unauthorised software     Finding and detected unauthorised software i.e. MP3, Video etc
Investigating Incidents   Helping the security team to investigate incidents



                                                                     © 2008 Guidance Software, Inc. All Rights Reserved.
EnCase Customers
                                                    P A G E       18




                   © 2008 Guidance Software, Inc. All Rights Reserved.
Multumesc!
kevin.wharram@guidancesoftware.com

                          © 2008 Guidance Software, Inc. All Rights Reserved.

More Related Content

What's hot

Electronic Data Discovery
Electronic Data DiscoveryElectronic Data Discovery
Electronic Data DiscoveryCarahsoft
 
Shaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsShaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsImperva
 
SYMCInvestorPresentationDec2008II
SYMCInvestorPresentationDec2008IISYMCInvestorPresentationDec2008II
SYMCInvestorPresentationDec2008IIfinance40
 
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest MindsWhitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest MindsHappiest Minds Technologies
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperBen Rothke
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark, CISSP, CISA
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Erik Ginalick
 
Case Problem for Global Finance, Inc.
Case Problem for Global Finance, Inc.Case Problem for Global Finance, Inc.
Case Problem for Global Finance, Inc.David Bustin
 
My Risk Assessment and Mitigation Strategy by David Bustin
My Risk Assessment and Mitigation Strategy by David BustinMy Risk Assessment and Mitigation Strategy by David Bustin
My Risk Assessment and Mitigation Strategy by David BustinDavid Bustin
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecuritySounil Yu
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017japijapi
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Sounil Yu
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?IBM Security
 

What's hot (20)

Electronic Data Discovery
Electronic Data DiscoveryElectronic Data Discovery
Electronic Data Discovery
 
Shaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 StepsShaping-Up SharePoint Security in 5 Steps
Shaping-Up SharePoint Security in 5 Steps
 
SYMCInvestorPresentationDec2008II
SYMCInvestorPresentationDec2008IISYMCInvestorPresentationDec2008II
SYMCInvestorPresentationDec2008II
 
APT & What we can do TODAY
APT & What we can do TODAYAPT & What we can do TODAY
APT & What we can do TODAY
 
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest MindsWhitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
Whitepaper: IP Risk Assessment & Loss Prevention - Happiest Minds
 
Investor Presentation
Investor PresentationInvestor Presentation
Investor Presentation
 
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBMProtecting the "Crown Jewels" by Henrik Bodskov, IBM
Protecting the "Crown Jewels" by Henrik Bodskov, IBM
 
Investor presentation2013
Investor presentation2013Investor presentation2013
Investor presentation2013
 
Information Security for Small Business
Information Security for Small BusinessInformation Security for Small Business
Information Security for Small Business
 
The Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White PaperThe Need for DLP now - A Clearswift White Paper
The Need for DLP now - A Clearswift White Paper
 
Julius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers MiserableJulius Clark is Making Criminal Hackers Miserable
Julius Clark is Making Criminal Hackers Miserable
 
Information Security For Small Business
Information Security For Small BusinessInformation Security For Small Business
Information Security For Small Business
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991Managed Security For A Not So Secure World Wp090991
Managed Security For A Not So Secure World Wp090991
 
Case Problem for Global Finance, Inc.
Case Problem for Global Finance, Inc.Case Problem for Global Finance, Inc.
Case Problem for Global Finance, Inc.
 
My Risk Assessment and Mitigation Strategy by David Bustin
My Risk Assessment and Mitigation Strategy by David BustinMy Risk Assessment and Mitigation Strategy by David Bustin
My Risk Assessment and Mitigation Strategy by David Bustin
 
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of SecurityDistributed Immutable Ephemeral - New Paradigms for the Next Era of Security
Distributed Immutable Ephemeral - New Paradigms for the Next Era of Security
 
Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017Reality of cybersecurity 11.4.2017
Reality of cybersecurity 11.4.2017
 
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
Understanding The Security Vendor Landscape Using the Cyber Defense Matrix (R...
 
Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?Securing Your "Crown Jewels": Do You Have What it Takes?
Securing Your "Crown Jewels": Do You Have What it Takes?
 

Similar to Why Have A Digital Investigative Infrastructure

Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckNetIQ
 
Data security in a big data environment sweden
Data security in a big data environment   swedenData security in a big data environment   sweden
Data security in a big data environment swedenIBM Sverige
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataIBM Security
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceJeff Lemmermann
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughSavvius, Inc
 
Fraud webinar - Prevention & Risk Management
Fraud webinar - Prevention & Risk ManagementFraud webinar - Prevention & Risk Management
Fraud webinar - Prevention & Risk ManagementFernando Mesa
 
Big data security
Big data securityBig data security
Big data securityCloudBees
 
Shield db data security
Shield db   data securityShield db   data security
Shield db data securityMousumi Manna
 
Shield db data security
Shield db   data securityShield db   data security
Shield db data securityMousumi Manna
 
Shield db data security
Shield db   data securityShield db   data security
Shield db data securityTapan Biswas
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationSridhar Karnam
 
Big data security the perfect storm
Big data security   the perfect stormBig data security   the perfect storm
Big data security the perfect stormUlf Mattsson
 
Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Bonagiri Rajitha
 
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012   Wolfgang Nimfuehr - Bringing Big Data to the EnterpriseEDF2012   Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the EnterpriseEuropean Data Forum
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinSridhar Karnam
 
Ssi Data Protection Solutions V0.2
Ssi Data Protection Solutions V0.2Ssi Data Protection Solutions V0.2
Ssi Data Protection Solutions V0.2olambel
 
SYMCInvestorPresentationDec2008II
SYMCInvestorPresentationDec2008IISYMCInvestorPresentationDec2008II
SYMCInvestorPresentationDec2008IIfinance40
 
Fundamentals of Information Systems Security Lesson 3Malic.docx
Fundamentals of Information Systems Security Lesson 3Malic.docxFundamentals of Information Systems Security Lesson 3Malic.docx
Fundamentals of Information Systems Security Lesson 3Malic.docxshericehewat
 

Similar to Why Have A Digital Investigative Infrastructure (20)

Proven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS DeckProven Practices to Protect Critical Data - DarkReading VTS Deck
Proven Practices to Protect Critical Data - DarkReading VTS Deck
 
Data security in a big data environment sweden
Data security in a big data environment   swedenData security in a big data environment   sweden
Data security in a big data environment sweden
 
On Demand Cloud Services Coury
On Demand Cloud Services   CouryOn Demand Cloud Services   Coury
On Demand Cloud Services Coury
 
Bridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical DataBridging the Gap Between Your Security Defenses and Critical Data
Bridging the Gap Between Your Security Defenses and Critical Data
 
IT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 ConferenceIT Security Presentation - IIMC 2014 Conference
IT Security Presentation - IIMC 2014 Conference
 
Cyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enoughCyber Security - IDS/IPS is not enough
Cyber Security - IDS/IPS is not enough
 
Fraud webinar - Prevention & Risk Management
Fraud webinar - Prevention & Risk ManagementFraud webinar - Prevention & Risk Management
Fraud webinar - Prevention & Risk Management
 
Big data security
Big data securityBig data security
Big data security
 
Shield db data security
Shield db   data securityShield db   data security
Shield db data security
 
Shield db data security
Shield db   data securityShield db   data security
Shield db data security
 
Shield db data security
Shield db   data securityShield db   data security
Shield db data security
 
Top 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integrationTop 10 tips for effective SOC/NOC collaboration or integration
Top 10 tips for effective SOC/NOC collaboration or integration
 
Big data security the perfect storm
Big data security   the perfect stormBig data security   the perfect storm
Big data security the perfect storm
 
Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)Presentation1 110616195133-phpapp01(information security)
Presentation1 110616195133-phpapp01(information security)
 
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012   Wolfgang Nimfuehr - Bringing Big Data to the EnterpriseEDF2012   Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
EDF2012 Wolfgang Nimfuehr - Bringing Big Data to the Enterprise
 
Big Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy FranklinBig Data Security Analytics (BDSA) with Randy Franklin
Big Data Security Analytics (BDSA) with Randy Franklin
 
Ssi Data Protection Solutions V0.2
Ssi Data Protection Solutions V0.2Ssi Data Protection Solutions V0.2
Ssi Data Protection Solutions V0.2
 
Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9Symantec Data Loss Prevention 9
Symantec Data Loss Prevention 9
 
SYMCInvestorPresentationDec2008II
SYMCInvestorPresentationDec2008IISYMCInvestorPresentationDec2008II
SYMCInvestorPresentationDec2008II
 
Fundamentals of Information Systems Security Lesson 3Malic.docx
Fundamentals of Information Systems Security Lesson 3Malic.docxFundamentals of Information Systems Security Lesson 3Malic.docx
Fundamentals of Information Systems Security Lesson 3Malic.docx
 

Recently uploaded

AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Commit University
 

Recently uploaded (20)

AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)Crea il tuo assistente AI con lo Stregatto (open source python framework)
Crea il tuo assistente AI con lo Stregatto (open source python framework)
 

Why Have A Digital Investigative Infrastructure

  • 1. “Why have a Digital Investigative Infrastructure” Kevin Wharram CISSP, CISM, CEH Technical Manager – Guidance Software Inc. – The Maker of EnCase © 2008 Guidance Software, Inc. All Rights Reserved.
  • 2. P A G E 1 © 2008 Guidance Software, Inc. All Rights Reserved.
  • 3. Agenda P A G E 2 Industry Headlines Cause and Cost of data breaches Identify some methods on how data is taken Identify Challenges in protecting data What to do after you have a had a data breach Case Study EnCase Enterprise © 2008 Guidance Software, Inc. All Rights Reserved.
  • 4. Industry Headlines P A G E 3 T.J. Maxx Breach Costs Hit $17 Million BOSTON - Information from at least 45.7 million credit and debit cards was stolen by hackers who accessed TJX’s customer information in a security breach that the discount retailer disclosed more than two months ago. Thieves setup data Old hard drives still full supermarkets of sensitive data Web criminals are stepping back from infecting Hard drives full of confidential data are still computers themselves and creating "one-stop turning up on the second-hand market, shops" which offer gigabytes of data for a fixed researchers have reported. price. Credit card details are cheap, however, the log files of big companies can go for up to $300 © 2008 Guidance Software, Inc. All Rights Reserved. 3
  • 5. Cause of Data Breaches P A G E 4 Source : The Ponemon Institute - (PGP Survey) © 2008 Guidance Software, Inc. All Rights Reserved. 4
  • 6. Cost of Data Breaches P A G E 5 Key Statistics Data breaches cost US companies an average of $197 for every record lost The size of the losses examined ranged from from $225,000 to almost $35 million Source : The Ponemon Institute © 2008 Guidance Software, Inc. All Rights Reserved. 5
  • 7. What type of Data are at Risk? P A G E 6 Intellectual Property Customer Data Design Documents Personal Data Source Code Credit card numbers Trade secrets Customer financial data Corporate Data Government Data Financial data Economic data i.e. Mergers & Acquisition info Dobanda – “what is it worth?” HR data i.e. employee data Intelligence information Marketing and Sales data Law Enforcement Information © 2008 Guidance Software, Inc. All Rights Reserved. 6
  • 8. What leads to a Data Breach P A G E 7 Lack of senior management understanding and recognition of a problem Criminal / Malicious Intent Lack of internal processes and controls Weak internal controls (role and access right changes) Vulnerability Management / Patching practices Organisation Culture (they owe me attitude) Incidental opportunities © 2008 Guidance Software, Inc. All Rights Reserved. 7
  • 9. How is Data Taken? P A G E 8 Portable storage devices – USB, Cameras, PDA’s etc iPods and MP3 players – “PodSlurping” email – personal webmail i.e. Yahoo, Google, etc Taking out or sending DVD / CD’s Spear Phishing – targeting specific companies for information; then using that information to steal data Exploiting corporate systems, networks and laptops through system and software vulnerabilities Using telephone conference pin numbers © 2008 Guidance Software, Inc. All Rights Reserved. 8
  • 10. Challenges facing Companies P A G E 9 Confusing Regulatory environment – EU Data Protection Directive 95/46/EC, Internet Banking Code MCTI, International Banking Regulation, SOX, PCI compliance, etc Ensuring sensitive data is not located in unauthorised areas of the network Not being able to remediate instances of confidential information residing where it shouldn't be Not being able to remediate instances of unauthorised applications, software and files on systems Not having a procedural and technical infrastructure in place to respond to security breaches © 2008 Guidance Software, Inc. All Rights Reserved. 9
  • 11. P A G E 10 My Data is gone! – “what do I do?” © 2008 Guidance Software, Inc. All Rights Reserved. 10
  • 12. Incident Response P A G E 11 Don’t panic Follow your incident response plan and procedures Investigate completely using a forensically sound investigation platform Disclose information only on a need to know basis Clean up & Remediate © 2008 Guidance Software, Inc. All Rights Reserved. 11
  • 13. Inadequate Incident Response P A G E 12 OPERATING SYSTEM You can’t FIX or STOP what you can’t FIND … quickly SK! I SK! RI R HARD DISK & MEMORY © 2008 Guidance Software, Inc. All Rights Reserved.
  • 14. Case Study Global 100 Technology Firm – EnCase Data Audit & Policy Enforcement P A G E 13 Situation Solution Results Global 100 computer EnCase Data Audit & Targeted audit of over 50 entertainment company Policy Enforcement devices in one day including; suspected IP leakage across implemented in 24 hours laptops, desktops, servers, the network at a central site email accounts, USB’s and internet histories Need to search global EnCase identified the Zero disruption to the network spanning 91 suspect had access to business countries numerous other workstations & servers Entire investigation took 2 Goal was to identify across the network weeks from start to finish source, all instances of with significant cost savings leaked IP, identify the trail Audit performed vs. outsource options to external sites, preserve overnight on all endpoints, EnCase Data Audit deployed evidence, and remediate including a 4 terabyte as part of a standard IP & server, to find files HR audit process company- Process required significant stealth so as to wide not alert employees “The non-disruptive element of EnCase minimized the financial, commercial and operational impact of the leaked IP and accelerated the successful resolution of this incident.” CEO & President - European Operations, Global 100 Technology Firm © 2008 Guidance Software, Inc. All Rights Reserved.
  • 15. EnCase Enterprise P A G E 14 EnCase Enterprise is a powerful, network-enabled, multi-platform enterprise investigation solution. EnCase enables immediate response to computer- related incidents of any kind and enables thorough forensics platform and framework allowing organisations to immediately respond to enterprise information incidents and threats. © 2008 Guidance Software, Inc. All Rights Reserved. 14
  • 16. Benefits of EnCase Enterprise P A G E 15 Contain and reduce corporate fraud Conduct network-enabled forensic investigations for anything, anywhere, anytime Perform a complete compromise assessments after a security intrusion Reduce business disruption and losses due to security breaches Respond to more security incidents with less manpower Conduct network-enabled HR investigations © 2008 Guidance Software, Inc. All Rights Reserved.
  • 17. The “Data Iceberg” P A G E 16 Data found by common tools (such as Windows Explorer) Additional data uncovered by EnCase Enterprise Purposely deleted files Renamed to disguise content Concealed files Misplaced / Difficult to locate files 16 © 2008 Guidance Software, Inc. All Rights Reserved.
  • 18. Examples of where EnCase helps P A G E 17 Threat / challenge Examples Leavers Possible unfair dismissal claims Corporate espionage – taking out confidential data Employee Integrity Harassing co workers Pornography - (Civil Action can be brought upon by an employee for being affected by porn HR Policy Breaches E-mail misconduct Internet misconduct PC / Desktop misuse (Personal Software) Audits Software audits SOX audits Regulatory Compliance EU Data Directive 95 / 46 Fraud Investigating various forms of fraud IP Theft Investigating IP theft within your organisation Legal Cases Helping legal with various request for legal cases Malware & Rootkits Investigating and finding various forms of Malware and Rootkits Unauthorised software Finding and detected unauthorised software i.e. MP3, Video etc Investigating Incidents Helping the security team to investigate incidents © 2008 Guidance Software, Inc. All Rights Reserved.
  • 19. EnCase Customers P A G E 18 © 2008 Guidance Software, Inc. All Rights Reserved.
  • 20. Multumesc! kevin.wharram@guidancesoftware.com © 2008 Guidance Software, Inc. All Rights Reserved.