forensics for managers
play

Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, - PowerPoint PPT Presentation

Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, NSA/IAM 703-961-9456 Extension 128 Introduction US Marines, Special Intelligence Communicator Bachelors in Management Masters of Business Administration Solaris


  1. Forensics for Managers x Ryan Washington MBA, CISSP, CCE, CEH, NSA/IAM 703-961-9456 Extension 128

  2. Introduction ◆ US Marines, Special Intelligence Communicator ◆ Bachelors in Management ◆ Masters of Business Administration ◆ Solaris Administrator ◆ Computer Nerd 2

  3. Purpose of Presentation ◆ Awareness ◆ Knowledge ◆ Attributes ◆ Key Terminology 3

  4. What is/are Forensic(s)? ◆ “Computer Forensics is the application of the scientific method to digital media in order to establish factual information for judicial review. This process often involves investigating computer systems to determine whether they are or have been used for illegal or unauthorized activities. Mostly, computer forensics experts investigate data storage devices , either fixed like hard disks or removable like compact disks and solid state devices. S o u t h e a s t C o m p u t e r F o r e n s i c s a n d S e c u r i t y h t t p : / / s e c o m p u t e r f o r e n s i c s . c o m / i n d e x . p h p ? o p t i o n = c o m _ c o n t e n t & t a s k = v i e w & i d = 2 0 & I t e m i d = 4 8 4

  5. What is/are Forensic(s)? (continued) Computer forensics experts: ◆ Identify sources of documentary or other digital evidence ◆ Preserve the evidence ◆ Analyze the evidence 5

  6. What is it REALLY? ◆ “Find Stuff” ◆ Deleted Files ◆ Corporate Theft 6

  7. Key Terminology …sound like a pro Image Malware ◆ ◆ E01 ◆ Steg ◆ .dd ◆ Dongle ◆ Unallocated Space ◆ Header ◆ Unused Space ◆ Backdoor ◆ Carve ◆ Hash ◆ Mount ◆ Logical ◆ Logs ◆ Physical ◆ Partition ◆ Root Kit ◆ 7

  8. Why Do We Need Forensics? ◆ You Don’t… Or…DO you? ◆ ◆ Different Skill Set ◆ Intrusions ◆ Employee Theft ◆ Corporate Malfeasance ◆ Human Resources Matters 8

  9. Who Wants Our Information? ◆ Governments ◆ Contractors ◆ Secrets ◆ Corporations ◆ Contractors ◆ Secrets ◆ Thieves ◆ Information ◆ MONEY 9

  10. Why Would Someone Attack Us? ◆ Angry ◆ Make a Statement ◆ Random ◆ Weak Security ◆ Strong Security ◆ Paid 10

  11. Tools ◆ Sleuthkit/Autopsy ◆ Wetstone Technologies ◆ ProDiscover ◆ Encase ◆ Forensic Toolkit (FTK) ◆ Paraben 11

  12. Pricing on $oftware Linux and Freeware ◆ PRO Free ◆ Open Source ◆ http://www.securityfocus.com/infocus/ Distributed ◆ 1503 ◆ CON http://www.tucofs.com/tucofs/tucofs.a sp?mode=mainmenu No Technical Assistance ◆ http://www.e-fense.com/helix/ More Man-hours ◆ http://fire.dmzs.com/ Deeper Trouble… ◆ http://s-t-d.org/ http://www.opensourceforensics.org/t ools/unix.html 12

  13. Wetstone Technologies ◆ PRO http://www.wetstonetech.com/f/index.htm Price ◆ Easy to Use ◆ Malware/Stego GEM- $995 ◆ FPro- $1095 ◆ CON Livewire $8995 Hashing ◆ Basic ◆ 13

  14. Prodiscover PRO ◆ http://www.techpathways.com/Desktop Price Default.aspx?tabindex=0&tabid=1 ◆ Perl * ◆ CON ◆ PD Win- $995 “Pay per filesystem” ◆ PD Forensic- $2195 Pay for Perl ability ◆ Pay for More PD Invest- $9995 ◆ PD IR- $12995 14

  15. EnCase PRO ◆ http://www.guidancesoftware.com/ Robust ◆ Market Share ◆ Forensic- $3700-7200 Training ◆ Enterprise- ~$200,000 CON ◆ Price ◆ Support ◆ Enscript ◆ Training ◆ 15

  16. AccessData FTK/UTK ◆ PRO http://www.accessdata.com/ Price ◆ Index ◆ FTK- $1095 “Dummy Proofing” ◆ UTK- $1949 ◆ CON False Sense of ◆ Completeness/Security Heavy Upfront ◆ 16

  17. Paraben http://www.paraben-forensics.com ◆ PRO Distributed Modules- $99-895 ◆ Price P2- $1495 ◆ ◆ CON P2 Enterprise $6995 Distributed ◆ Training ◆ 17

  18. Why Do These Tools Cost So Much? ◆ Cover Costs (of course…) ◆ Profit (of course…) ◆ Multi-Tasking ◆ Powerful ◆ “Easy to Use” ◆ Court Tested!!! ◆ Technical Assistance 18

  19. Forensics Salaries ($USD) ◆ Junior $60,000 - $80,000 ◆ ◆ Mid-Level $75,000 - $100,000 ◆ ◆ Senior $90,000 - $150,000 ◆ ◆ “Well Known” Senior $110,000 - $300,000 ◆ ◆ Contractor/Independent/Hourly Over $200,000 ◆ 19

  20. Hiring Considerations ◆ Experience Where? When? ◆ Commercial? Law Enforcement? ◆ ◆ Education University? Learning Center? Discovery Channel? ◆ ◆ Certifications CISSP, EnCE, ACE, GIAC, CCE, CFCE ◆ ◆ Personality ? ◆ Integrity ◆ Honesty ◆ 20

  21. Time is Money… in a perfect world ◆ Hard Drive Size ◆ Expenses $90,000 ◆ Level of Expertise $80,000 ◆ Retainer $70,000 ◆ Imaging Fee $60,000 ◆ Admin Fee Hours $50,000 Junior $40,000 Mid Senior $30,000 $20,000 $10,000 $0 One 5 HD 20 HD HD 21

  22. Outsource or Hire? Part-Time? Full-Time? Part-Time? Full-Time? Contract? Contract? 22

  23. “It wasn’t raining when Noah built the Ark.” -Howard Ruff 23

  24. Final Considerations ◆ How often are “Forensic Services” needed? ◆ Multi-tasked Person? ◆ Trusted Outsourced Company? ◆ Investigation Costs >, =, < Possible loss of data? ◆ Remember…You Get What You Pay For…. 24

  25. Questions? 25

  26. x Expertise. Integrity. Past Performance. Ryan Washington rwashington@crucialsecurity.com Work 571-223-3426 Cell 571-437-3722

Recommend


More recommend