IS3350 Security Issues in Legal Context Unit 10

© ITT Educational Services, Inc. All rights reserved.

IS3350 Security Issues in Legal Context

Unit 10

Risk Analysis, Incident Response, and Computer Forensics

© ITT Educational Services, Inc. All rights reserved.IS3350 Security Issues in Legal Context

Learning Objective

Explain the importance of forensics

Examination in legal proceedings


Key Concepts

Risk analysis Incident response proceduresDisaster recovery plansCybercrime investigations


EXPLORE: CONCEPTS


Key Elements of Risk Analysis

Form a team

•Form a risk assessment team

Define a plan

•Clearly define the risk assessment plan

Identify

key asse

ts

•Identify key and safeguard controls

Identify

threats

•Identify threats and vulnerabilities to assets

Use analysis

•Conduct quantitative or qualitative risk analysis

Document

•Document needed security controls


Contingency Planning

• Incident Response Planning• Disaster Recovery Planning• Business Continuity Planning


Computer Forensics InvestigationProcess for examining data from electronic

devices Discovery of evidence for a particular event

or crimeUse of specialized software and tools Collect and interpret stored digital evidence Collect and interpret evidence in transit

between electronic devices


Areas of Computer Forensic Investigation• Media analysis

• Collect and examine data stored on physical media • Computer systems and mobile storage devices

• Code analysis • Review programming code for anomalies • Discover malware added to cause harm or steal

information

• Network analysis

• Collect and examine electronic data transmission• Identify communication from one electronic device to

another


EXPLORE: PROCESS


Digital Evidence Recovery Procedures

Protect the data on any electronic deviceAvoid deleting, damaging, or altering dataMake exact copies of electronic data

without altering the original deviceDiscover normal, deleted, password-

protected, hidden, and encrypted files


Digital Evidence Recovery Procedures

Create timelines of electronic activity Identify files and data that may be relevant

to a caseFully document all evidence-collection

activitiesProvide expert testimony on the steps

taken to recover digital evidence


EXPLORE: ROLES


Computer Forensics Examiner

Finds and collects evidence on electronic devices

Works on civil and criminal cases.Collects evidence in a scientific manner Understands and uses specialized

technologies, hardware, and software


Traits of a Computer Forensic Examiner

• Sound knowledge of various computing technologies and operating systems

• Competent in scientific method • Ability to conduct repeatable and verifiable

examinations• Understanding of the laws of evidence and

legal procedure


Traits of a Computer Forensic Examiner• Ability to access and use computer forensic

tools • Detailed record-keeping • Adept reporting skills • Capable of documenting procedures for

collecting evidence• Communication skills to explain in simple

terms what was discovered in the examination


Summary

Risk analysis Incident response procedures Disaster recovery plans Cybercrime investigations

IS3350 Security Issues in Legal Context Unit 10

Documents

Transcript of IS3350 Security Issues in Legal Context Unit 10