 |
Class Topics
Computer Crimes
- Types of computer crimes
- Why you should be concerned about computer crime
- Reasons for forensics
- Civil, criminal and internal investigations
Retrieving data for other purposes
- i.e. data deleted from a virus
- data accidentally deleted
Setting up a forensics group
- Staffing
- Policies
- Training
- Organizations
- Best Practices
- Sample policies and reports
High-Tech Investigations
- Incident response
- Planning before the incident occurs
- What you will need
- Who should be on your response team
- Do you go after everything or the low hanging fruit
- Example of a computer incident flow chart for incident response
- Proper handling of evidence
- How to process a scene that involves digital evidence
- Proper Seizure
- Processing
- Chain of custody
- What it is and why it is crucial to a successful case (not just for when law enforcement is involved)
- Image backups
- How they differ from “normal” backups
- Products available
- How to properly seize a computer
- Shutdown vs. pulling the plug
- Why it is important for a controlled boot when required
Tips and tricks
- Documentation
- What is required
- Examples of computer incident reports
- Examples of computer forensics reports
Tracking an offender
- If you can’t locate the computer you can’t do forensics
Computer Forensics
- What is it and how can it help your company
- Types of computer forensics
- Field forensics
- Lab Forensics
- The basics of forensics
- Acquire, Authenticate, Analyze
- How to acquire evidence in a legally sufficient manner
- Methods to authenticate the evidence
- Analysis basics
- Your Electronic Toolbox
- Hardware and software recommendations
- Tips and tricks
- Windows Forensics
- UNIX/Linux forensics
- Types of cases
- Analyzing a compromised system
- Investigating hostile workplace allegations
Working with Law Enforcement
- Introduction to the criminal justice system
- Are all crimes prosecuted, if so, why or why not?
- Contacting law enforcement for assistance
- When, how and why
- Pertinent laws and rules of evidence
- Business records exception and common myths about their admissibility
- Statement of damages
- Actual and projected loss
- Loss of business
- Loss of productivity
- Recovery expenses
- Legal Issues
- Questions you may be asked
- Examples of our training police officers receive
When and how to ask Law Enforcement to assist in your investigation
- Laws dealing with computer crimes
- Why Law Enforcement may not be able to help
- When a “crime” is not a crime according to the law
- How Law Enforcement can help
Where to go from here
- Organizations
- Training
- Suggested reading
|
