Explore the fundamentals of digital forensics in this comprehensive lecture from SecureWV/Hack3rcon 2016. Delve into the definition and importance of digital forensics, covering its applications in e-discovery, administrative investigations, and military contexts. Learn about the unique characteristics of digital evidence and the essential principles for handling it effectively. Master the forensic commandments, including evidence protection, integrity preservation, and proper documentation. Discover best practices for evidence collection, such as using write blockers, forensically clean target drives, and secure storage methods. Address critical debates in the field, like live system versus dead system analysis, and understand the challenges posed by mobile devices and solid-state drives. Gain insights into the importance of training, certification, and tool validation in digital forensics. Equip yourself with valuable resources and references to further your understanding of this crucial field in cybersecurity.
Overview
Syllabus
Intro
TALKIN' ABOUT REAL FORENSICS...
DEFINE & WHY CHARACTERISTICS PRINCIPLES PROCEDURES RESOURCES
DEFINE & WHY (what is digital forensics)...
WHAT IS FORENSICS ?
E-DISCOVERY (CIVIL LITIGATION)
ADMINISTRATIVE INVESTIGATIONS
MILITARY
ACCURATE RECONSTRUCTION OF EVENTS
ANSWER KEY QUESTIONS
CHARACTERISTICS (of digital evidence)...
MULTIPLE LOCATIONS
PRINCIPLES (of digital evidence)...
Know the Forensic Commandments (...and when to SIN)
PROTECT the evidence
INTEGRITY (NO CHANGES)
PREVIEW (Forensically sound "sneak peek")
DOCUMENTATION IS CRITICAL
Forensically CLEAN Target Drive
Use WRITE BLOCKER
Live System v. Dead System (debate)
MARK the evidence
PACKAGE the evidence
SENSE OF URGENCY to preserve
SHIELD mobile devices
SOLID STATE DRIVES are the Devil
SECURE evidence storage
Training and certifications
Tool VALIDATION
Use FORENSIC Tools
DON'T poke it with a stick
GREAT QUESTION!
Resources and References
