Level: Advanced
Computer crime has been on the rise for decades. There are many situations where an incident occurs that doesn’t break the law but is still cause for concern, such as corporate policy violations, information mishandling, or internal system compromise. Many companies are forming their own internal investigative units to address these situations. In this session, Mike Danseglio, CISSP, former security authority at Microsoft and world-renowned security expert, examines what kinds of investigations can be handled internally, when and how to engage law enforcement, how to best prepare for incidents, and the best practices to use. He will focus on building your computer investigation toolkit and demonstrating how to use it most effectively. These tools enable your investigation on a multitude of platforms including Windows XP, 7, 8, and Windows Server 2003, 2008, and 8. Mike's real-world forensic techniques apply to IT organizations of any size and any budget.
You will learn:
- Deciding when to involve law enforcement based on business and legal criteria
- How to obtain the most effective data without tampering
- Which tools should be used to examine a computer based on the suspected behavior, operating system, and desired investigation type