Level: Intermediate
Computer crime has been on the rise for decades. There are many situations where an incident occurs that doesn't break the law but is still cause for concern, such as corporate policy violations, information mishandling, or internal system compromise. Many companies are forming their own internal investigative units to address these situations. But training on forensic investigation is expensive and centered on law enforcement's use of vendor-specific tools. That means IT staff doesn't receive any training or a tool budget, yet are expected to conduct an effective investigation.
In this session, Mike Danseglio, CISSP, former security authority at Microsoft and world-renowned security expert, examines what kinds of investigations can be handled internally, when and how to engage law enforcement, how to best prepare for incidents, and the best practices to use. He will focus on building your computer investigation toolkit and demonstrating how to use it most effectively. These tools enable your investigation on a multitude of platforms including Windows XP, 7, 8, and Windows Server 2003, 2008, and 2012.
Mike will also show the forensic operation of network-based investigation tools and how they reveal additional information about user activities. These tools work regardless of device ownership, enabling internal forensic investigation in BYOD-oriented IT models.
At the end of this session, attendees will be able to decide when to involve law enforcement based on business and legal criteria, collect the most effective data without tampering with the computer or the evidence, identify and use appropriate forensic tools for a given investigation scenario, conduct a thorough investigation using industry best practices, and create and deliver a forensic investigation report to Human Resources, senior management, and other relevant audiences.