1 / 16

Collection & Processing of Electronic Information

Collection & Processing of Electronic Information. 25 th , January; 2011. EDRM. Know Your Landscape. Questions: Who are the “Players”? Secretaries/Executive Assistants? Network type Devices/Media Corporate Issue vs. Personal?. Collection. Traditional. Password Recovery.

noel
Télécharger la présentation

Collection & Processing of Electronic Information

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Collection & Processing of Electronic Information 25th, January; 2011

  2. EDRM

  3. Know Your Landscape • Questions: • Who are the “Players”? • Secretaries/Executive Assistants? • Network type • Devices/Media • Corporate Issue vs. Personal?

  4. Collection Traditional Password Recovery Bit-stream Imaging HASH Original HD Forensic Copy Signature Analysis Extraction History Email Internet History Passwords

  5. Network • Examples: • File Servers • Server Farms • Issues: • Dynamic • Geographical Locations • Size • Use

  6. Archival Media • Examples: • Tapes • Hard Drives • Issues: • Reliability • Archival Schemes • Costs

  7. Mobile Devices • Examples: • Cellular Phones • Tablets • GPS • Issues: • Ownership • Channels

  8. Cloud Computing • Examples: • Google Mail • Google Docs • MS Office Web Apps • Issues: • Ownership • Geographical • Collection

  9. Social Media • Examples: • Facebook • Twitter • LinkedIn • Issues: • Ownership • Geographical • Collection

  10. Forensic Imaging • Forensic Imaging: • the entire drive contents are imaged to a file and checksum values are calculated to verify the integrity (in court cases) of the image file (often referred to as a “hash value”). • Forensic images are acquired with the use of software tools. (Some hardware cloning tools have added forensic functionality.) – EnCase, FTK, DD, etc. • HASH – MD5 or SHA

  11. Forensic Imaging Data are stored in “bucket” like storage Empty Data Data Empty Data Data Empty Data UA Space Data

  12. Forensic Imaging

  13. Forensic Imaging

  14. Collection • Covert vs. Office Hour • Forensic Imaging vs. Logical File Imaging vs. Manual Collection • Chain of Custody

  15. Collection

  16. Q&A Kevin Lo Email: klo@ffpl.ca Twitter: kevin_lo Phone: +1 (416) 926-4215

More Related