Lesson 1_Introduction to Cyber Forensics_1.30.20231

Introduction to Cyber Forensics

• Overview of cyber forensics as a field of study.

• Importance and applications in crime investigations.

Learning Objectives

• Define cyber forensics.

• Understand three fundamental principles.

• Review federal guidelines for forensic investigators.

• Differentiate between corporate and criminal investigations.

• Discuss the need for certification in the field.

What Is Cyber Forensics?

• A relatively new field, evolving in the last 25 years.

• Branch of forensics applying scientific principles to cybercrimes.

• Definition: Forensics - "the use of science and technology to investigate and establish facts in criminal or civil courts of law."

Cyber Forensics Definition (CERT)

• Cyber forensics is crucial for those managing information systems.

• Focuses on collecting, analyzing, and presenting evidence legally.

• The term "forensics" implies the preparation for court involvement.

Objectives of Cyber Forensics

• Primary Objectives:

  • Determine what happened during a cyber incident (affected data, type of attack).

  • Collect evidence in a manner acceptable to the court.

Fundamental Principles of Cyber Forensics

• Securing the Crime Scene:

  • Stop access to the suspect system to prevent evidence loss.

  • Document connections and processes before shutting down the system.

  • Use Faraday bags for mobile devices to prevent data transmission.

• Limiting Interaction with Evidence:

  • Minimize direct contact to avoid contamination.

  • Create a bit stream image of hard drives for analysis instead of the original drive.

  • Use write blockers to prevent data alteration.

• Maintaining Chain of Custody:

  • Essential to document every aspect of the evidence process.

  • Record all details from seizure to storage and testing of evidence.

Becoming a Cyber Workforce

• Role of Cybercrime Investigators:

  • Specialists in cybercrime investigations, sought after by various sectors.

  • Responsibilities include gathering information to combat internet crimes.

• Skills and Experience Required:

  • Combination of investigative techniques and cybersecurity skills needed.

  • Ability to navigate multi-jurisdictional challenges due to the non-local nature of cybercrime.

  • Understanding of where the crime occurred and its implications.

• Duties of Cybercrime Investigators:

  • Work for law enforcement or consulting firms.

  • Provide penetration testing and examine network defenses.

  • Record and catalog evidence for legal proceedings.

• Job Description:

  • Focus on internet-based crimes, including data recovery and victim assistance.

  • Collaborate with corporations to enhance security measures.

• Job Responsibilities Include:

  • Analyzing systems post-crime, gathering evidence, and reconstructing cyberattacks.

  • Preparing expert reports and testifying in court.

• Outlook for Cybercrime Investigators:

  • Increasing demand worldwide due to growing cybercrime incidents.

  • Profession offers excellent opportunities for growth.

• Salary Expectations:

  • Average salaries range from $63,380 to $98,350, with promising growth potential.

Digital Forensics Experts

• Role and Responsibilities:

  • Investigate stolen information from digital devices to determine the nature of the cybercrime.

  • Minimize damage from crimes by recovering and repairing data.

• Skills and Experience Required:

  • Extensive knowledge of operating systems, investigative techniques, and cyber forensics methodologies.

  • Familiarity with tools for data recovery, malware analysis, and encryption handling.

• Common Certifications:

  • CFCE, CHFI, ISFCE, CSCF, GCFA, GCF Certifications.

  • Specialized software familiarity (EnCase, AccessData, etc.).

• Job Tasks Include:

  • Utilizing forensic software to collect and analyze electronic data from various devices.

  • Recovering deleted or damaged files and managing evidence documentation.

• Outlook for Digital Forensics Experts:

  • High demand across various organizations, including law enforcement agencies.

  • Opportunities exist in the government sector for specialized teams.

Federal Cyber Workforce

• FBI Cyber Guidelines:

  • Preserve evidence and collect incident data promptly.

  • Importance of securing all data sources related to cyber incidents.

• U.S. Secret Service Role:

  • Focus on protecting financial crime infrastructure through Cyber Fraud Task Forces.

  • International cooperation needed for complex cyber incidents.

• DHS ICE’s Cybercrimes Center:

  • Provide support to law enforcement with training and technical services.

  • Investigate cross-border cyber crimes, with a focus on child exploitation.

Corporate vs. Criminal Investigations

• Distinction Between Types:

  • Criminal investigations involve violations of law (state, federal, or international).

  • Corporate investigations typically pertain to breaches of company policy.

  • Corporate issues may escalate to criminal cases (e.g., data breaches, espionage).