JEFF HOWELL
  • Home
  • About
  • Cyber Security Fundementals
    • Threats and Vulnerabilities
    • Reference Monitor
    • Links to Additional Resources
  • Cryptography
    • Block Ciphers
    • Hash Functions
    • Message Authentication Codes (MAC's)
    • Kerberos Key Management (Single sign-on)
    • Public Key Infrastructure (PKI)
    • Links to Additional Resources
  • Secure Architecture
    • Architecture Strategy
    • Contextual Security Architecture
    • Conceptual Security Architecture
    • Logical Security Architecture
    • Physical Security Architecture
    • Component Security Architecture
    • Operations
    • Supporting Materials
  • Reference Link Library
    • Industry Websites
    • Government Resources
    • Cyber Security News
    • Certification and Training
    • Books
    • Cyber Security Tools
  • Risk Management
    • Supporting Materials
  • Operational Policy
    • Laws and Regualations
    • Data Classification
    • Policy Implementation and Enforcement
    • Supporting Materials
  • Management and Cyber Security
    • Contingency Planning
    • ROI of Cyber Security
    • Staffing Models
    • Links to Additional Resources
  • Secure Software Design and Development
    • Heartbleed Details
    • Mobile Device Vulnerabilities
    • Links to Additional Resources
  • Network Visualization and Vulnerability Detection
    • Visualizing the Network
    • Protecting the Perimeter
    • Vulnerability Detection
    • Sniffing Wireless Networks
    • Links to Additional Resources
  • Cyber Threat Intelligence
    • Links to Additional Resources
  • Incident Response and Computer Network Forensics
    • Links to Additional Resources
Appendix A – Forensic Readiness Checklist (Carolina Crime Report, 2013)

Key Activities

Activities Specific to this Case

Date Performed

Define the scenarios that require digital evidence.

Objectives of the case defined by the ADA:

·   Forensically evaluate the evidence to try to determine the events that led to Victim’s suicide

·   Identify the perpetrators responsible

May 23, 2017

 Identify available sources and different types of potential evidence.

Sources identified include: Victim’s computer, Facebook account and Match.com account. Types of potential evidence include hardware, software (email, jpeg’s, chat logs, etc.)

June 1st, 2017

Determine the evidence collection requirement.

Victim’s laptop will be submitted to the investigator in an anti-static bag.

June 2nd 2017

Establish a capability for securely gathering legally admissible evidence to meet the requirement.

The investigator will evaluate and document the condition and state of Victim’s computer.

June 2nd 2017

Establish a policy for secure storage and handling of potential evidence.

Investigator has an established policy for storing and handling evidence that is certified under ISO 27001 Chapter 6; current to 2017 standards. For the purposes of this case, all evidence collected, handled and stored was compliant to this policy.

January 15, 2017 for ISO 27001 certification (renewed)

June 2nd 2017 for Victim’s laptop

 

Ensure monitoring is targeted to detect and deter major incidents.

CCTV cameras (both hidden and obvious) monitor the evidence locker

The temperature of the laboratory and evidence storage locker is set to a range of 55 to 90 deg Fahrenheit.  The HVAC system will automatically engage if the ambient temperature falls outside this predefined range (Poland, n.d.).

Ongoing maintenance performed every six months

Specify circumstances when escalation to a full formal investigation (which may use the digital evidence) should be launched.

Example circumstances the investigator will escalate to proper authorities during the investigation:

·   Evidence of child pornography or abuse

·   Hate crimes against race, religion, gender, sexual orientation

·   Evidence involving timing of potential terrorist acts

Ongoing as means to the investigators policies

Train staff in incident awareness, so that all those involved understand their role in the digital evidence process and the legal sensitivities of evidence.

Investigator and any staff employed by investigator are required to maintain current certification status of at least 2 of the following annually which equates to 12-18 credit hours per year (CISSP, CEH, CCFP, EnCe, CCE, CFCE, CSFA)

 

Monitored annually

Document an evidence-based case describing the incident and its impact.

Currently on-going for this specific case

 

Ensure legal review to facilitate action in response to the incident.

Currently on-going for this specific case

 

 

Jeff Howell  -  San Carlos, CA  -  Privacy Statement - email Jeff
  • Home
  • About
  • Cyber Security Fundementals
    • Threats and Vulnerabilities
    • Reference Monitor
    • Links to Additional Resources
  • Cryptography
    • Block Ciphers
    • Hash Functions
    • Message Authentication Codes (MAC's)
    • Kerberos Key Management (Single sign-on)
    • Public Key Infrastructure (PKI)
    • Links to Additional Resources
  • Secure Architecture
    • Architecture Strategy
    • Contextual Security Architecture
    • Conceptual Security Architecture
    • Logical Security Architecture
    • Physical Security Architecture
    • Component Security Architecture
    • Operations
    • Supporting Materials
  • Reference Link Library
    • Industry Websites
    • Government Resources
    • Cyber Security News
    • Certification and Training
    • Books
    • Cyber Security Tools
  • Risk Management
    • Supporting Materials
  • Operational Policy
    • Laws and Regualations
    • Data Classification
    • Policy Implementation and Enforcement
    • Supporting Materials
  • Management and Cyber Security
    • Contingency Planning
    • ROI of Cyber Security
    • Staffing Models
    • Links to Additional Resources
  • Secure Software Design and Development
    • Heartbleed Details
    • Mobile Device Vulnerabilities
    • Links to Additional Resources
  • Network Visualization and Vulnerability Detection
    • Visualizing the Network
    • Protecting the Perimeter
    • Vulnerability Detection
    • Sniffing Wireless Networks
    • Links to Additional Resources
  • Cyber Threat Intelligence
    • Links to Additional Resources
  • Incident Response and Computer Network Forensics
    • Links to Additional Resources