Leveraging Digital Forensic

Skills to Deliver Cyber

Technology Solutions

Patricia Watson MBA | EnCE | GCFA

11.06.12

Bio

• Digital Forensic Program Manager, Boise Inc

• Report to the Director of Internal Audit

• DF, eDiscovery, Cyber Security Risk Assessments and IT Audits

• Legal Forensic Specialist, Washington Group

• Digital Forensic Student Intern at the Center for Cyber Defenders (CCD), Sandia National Labs in Albuquerque NM

• 3 Forensic Certifications: NTI, GCFA, EnCE

• Masters in Information Assurance, MBA and BA MIS from UNM

• Part of the group that help start the curriculum for the Information Assurance Program

• UNM was one of the first universities to have a Digital Forensics lab

Overview

Digital Forensic Skills

Forensic Examiners

Incident Response

Malware Analysis

Cyber security risks assessments

Litigation Support

IT Governance, compliance and audits

A Few Sources

Questions?

Quote

“There’s zero

correlation between

being the best talker

and having the best

ideas” (Susan Cain)

Forensic Skills Set

A broad range of technical, investigative,

procedural, and legal skills

Disk geometry, file system anatomy, reverse

engineering, evidence integrity, COC and

criminal profiling

The ability to function in a complex,

dynamic environment

Computer technology as well as legal and

regulatory environments are constantly changing

The ability to objectively testify in a

court of law

Reproduce incident, interpret results, be

prepared for cross-examination

Forensic Examiners

Introverts

Good listeners (think first, talk later)

Very private (foster confidentiality)

Focus-driven (enjoy performing deep dive

analysis)

Embrace solitude (enjoy looking for the needle

in a hay stack)

Irony…“forens” Latin word for “belonging to

the public”

Incident Response

Image acquisition

RAID rebuild

Data recovery and restoration

Partition/volume recovery

Analyzing log entries

Malware Analysis

Forensic image is a great sandbox for malware

analysis

Hash analysis, Memory dump, Timeline analysis

Cyber Security Risk Assessments

Open ports

Active services

Hidden processes

Open handles

Network shares

User lists

OS fingerprinting

Litigation Support

Preservation of ESI

Proximity keyword searching

Complex keyword crafting

Interpretation of FRCP

De-duping

Load files

Export native ESI

IT Governance/Compliance/Audits

PCI compliance

HIPPA compliance

Antitrust compliance

Intellectual property

Identifying policy violations

In summary…

Objectivity is of essence

Never underestimate the importance of

skillset diversification

Continuously seek to enhance your

communication skills

Seek opportunities to collaborate

“Excellence is not about technical

competence but character” (Ernest

Laurence)

A few Sources

• Techy Stuff: • NIST Guide to Integrating Forensic Techniques into Incident Response:

http://csrc.nist.gov/publications/nistpubs/800-86/SP800-86.pdf

• US-CERT CSET: http://www.us-cert.gov/control_systems/satool.html

• Soft Skills: • Working with Emotional Intelligence by Daniel Goleman

• Great Communication Secrets of Great Leaders by John Baldoni

• Leading Your Boss: The Subtle Art of Managing Up by John Baldoni

• TED, Ideas worth Spreading: http://www.ted.com/talks

• Professional Organizations: • HTCIA , ACFE, ISACA, ISSA…

Questions?

PatriciaWatson@BoiseInc.com