Instructor: Gregory Bell
Over the last decade, the number of crimes that involve computers has grown, spurring an increase in companies and products that aim to assist law enforcement in using computer-based evidence to determine the who, what, where, when, and how for crimes. As a result, computer and network forensics has evolved to assure proper presentation of computer crime evidentiary data into court.
Digital forensic techniques can be used for many purposes, such as investigating crimes and internal policy violations, reconstructing computer security incidents, troubleshooting operational problems, and recovering from accidental system damage. Practically every organization needs to have the capability to perform digital forensics. However, organizations current incident response policies and procedures do not contain clear statements addressing all major forensic considerations, such as contacting law enforcement, performing monitoring, and conducting regular reviews of forensic policies and procedures.
An accepted definition of “Incident Response” is:
Incident response is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.
An acceptable definition of “Computer Forensics” is:
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.
This class will show attendees the basic phases of the forensic process and incident response considerations, how to better integrate Computer (Digital) Forensics into their current Incident Response plan and Information System life cycle, and the tools and skill sets used to support computer forensics. For instance, when employees are terminated does Human Resource notify Information Security to preserve the terminated employee’s hard drive in the event litigation occurs at a later date?
About The Instructor
Currently, I am the ISO for the Department of Behavioral Health and Development Services. In addition, I teach Information Security courses at several colleges as an Adjunct (VCU, University of California, South University, University of Phoenix, Stratford University). As a Computer Forensic expert, I have handled several high profile cases in the Central Virginia area and provided testimony as an Expert Witness in those cases.
Title: Integrating Computer Forensics with Incident Response
Instructor: Gregory Bell
Date: 6/3/2015, 9AM-5PM
Class Size: 25 seats are available total
Prerequisites: Working knowledge of incident response and some knowledge of computer forensics are helpful.
Class Requirements: None.