mobile forensics and cybersecurity
TRANSCRIPT
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Mobile Forensics and CybersecurityERIC VANDERBURG
VI CE PR ES I DENT, CYBERSECUR I T Y
TCDI
TREVOR TUCKER
DI GI TAL FOR EN SIC A N A LYST
TCDI
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
About UsTCDI founded in 1988
Microsoft Certified Partner since 2003
Services include:◦Digital forensics
◦ Cybersecurity
◦ eDiscovery
Minority owned enterprise
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Over 40 certifications
Published author
Licensed private investigator
18 years in cybersecurity
Specializations include:
Risk management
Governance and compliance
Security strategy
GIAC Certified Forensic Examiner
AccessData Certified Examiner
Licensed private investigator
Specializations include:
Forensic analysis
Forensic investigation
Incident response
TREVOR TUCKER
D I G I TA L F O R E N S I C A N A LY S T
ERIC VANDERBURG
V I C E P R E S I D E N T, C Y B E R S E C U R I T Y
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Reasons for Phone Collection
Theft of Intellectual
PropertyDivorce
Wrongful Termination
Sexual Harassment
WorkersCompensation
Tracking Location
Traffic Incidents
Child custody
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Who’s Phone is it?
Company Issued
• Legal rights to phone and contents
• Easier to access and analyze
• Prevent data loss or destruction
Personal (BYOD)
• May require subpoena
• May lack direct access to phone
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Analysis considerations
Chain of Custody
Forensic Tools
Knowledge/Experience
Detailed Report
Expert Witness
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Preservation Requirements
Physical Access to Mobile Device
Passcode
Backup password for iPhones
Time
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
What Can Be Collected
Contacts & Call Logs Text Messages / Chats
Voice Mails Emails Geo Tags / Location Information
Passwords Installed Applications
Media (Pictures, Video & Audio)
Internet Activity Social Media
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Reporting
Level of detail
Specific Artifacts
Specific Timeline
Key words
Format◦PDF◦HTML◦Excel
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Information from Providers
Subpoena Required
Location Data from Cell Towers
Additional Call Logs
Billing Records
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Mobile in the Enterprise93% have mobile devices connecting to their corporate networks
67% allow personal devices to connect to corporate networks
66% say careless employees greater security risk than cybercriminals
*Statistics from the checkpoint mobile security survey
93% mobile devices
Careless employees
Cyber criminals
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Mobile risks
Loss or Theft
•Data breach
• Compromised credentials
Data Leakage
•Mobile phone cameras
• Keylogging
• Entry point to the enterprise
Compromised Device
•Malicious app
• Jailbroken device
•Hijacked authenticator
• Camera/mic monitoring
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Controlling Mobile Risk
Mobile Device Management◦Remote wipe◦Updates◦Application whitelisting
Policy◦BYOD◦Mobile device◦Acceptable use
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Controlling Mobile Risk
Data mapping / data inventory
Awareness training
Incident response planning
Security monitoring
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Digital forensics
Computer forensics
Mobile forensics
Cloud forensics
Social Media Email
File Sharing Groupware
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Why Digital Forensics?
Reasons to use Digital Forensics◦ Internal Company Investigations
◦Alleged criminal activity
◦ IP Theft Investigations
◦ Civil or Regulatory Preservation
◦Recovery of Accidentally or Intentionally Deleted Data
◦Deleted is not necessarily deleted
◦Recovery from Improper shutdowns
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Digital Forensics ProcessCase Assessment & Planning
Maintaining Chain of Custody
Record Evidence Information
Imaging & Data Collection
Analysis
Exports and Reporting
Expert Testimony
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
Cybersecurity
Vulnerability Assessment
Vulnerability Scanning
Penetration Testing
Incident Response
Security Management
Event Monitoring
Malware Protection
Security Awareness Training
Governance, Risk, & Compliance (GRC)
Cybersecurity Assessment
CSO on Demand
© 2017 Technology Concepts & Design, Inc. All Rights Reserved.
CybersecurityDemonstrate security values for stakeholders and customers
Validate security controls
Meet compliance objectives
Protect sensitive corporate and customer data
Gain peace of mind