technical trainings for certs - enisa · 11 new material presented in 2013 title experts 1 digital...
TRANSCRIPT
![Page 1: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/1.jpg)
www.enisa.europa.eu 1
Technical trainings for CERTs
![Page 2: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/2.jpg)
www.enisa.europa.eu 2
ENISA Supporting the CERT community
https://www.enisa.europa.eu/activities/cert
![Page 3: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/3.jpg)
www.enisa.europa.eu 3
ENISA CERT training
2008 2012 2013
+ regular trainings in 2013
![Page 4: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/4.jpg)
www.enisa.europa.eu 4
Content regularly updated and renewed with the help of community
• The creation process of material involves community
• The target audiences feedback will lead to better material
![Page 5: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/5.jpg)
www.enisa.europa.eu 5
Material available on website
https://www.enisa.europa.eu/activities/cert/support/exercise
![Page 6: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/6.jpg)
www.enisa.europa.eu 6
2011 2012 2013
+ Visualising the feeds
![Page 7: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/7.jpg)
www.enisa.europa.eu 7
Variety of trainings
• For a different levels of experience and expertise
– Legal
– Operational
– Technical
– Cooperation
![Page 8: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/8.jpg)
www.enisa.europa.eu 8
CII Admin area of responsibility
![Page 9: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/9.jpg)
www.enisa.europa.eu 9
![Page 10: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/10.jpg)
www.enisa.europa.eu 10
A: a SIP OPTIONS scanner
in PHP
C: a PHP shell
B: a malicious PDF
D: a PHP photo album
50:50
What is the file from the Remote file inclusion?
(See in /opt/glaspot/trunk/files/)
![Page 11: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/11.jpg)
www.enisa.europa.eu 11
New material presented in 2013
Title Experts
1 Digital forensics 12
2 Identifying and handling of electronic evidence 13
3 Identifying and handling cyber-crime traces 12
4 Incident handling and cooperation during phishing campaign
9
5 Presenting, correlating and filtering various feeds 6
6 Cooperation in the Area of Cybercrime 7
![Page 12: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/12.jpg)
www.enisa.europa.eu 12
ENISA 8th annual workshop 'CERTs in Europe' - Part I
![Page 13: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/13.jpg)
www.enisa.europa.eu 13
ENISA 8th annual workshop 'CERTs in Europe' - Part I
• 3 scenarios from ENISA CERT training/exercise material presented by ENISA trainers
– Honeypots
– Incident handling during an attack on Critical Information
Infrastructure
– Mobile threats incident handling
• Participants rated ENISA training
with 4,4 out of 5 points
![Page 14: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/14.jpg)
www.enisa.europa.eu 14
ENISA 8th annual workshop 'CERTs in Europe' - Part II
• 2 scenarios from ENISA CERT training/exercise material presented by ENISA trainers
– Presenting, correlating and filtering various feeds
– Identifying and handling of electronic evidence
![Page 15: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/15.jpg)
www.enisa.europa.eu 15
Recommendations
• Online training material, and handing out material for self-study is good, but…
• Talking with each other actually is useful
• People, who have created or worked together, tend to cooperate in the future
• Every training is a performance and every trainer is an actor
![Page 16: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/16.jpg)
www.enisa.europa.eu 16
Methodology of ENISA training
• Trainers can come on-site
• Each training is tailored to fulfil the needs of this specific event and audience
![Page 17: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/17.jpg)
www.enisa.europa.eu 17
Thank you for your attention!
![Page 18: Technical trainings for CERTs - ENISA · 11 New material presented in 2013 Title Experts 1 Digital forensics 12 2 Identifying and handling of electronic evidence 13 3 Identifying](https://reader034.vdocuments.site/reader034/viewer/2022042315/5f03c3477e708231d40aa5cb/html5/thumbnails/18.jpg)
www.enisa.europa.eu 18
European Union Agency for Network and Information Security Science and Technology Park of Crete P.O. Box 1309 71001 Heraklion Crete Greece http://www.enisa.europa.eu
Contact details