Enterprise forensics and e discovery
This presentation is the property of its rightful owner.
Sponsored Links
1 / 38

Enterprise Forensics and e-Discovery PowerPoint PPT Presentation


  • 95 Views
  • Uploaded on
  • Presentation posted in: General

Enterprise Forensics and e-Discovery. B. Ramani Addl. Director. Presentation Overview. About C-DAC Current Threat Landscape Enterprise Forensics and E-Discovery C-DAC’s Enterprise Forensics System Q & A. National Coverage. C-DAC, Pune. C-DAC, Bangalore. C-DAC, Delhi.

Download Presentation

Enterprise Forensics and e-Discovery

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Enterprise forensics and e discovery

Enterprise Forensics and e-Discovery

B. Ramani

Addl. Director

Resource Centre for Cyber Forensics


Presentation overview

Presentation Overview

  • About C-DAC

  • Current Threat Landscape

  • Enterprise Forensics and E-Discovery

  • C-DAC’s Enterprise Forensics System

  • Q & A

Resource Centre for Cyber Forensics


Enterprise forensics and e discovery

National Coverage

C-DAC, Pune

C-DAC, Bangalore

C-DAC, Delhi

C-DAC, Hyderabad

C-DAC, Mumbai

C-DAC, Chennai

C-DAC, Kolkata

C-DAC, Mohali

C-DAC, Noida

C-DAC, Trivandrum


Enterprise forensics and e discovery

C-DAC Trivandrum

An ISO 9001-2000 certified premier R&D Institution involved in the design, development and deployment

of world class Electronic and IT solutions for economic and human advancement, under Department of Information Technology, Government of India

Established in 1974 as Keltron R&D Center;

Taken by GoI in 1988;

Formerly Known as ERDCI

Work force of 800+


Enterprise forensics and e discovery

AREAS OF RESEARCH

  • Control & Instrumentation

  • Power Electronics

  • Broadcast & Communications

  • Strategic Electronics

  • ASIC Design

  • Cyber Forensics


Resource centre for cyber forensics

Resource Centre for Cyber Forensics

The Resource Centre for Cyber Forensics (RCCF) is the premier centre for cyber forensics in India. It was setup in C-DAC, Thiruvananthapuram by the Ministry of Communications and Information Technology and has been functioning for the past three years.

The primary objectives of RCCF are

  • Develop Cyber Forensics tools based on requirements from Law Enforcement Agencies (LEA)

  • Carry out advanced research in cyber forensics

  • Provide technical support to LEA

Resource Centre for Cyber Forensics


Current threat landscape

Current Threat Landscape

Resource Centre for Cyber Forensics


E commerce today

E-Commerce Today

  • Practically every organization and every network connected user are engaged in some form of e-commerce

  • Some of the categories are

    • Consumer e-commerce (Web stores and auctions), digital products (software downloads), content, back-end systems (payment, catalogues), B2B commerce, trading networks, and advertising

    • Communications systems (email), social networking sites are also getting into e-commerce

Resource Centre for Cyber Forensics


E commerce growth

E-Commerce Growth

Source : Forrester Research Survey

Resource Centre for Cyber Forensics


Current cyber crime threats

Current Cyber Crime Threats

Malware

Botnets

Cyber warfare

Threats to VoIP and mobile devices

The evolving cyber crime economy

Prime Motivation for Cyber Crime - Data !

Source : Georgia Tech Information Security Center

25-Sep-14

Resource Centre for Cyber Forensics

10


Major security concerns

Major Security Concerns

Threats and criminals are becoming faster, smarter and more covert

Criminals are exploiting vulnerabilities along the entire Web ecosystem to gain controlof computers and networks

“Invisible threats” (such as hard-to-detectinfectionsof legitimate websites) are making common sense and many traditional security solutions ineffective.

Source : Cisco Annual Security Report 2008

25-Sep-14

Resource Centre for Cyber Forensics

11


Malware for financial fraud

Malware for financial fraud

Infostealer malware

– Banking Trojans

– Keyloggers (Form grabbing)

– Remote Login websites

Botnets

– Spam

– Hosting Phishing websites, Malware

– Operation of infected system

Automated attack toolkits

– Propagation of malware

– Stealing information

Automated Phishing/Fraud Toolkits

Resource Centre for Cyber Forensics


What is typically stolen

What is Typically Stolen

• User IDs

• Passwords

• Credit card numbers

• Bank Account details

• Personal Information Numbers

• Social Security Numbers

• Email ids

Resource Centre for Cyber Forensics


Security issues in banking

Security Issues in Banking

  • ReadiMinds a, specialist, transactional security & fraud prevention software company, recently conducted a survey on 'State of Online Security in Financial Institutions in India - 2008'. Respondents represented cross-section of India's top 40 banks. The study primarily focused on the issues pertaining to online identity theft and online financial frauds. Key findings of this survey:

    • 30% of banks reported to have been victims of identity theft during the last one year.

    • 30% of banks reported to have been victims of phishing during the last one year. (The figure for Asian Banks is 25%)

25-Sep-14

Resource Centre for Cyber Forensics

14


Need of the hour

Need of the Hour

Enterprises must have a procedural and technical infrastructure in place to respond immediately to computer-related security breaches and investigate malicious activity and employee misconduct

An Enterprise Investigation solution with incident response capability is required for a complete security solution.

This solution has to bring computer forensic technology to the enterprise along with incident response and investigation capability – an Enterprise Forensics and E-Discovery solution

25-Sep-14

Resource Centre for Cyber Forensics

15


Enterprise forensics

Enterprise Forensics

Resource Centre for Cyber Forensics


Enterprise forensics advantages

Enterprise Forensics - Advantages

  • Enterprise Forensics provides very effective monitoring of networked computers. The actions allowed on remote machines can be configured and monitored from a server. Any nefarious activity on the monitored machines is immediately tracked and necessary actions to counter such activities can be automatically initiated.

  • Securely investigate/analyze many machines simultaneously over the LAN/WAN at the disk and memory level.

  • Acquire data in a forensically sound manner.

  • Limit incident impact and eliminate system downtime with immediate response capabilities.

  • Investigate and analyze multiple platforms using a single tool.

  • Efficiently collect only potentially relevant data upon requests.

25-Sep-14

Resource Centre for Cyber Forensics

17


Enterprise forensics advantages1

Enterprise Forensics - Advantages

  • Proactively audit large groups of machines for sensitive or classified information, as well as unauthorized processes and network connections.

  • Identify fraud, security events and employee integrity issues wherever they are taking place and investigate/remediate with immediacy without alerting targets.

  • Identify and remediate events, injected DLLs, Rootkits and hidden/rogue processes.

25-Sep-14

Resource Centre for Cyber Forensics

18


E discovery

E-Discovery

Required to enforce legal holds and automatically search, identify, collect, preserve and process electronically stored information across the network

E-discovey allows to search and collect relevant Electronically Stored Information (ESI) across the network without disruption

and preserves ESI. It also helps in avoiding over-collection of information

25-Sep-14

Resource Centre for Cyber Forensics

19


E discovery advantages

E-Discovery Advantages

Highly scalable

Operates from a central location, with no disruption to end- users

Highly flexible, automated search & collection based on:

— File type (e.g., .doc, .xls, .ppt)

— Key words (target specific content)

— Metadata (created, last-written/last-accessed times etc.)

— Patterns (e.g., social security or credit card numbers)

— Hash values (i.e., “digital fingerprints”)

— Custodians (by user name or SID)

— Foreign Language Support (Unicode & code pages)

25-Sep-14

Resource Centre for Cyber Forensics

20


C dac s enterprise forensics solution

C-DAC’s Enterprise Forensics Solution

Resource Centre for Cyber Forensics


Enterprise forensic system

Enterprise Forensic System

  • Policy Auditing

  • Security Monitoring

  • Forensics Analysis

25-Sep-14

Resource Centre for Cyber Forensics

22


Enterprise forensic system1

Enterprise Forensic System

ESFA – Enterprise Security Forensics Application

ESMA – Enterprise Security Monitoring Application

ESPA - Enterprise Security Policy Auditing Application

25-Sep-14

Resource Centre for Cyber Forensics

23


Enterprise forensic system2

Enterprise Forensic System

Cyber Forensics

Analysts

Users with Agents

Authentication Server

ESMA

ESPA

ESFA

Domain Admin

ChiefInformationSecurityOfficer

Digital Evidence Store

25-Sep-14

Resource Centre for Cyber Forensics

24


Enterprise forensic system3

Enterprise Forensic System

TEAMS – Transparent Enterprise Activity Monitoring Solution

25-Sep-14

Resource Centre for Cyber Forensics

25


Enterprise forensic system4

Enterprise Forensic System

TEAMS – Transparent Enterprise Activity Monitoring Solution

25-Sep-14

Resource Centre for Cyber Forensics

26


Enterprise forensic system esfa

Enterprise Forensic System (ESFA)

  • Forensic Analysis of Enterprise machines

    • - Windows, Linux , Unix , Sun Solaris , MAC

    • ORACLE/MS SQL

  • Remote Preview of computers

  • Remote Acquisition of evidence

  • Remote Desktop Monitoring

  • Snapshot of remote machines

25-Sep-14

Resource Centre for Cyber Forensics

27


Enterprise forensic system esfa1

Enterprise Forensic System (ESFA)

  • Secure Data Transfer while Acquisition

  • Secure storage for digital evidence with encryption

  • Report generation with time stamping.

  • Hashing using MD5/SHA

  • Support for multiple image file formats

25-Sep-14

Resource Centre for Cyber Forensics

28


Enterprise forensic system esfa2

Enterprise Forensic System (ESFA)

  • Preview of Unallocated spaces and deleted files.

  • Multiple Analysis of a single image file

  • Computer Incident Response

    • Acquisition of live memory.

    • Analysis of Processes.

    • Analysis of Logs

25-Sep-14

Resource Centre for Cyber Forensics

29


Enterprise forensic system esfa3

Enterprise Forensic System (ESFA)

  • Preview of Unallocated spaces and deleted files.

  • Multiple Analysis of a single image file

  • Computer Incident Response

    • Acquisition of live memory.

    • Analysis of Processes.

    • Analysis of Logs

25-Sep-14

Resource Centre for Cyber Forensics

30


Enterprise forensic system esma

Enterprise Forensic System (ESMA)

Servers

Packet Capture Controller

Packet Capture System

Backbone switch

Network TAP

Packet Capture Systems

Firewall

Distribution switch

Port mirrored switch

Packet Storage

25-Sep-14

Resource Centre for Cyber Forensics

31


Enterprise forensic system esma1

Enterprise Forensic System (ESMA)

  • Traffic pattern analysis

  • Traffic filtering

  • Detection of mangled packets

  • Ability to dissect and analyze protocols

  • Report generation

  • Logging facility

    • Packet logging

    • Session logging

    • File logging

    • Traffic logging

    • User defined logging facility

  • Alert mechanism, depending on the criticality

25-Sep-14

Resource Centre for Cyber Forensics

32


Enterprise forensic system esma2

Enterprise Forensic System (ESMA)

  • Classified log storage

    • System logs (User activity, System activity, Operations)

    • Security logs

  • Facility to add more protocol support easily

  • Printer data monitoring

  • Interface to IDS and Penetration testing tools

25-Sep-14

Resource Centre for Cyber Forensics

33


Enterprise forensic system esma3

Enterprise Forensic System (ESMA)

  • Extendibility

  • Multithreaded architecture

  • Co-ordination among the agents

  • Remote agent controlling

  • GUI and backend independence

  • Cross platform development

  • Scalable computing power based on the network load

  • Agent authentication

25-Sep-14

Resource Centre for Cyber Forensics

34


Enterprise forensic system espa

Enterprise Forensic System (ESPA)

  • Acceptable Use Policy

  • Account Management

    • Administrator / Users / Special Access

  • Use of Email

  • Internet Use

  • Use of External Memory Devices / Floppy/CD

25-Sep-14

Resource Centre for Cyber Forensics

35


Enterprise forensic system espa1

Enterprise Forensic System (ESPA)

Ability to set policies for

  • Hardware Authentication & Verification

  • Software Verification

  • Resource Sharing

  • Security Setting

  • Removable Media Monitoring

  • Email Handling & Monitoring

  • Web Access Management

  • Mobile computing

  • Server Management

  • System Activities Monitoring

  • Event Log Management

  • Backup

25-Sep-14

Resource Centre for Cyber Forensics

36


Enterprise forensics and e discovery

Q & A

Resource Centre for Cyber Forensics


Enterprise forensics and e discovery

THANK YOU

Resource Centre for Cyber Forensics


  • Login