11/29/2012 – “Live Demonstration of Digital Forensic Analysis with Free Open Source and/or Inexpensive Tools”
Speaker: Vicky Lee Groskinsky MA, CISSP, GCIH
Request Vicky's presentation materials in the Members Only Area.
Vicky demonstrated several basic steps of Digital Forensic Analysis of a static Windows 7 computer (powered off). This talk was a very practical visual demonstration of how a few particular forensic steps are accomplished.
At its core, Digital Forensic Analysis is answering questions from a digital source.
- Does the digital image contain artifacts of a logon date and time for a particular ID?
- Does the digital image contain a document with the word “secret”?
- Does the digital image contain artifacts that indicate a USB device was plugged into the computer?
- Does the digital image contain an email from XYZ to XYZ?
- Does the digital image contain improper pictures?
- Does the digital image contain deleted documents?
Attendees gained information on basic digital forensic steps and viewed a live demonstration of an attempt to gather artifacts to answer the above questions.
9/25/2012 – “Technical Auditing: An Adventure Into A Different World”
Speaker: Byron Kesler, MS, CISA, T-Systems of North America
Download Byron's presentation materials from in the Members Only Area.
Technical auditing is the lesser known area of CISA auditing. Any type of electronic record can be audited in the technical auditing world, such as: system configurations, devices on the network, who made changes to the devices, what changes were made, etc. Technical auditing usually relies upon multiple standards (i.e., ISO 27001/27002, NIST) including company policies, procedures, specifications, and any other documented process. Many laws and regulations require technical auditing especially in the healthcare area as required by HIPAA. This type of auditing is completely different from financial auditing and often supplements other auditing functions within the company.
Financial, compliance, technical and other auditing are required to form a complete picture of the company's operation and performance. When any area of the auditing world is missing then the organization cannot have a true picture if it is meeting any of its internal and external requirements.
8/22/2012 -- IT Security Assessments:
A Different Perspective
Speakers: IT Security professionals from Computational Analysis and Network Enterprise Solutions, LLC® (CAaNES®) - see below
A key component of any information security and risk management program is vulnerability assessments and penetration testing of an organization’s information systems. Regulatory requirements and risk management governance programs are requiring these types of assessments on a periodic basis.
So, what all is entailed in vulnerability assessments and penetration testing? With the growing list of threats and new technologies, assessments are more than just a simple network scan. To fully assess the risks, all devices connected to a network should be thoroughly scanned with a various types of scanners. Web applications are fast becoming the top of the risk threat list. Thus application security assessments are becoming a must. And assessments are not just the technical view, but also include the compliance and regulatory perspective to assess how well an organization aligns with its regulatory requirements.
This one day conference provided insight to today’s assessment processes, looked at the most current research on assessment processes, and provided guidance on what to look for in assessment processes.
Slides available in the Members Only Area.
What’s Hot in Cyber Security Research presented by Srinivas Mukkamala, PhD, CTO of CAaNES LLC ® and Senior Research Scientist at NM Tech University – discussion on latest cyber security and malware research efforts, what are the new and upcoming cyber threats, what to look for and how to deal with new threats and risks in your assessment and audit programs.
Cyber Forensics - The Legal Perspective, by Mark Fidel, President of CAaNES: Discussion on the Attorney’s point of view when conducting a forensic acquisition and analysis of data that may be used as evidence in a lawsuit. Mark’s presentation addressed:
- Litigation Hold Process.
- “Why can’t we get the analysis tomorrow? You have almost finished copying the 13 drives, haven’t you?”
- “Why can’t you just search for the target’s emails?”
- “What do you mean you will have access to all of the doctor’s patients’ records? We are only interested in Ms. Smith’s records!”
- How to bridge the gap that often exists between the technical professionals and the legal professional when it comes to acquiring data for lawsuits.
Virtualization - Security and Auditing with a Chance of Clouds, by Chris Hammer, Director of Emerging Technologies: Cloud resources, server virtualization, and application virtualization. What do these technologies mean to security and auditing and what risks should you be aware of? This presentation provided an overview of the current technologies used in virtualization, and the security and audit concerns surrounding them.
PCI DSS Compliance Requirements and Assessments, by Robert Childs, CISSP, CISA, CISM, CRISC, PCI QSA, Chief Operating Officer of CAaNES: Payment Card Industry Data Security Standards – you’ve heard of them, and you’ve heard of credit card data breaches, but what are the PCI DSS requirements really? How do you assess them? This talk provided an overview and details of what PCI DSS are and the assessment process.
Web Application Assessment - How much are you covering?, by Paul Wowk, Anand Paturi and Chris Acton: CAaNES Application Assessment Team led a discussion on web application assessments and vulnerability testing techniques. The talk covered the limitations of automated web application scanners based on problems encountered by professionals in the field. Problems discussed included dynamic web application functionality, new specifications and new paradigms in the web application world.
Panel Discussion – Vulnerability Scanning and Penetration Testing: open, general discussion about assessments, how best to make use of them, approaches to performing tests, and any other questions you may have regarding assessments. Attendees were given the opportunity to ask questions about security vulnerability scanning and penetration testing.