Network Switch
•Network Switch is a computer-networking device that are mainly used to connect groups of network devices with each other
•Similar to Hub
Network Switch
41
Network Router
•Router is a device that determines the next network point that a packet should be forwarded towards its destination
•It must be connected to at least 2 networks
Router
42
Server
•Server is a computer or device that provides information or services to other computers on a network
•A Server can run several services – e.g. web server, email server, file server, print server etc
43
Firewall
•Firewall is a hardware device or software service used to increase the security of a network.
•The task of a firewall is to either block or allow certain traffic from or to the network
Hardware Firewalls
44
Access Point
•Access Points create a network for WLAN devices and connect them to the rest of the network
45
The project has been funded by the European Commission. The Education, Audiovisual and Culture Executive program (EACEA), TEMPUS IV. The content of this presentation reflects the opinion of the author.
General aspects of digital forensic
Chechulin A.
Ph.D., senior researcher St.Petersburg Institute for Informatics and Automation of the Russian Academy of Sciences
Digital forensic standards
•ISO/IEC 27037:2012 — Information technology — Security techniques — Guidelines for identification, collection, acquisition, and preservation of digital evidence
•ISO/IEC 27042:2015 Information technology -- Security techniques -- Guidelines for the analysis and interpretation of digital evidence
•ISO/IEC 27043:2015 Information technology -- Security techniques -- Incident investigation principles and processes
•RFC 3227 — Guidelines for Evidence Collection and Archiving
•ACPO Good Practice Guide for Digital Evidence
•…
47
Information Security Incident Management Processes
PLAN & PREPARE
•information security incident management policy, and commitment of senior management
•information security incident management scheme
•corporate & system/service/network security, & risk analysis and management, policies update
•information security incident management awareness briefings & training
•information security incident management scheme testing
USE
•information security event detection & reporting
•assessment and decision on information security incident
•responses to information security incident, including forensic analysis
REVIEW
•further forensic analysis
•identification of lessons learnt
•identification of improvements to security
•identification of improvements to information security incident management scheme
IMPROVE
•make improvements to security risk analysis & management review results
•initiate improvements to security
•make improvements to information security incident management scheme
ISO27037-2012
Structure and content
1 Scope
2 Normative reference
3 Terms and definitions
4 Abbreviated terms
5 Overview
6 Key components of identification, collection, acquisition and preservation of digital evidence
7 Instances of identification, collection, acquisition and preservation Annex A Digital Evidence First Responder core skills and competency description
Annex B Minimum documentation requirements for evidence transfer Bibliography
The standard provides detailed guidance on the identification, collection and/or acquisition, marking, storage, transport and preservation of electronic evidence, particularly to maintain its integrity. It defines and describes the processes through which evidence is recognized and identified, documentation of the crime scene, collection and preservation of the evidence, and the packaging and transportation of evidence.
