Tom Pruett has over 18 years of experience in IT and 17 years experience in training. He has various technical certifications including in computer forensics. The document discusses the objectives and process of computer forensics. It explains that forensics aims to recover, analyze and preserve digital evidence for legal purposes. The different types of forensic uses include law enforcement, private sector, and enterprise scenarios. It also outlines the tools and steps involved in the forensic process.

1. Welcome
Process of Forensics:
Is Your Company on
High Alert?

2. Education & Certifications
M.A., Southwest Texas State University
B.S., Southeast Missouri State
CCSI#33112, CCNA, CTT+, MCT, MCP, MCSA, MCDA, MCTS SQL
Server 2005, MCITP SQL 2005, MCSE, Certified Novell
Administrator, A+, Network +, Security +, Certified Ethical Hacker,
Certified Forensic Investigator, and CWNA
Number of Years in IT
18 years
Number of Years in Training
17 years
Areas of Expertise
Cisco
Network Security
Computer Forensics
Wireless
Microsoft Operating Systems & Networking Technologies
Microsoft SQL Server 6.5, 7, 2000, 2005 & 2008
Microsoft Server NT 4, 2000, Windows XP, 2003, Windows 7 &
2008
LinkedIn.com/in/TomPruett
Facebook.com/CentriqTraining

3.  Computer Forensics Objectives
 Different Types of Forensic uses.
 What are the Legal Ramifications?
 It is About the Process More Than the Tools
Forensics - First Responder and Incident Response
 Hardware and Software Tools Used in Forensics
 The Computer Forensic Process
Process of Forensics: Is Your Company on High Alert? 3

4.  To recover, analyze and preserve computer and
related materials in such a way that they can be
presented in a court of law.
To identify the evidence quickly, estimate the
potential impact of the malicious activity on the
victim and assess the intent and identify the
perpetrator
Process of Forensics: Is Your Company on High Alert? 4

5.  Law Enforcement
 Private Sector
 Enterprise
 Full Forensic Workups - Case
 Partial Forensic Workups – Recover Deleted Files
Process of Forensics: Is Your Company on High Alert? 5

6.  Law Enforcement Follows Strict Evidence Procedures
 Private Sector Must Have a Consistent Evidence Procedures
 Litigious Needs for Private Sector
2002 - Scientific Working Group on Digital Evidence (SWGDE) "Best
practices for Computer Forensics“
2005 - ISO standard ISO 17025 - General requirements for the
competence of testing and calibration laboratories
Process of Forensics: Is Your Company on High Alert? 6

7.  First Responders and Incident Response is Where it Starts
 Incident Response Plans need to have Forensic Procedures
 First Responders Play a Crucial Role
 Decide if a Crime has been Committed
 Decide if a Forensic Process is Needed
Process of Forensics: Is Your Company on High Alert? 7

8.  Break It and Fix
 Troubleshooting
 Looking for the Unknown
 Patience
 Never Exceed Your Knowledge Base
Process of Forensics: Is Your Company on High Alert? 8

9.  Forensic PC
Process of Forensics: Is Your Company on High Alert? 9

10.  Portable Forensic Kit
Process of Forensics: Is Your Company on High Alert? 10

11.  Software to Analyze Hosts and Networks
 Encase
 FTK
Process of Forensics: Is Your Company on High Alert? 11

12.  Determine if a forensic workup is needed
 Evidence collection techniques
 Secure the evidence
 Data Acquisition
 Analyze Data
 Forensic Reporting
Process of Forensics: Is Your Company on High Alert? 12

13. Process of Forensics: Is Your Company on High Alert? 13