The NEbraska Cert Conference (NECC) will be hosted in Omaha on August 18th and 19th. I'll be presenting a session entitled Working with IT Auditors: A Recipe for Success. In short the session will cover the following topics.
An overview of the IT audit process
Roles and responsibilities during an audit
Building a partnership with IT auditors
Working toward a win-win scenario
Audit killers and savers
The NECC registration is only $250 and is a good value if you're looking to build some CPE credits. You'll be hard pressed to find a conference or other training at that price. It's also a great way to build some networking contacts in the region. Hope to see you there.
So I decided to give the heavy, thought invoking posts a break for a day or two.
The battery on my phone is giving me problems. Won't hold a charge for more than 24 hours and that's without much talk time or the Bluetooth and WiFi radios turned on. I looked online and seems a new battery will cost about $45. Not bad, but my AT&T Tilt (HTC 8925) is nearly two years old now and phones just don't last much over three years with daily use. I take really good care of my equipment so other than the battery there's not really anything wrong with it. Other than it being thick and a bit heavy it works great and does everything I need.
So…My options are…
Buy a battery and hope nothing else goes wrong in the next year.
Upgrade to another WinMo phone, most likely another HTC product
Upgrade to an iPhone (hold your applause)
Pour another glass of lemonade and ponder the meaning of life in a hammock on the beach…
Let's hear your opinion…
As I thought more about my previous posting I realized I had more to say regarding digital investigations. One thing I've learned over the years is that investigations often lead you down a road you never thought you'd travel. You start out one Friday afternoon investigating a seemingly simple virus infection and 6 months later end up a material witness in a criminal fraud case. I can't count the number of times I've walked into work one morning thinking about the day I have ahead of me wondering "How did we get here?"
The valuable lesson to learn here is this. Assume that every investigation you go into could end up turning into a criminal case. I know that sounds horrible. You're thinking, "Dave, you sure live in a dark world" or "How about a little faith in humanity, huh?" My response is…I wish I could see into the future to tell which cases would become criminal so I could avoid them. They really are a pain.
So why the difference? Why worry if a case will become criminal? What's that mean to the organization or investigator? All very good questions…thanks for asking!
First and foremost is the workload associated with a criminal case is significantly higher. The cases take longer to develop, include multiple parties (you, law enforcement, lawyers, expert witnesses, etc), typically have lots of negotiations, and the best part…cost you a TON of money.
The real reason to treat every case as criminal is the standards required for burden of proof, evidence handling, etc. are much higher in criminal cases. Your procedure for collecting, storing and analyzing data during an internal investigation may be fine for an administrative procedure or maybe even a civil suit. If however during the investigation you decide to press criminal charges, your procedures may have ruined the evidentiary value of any information you collected. If the proper steps were not taken to safeguard the integrity and non-repudiation of the information, it's useless. It's an irreversible process. Evidence only has to have had the ability to have been modified (in general terms) for it to lose its value and become inadmissible in court. Nobody will care if it was altered. Could it have been altered will be the question.
So the answer is to use the higher standard for all cases you're working on. I know what you're thinking…"Thanks for all the extra work Dave…REALLY appreciate it". All I can say is welcome to the world of digital investigations. Trust me though…the few times your cases do move into the criminal realm, you'll be glad you spent the extra time processing the case accordingly. You certainly don't want a data theft left unpunished because the rock-solid evidence you collected wasn't done according to best practices and won't ever see the inside of a courtroom.
So "Hey…Let's be careful out there".