Module 1 - Insider Threats Flashcards
Intrusion Definition
unauthorized access to a computer system
Protections - Gov (1) vs non (3)
Computer Fraud and Abuse Act
Private:
employment agreements
computer/end-user agreements
corporate policies
Unintentional Intrusion (causes)
- snooping through an organization
- not adhering to IT policies
Unintentional Intrusion (results)
data and systems inadvertently altered (deleted or modified)
Intentional Intrusion (results)
- accessing info without authorization
- theft of data
- damage to computer system
- removing security safeguards
Candidates for intentional
- disgruntled employees
- employees giving into temptation
- employees who may have substantial financial gain
Insider Threat Means (5)
- physical access
- within perimeter defenses
- already have access to sensitive info
- system admins with universal access
- difficult to detect and defend
Methods of Exfil (6)
- corporate e-mail
- personal e-mail
- printing
- web site
- drop sites (dropbox, iCloud, Google docs)
- external media
Artifacts (5)
- auditing of sensitive data
- windows registry
- corporate e-mail
- Internet history
- Windows event logs
Autopsy - history
Graphical interface for Sleuth Kit Brian Carrier and Basis Technology free - Ver 2 - (Linux and OS X) - Ver 3 (Windows 32 & 64) - Add-on Modules/Plugins (Videos/Registry)
Autopsy Start up Procedures
Create case
add evidence file
preprocessing/ run ingest modules
building database
Autopsy case file extension
aut
Autopsy Data Source Options
Image Files
Local Disk
Logical Files
Autopsy Modules with Additional Options (2)
Hash Lookup
Keyword Search
Autopsy Keyword Search Options (4)
Phone Numbers
IP Addresses
Email Addresses
URLs