Andrew Smith run a 2day workshop on Digital Forensics & Incident Response for Threat Con 2019 conference
On the 29th-30th August 2019, Andrew Smith the Director of Computer Forensics Services was invited to run a 2 day workshop on Digital Forensics And Incident Response for Threat Con 2019 conference in Kathmandu , Nepal .
This was the second year that the Threat Con conference had been run and was well organized by ThreatNix, a locally based cyber security company.
The workshop was well attended with over 30 people attending from the banking and insurance industry, cyber security specialists and the local police. Speakers from all over the world attended the conference to present on the latest cyber security topics.
Congratulations to our Director of Computer Forensics Services–Andrew Smith– for successfully completing the UK CSITech Cryptocurrencies for Investigators course.
The course covered how to investigate cryptocurrencies and the blockchain and will help Orion Forensics to develop the investigation skills required for this exciting new area of forensics.
Read More Profile > https://lnkd.in/f7eKKH3Read More
Even after 20 years I can still vividly remember what it was like as a new police officer having to stand up in court and give evidence as a witness for the first time. It was one of the most nerve-wracking experiences I had ever been through. Having gone through that experience and learnt from my mistakes helped prepare me for my role as a digital forensic investigator. I soon learnt to document everything and not to overlook even the tiniest details.
I have been based in Bangkok now for the past 7 years and, with the push for a digital economy, Thailand 4.0 has meant that the issue of cyber-security has been pushed to the forefront. Each year we continue to see a growth in demand for forensic awareness training and for forensic examinations. However, there is still a general lack of understanding about digital forensics and we continue to see companies making the same mistakes over and over again.
Electronic data is fragile, if there is any chance it may be used as evidence in legal proceedings, then it must be handled in a certain way so it is possible to demonstrate to the court that the integrity and authenticity of the evidence has been maintained. If mishandled, then the evidence may be called into question when presented at court.
The majority of our investigations involve the theft of company data by rogue employees. Management will naturally turn to their IT staff to begin an investigation and collect potential evidence. However, consider the following points:
- Usually the IT staff have not been trained in how to conduct a methodical investigation
- They are often unaware of the need to maintain a complete chain of custody from the collection of data stage through to producing a report
- They are unaware of all the potential sources of evidence
- They lack the specialist tools required to conduct a forensic investigation
- They lack experience in correctly interpreting the findings of the investigation
- They lack experience in preparing evidence and professional reports for court
- They are inexperienced at presenting digital evidence at court as an expert witness
Companies often assume that as long as the person conducting the investigation holds some type of IT qualification then this will be sufficient. Digital forensics is a highly specialized field and, as demonstrated by the points above, requires a forensic investigator with the qualifications and experience to conduct the forensic investigation.
Another important issue to consider is the experience of your legal team. Do they have experience of dealing with cyber-crime cases and do they have the technical understanding of digital evidence? Due to the potential complexity of cyber-crime cases the legal team will often have to work closely with the forensic investigator to ensure the best possible outcome in any legal proceedings.
Without doubt the number of legal cases using electronic evidence will continue to grow. Also, as the number of forensic specialists in Thailand increases, we can expect to see electronic evidence that has not been handled correctly being more robustly challenged in the courts. If you are involved in legal proceedings where the other side is presenting digital evidence, you should consider hiring your own forensic expert to examine the validity of their evidence. In order to give yourself the best chance of success in any legal proceedings, make sure you use suitably trained forensic investigators and lawyers with the experience of dealing with electronic evidence.
My colleague Andrew was keen to get my perspective as a lawyer. Here it is.
As a young criminal defense lawyer a senior colleague advised me that the only way to succeed, whether you are prosecuting or defending, is to put all your energy into preparing your case for trial and most importantly, to “know and understand the subject matter”. Back then it was reasonably straight forward to understand the subject matter of the criminal charges before you. Today it’s a very different story indeed.
Technology has developed at an exponential rate in the last decade or so and has given rise to a far more sophisticated medium for the dishonest perpetrator to cause damage to the unsuspecting victim, be that an employer, a business, a bank, the Authorities or even another individual.
The motive of the crime can be to damage the reputation of the victim, unlawfully obtain the victim’s confidential information or fraudulently acquire cash or other assets belonging to the victim.
As a lawyer prosecuting or defending such a case the task of knowing and understanding the subject matter of your cybercrime case is an extremely difficult one. After all you are a lawyer and not a trained scientist. This is where you need to work alongside an expert with digital forensics training and experience.
As Andrew mentions above, lawyers and other prosecuting Authorities will often rely on persons who have some level of IT training to try and make sense of the data. This is where mistakes can occur.
As lawyers we have a duty to our clients to get it right from the outset. There is no point in taking a case to trial with little prospect of success because you cannot properly explain highly technical evidence to a judge in such a way as to convince him of the perpetrators guilt, beyond reasonable doubt. Equally, the accused has a right to a fair trial and that means we have to be able to challenge technical evidence which clearly does not support the charges faced by the accused.
Our specialist cybercrime lawyers have handled many cases involving ‘cybercrime evidence’. The major advantage our team of lawyers have over many other advocates is instant access to our in-house computer forensics team. They are on hand to help us understand the subject matter of these cases, deliver expert reports, assist with our examination in chief, cross examination and give testimony to assist the court to make sense of complicated evidence. All of this is key to a successful prosecution or defence.
About the Authors:
Mr. Andrew Smith (Andy) – Director of Computer Forensics Services at Orion Forensics Thailand
Andrew has 17 years’ experience in the field of digital forensics. Andrew was a UK police officer for 9 years of which the last 4 years was spent working within the police computer crime unit where he received extensive forensic training. His role included the acquisition of electronic data, analysis and the presentation of evidence in the UK courts as an expert witness.
Andrew has now been based in Bangkok for over 7 years and is the Director of Computer Forensics Services for a commercial investigation company called Orion Investigations. His role is to oversee all forensic investigations, business development, promote awareness of cyber security and present evidence as an expert witness in Thai courts. He has regularly appeared as a guest speaker for various business chambers and organizations. Andrew has developed a range of forensic training courses for the local Thai market. Andrew has also developed a number of free forensic tools which are now used in forensics labs all around the world.
Ghaff Khan (Ghaff) – Director of Legal Services at Orion Law Office Thailand
Ghaff practiced as a UK lawyer for 27 years. He set up and managed his own successful UK legal firm and held a number of departmental head positions in various legal disciplines. He appeared in many tribunals in the UK as an advocate and had Higher Rights of Audience in criminal law, before moving to Thailand in August 2015. Ghaff manages the lawyers in the Law office, reports to clients with regular updates and is responsible for ongoing development and training of the legal team.
A 4 day practical training course for people who are responsible for digital forensic investigations or are wishing to become a digital forensic investigator. The course will provide a solid foundation in the understanding of digital forensics principles and techniques. Each subject is covered in depth and supported by practical scenario based exercises to reinforce the learning points. The candidate will use a range of free and open source forensic tools. This allows the candidate the opportunity to practice what they have learnt on the course without the need to invest in expensive forensic software / hardware. The course has been designed by experienced forensic investigators with many years’ experience ensuring the course content is both relevant and practical.Read More
A one day training course aimed at IT staff that may have to deal with cyber security threats. The course will provide the candidate with an explanation of what is computer forensics and the techniques regularly employed by computer forensic investigators.
The candidate will be trained how to respond to cyber security threats and how to preserve the electronic data in an evidentially sound manner using a basic forensic tool.
Aim of the Course:
The aim of the course is to provide the candidate with an explanation of what is computer forensics, the issues in obtaining computer evidence and the forensic techniques regularly employed by forensic investigator. The aim is to provide the candidate with the knowledge to prepare a cyber-security incident response plan and training in using a basic forensic tool to preserve the digital data in an evidentially sound manner.
The course is aimed at IT teams , Incident Response Team (IR) that have no knowledge or limited knowledge in relation to computer forensics and computer forensics techniques.
Who Should Attend:
IT professionals who may be required to collect and preserve electronic data that could later be used as evidence in legal proceedings. IT managers who may be responsible for overseeing the collection and preservation of electronic data.
Course Location: Bangkok Business Center Building (Sukhumvit 63 or Soi Eakkamai )
Time 09:00 AM to 16:00 PM
Course Cost: 9,950 Baht (Not include vat) Included Manual ,Coffee Break & Lunch
|Orion Forensics Training Calendar Year 2020|
|06 Feb||23 Apr||09 Jul||09 Sep||05 Nov|
Early Bird !!
Register and pay before the 06th Jan 2019.
1 Person 9,950 Baht (10% Discount) Saving of 995 Baht
Early Bird !!
Register and pay before the 23rd Mar 2020.
1 Person 9,950 Baht (10% Discount) Saving of 995 Baht
Early Bird !!
Register and pay before the 09th Jun 2020 .
Early Bird !!
Register and pay before the 09th Aug 2020.
Early Bird !!
Register and pay before the 05th Oct 2020.
• Cyber Threats 2020
• Economic Crime Thailand 2019
• Define Digital Forensics
• Legal Consideration
• Evidence Handling & Chain of Custody
• Why is Digital Forensics Important to your Organisation
• Good Practice Guidelines for Computer Based Evidence
• Forensic Acquisitions
• Forensic Acquisition Tools
• Hash Values (Digital Fingerprint)
• Persistent Vs Volatile Data
• Dealing with Live systems
• Dealing with Servers
• Capturing RAM Memory
• How to Perform Bulk Forensic Imaging
• Creating an East2Boot Bootable Hard Drive
• Preparing an Incident Response Plan
- Payment is due upon registration
- Delegates who cancel after registration, or who don’t attend, are liable to pay the full course fee and no refunds can be given
- We reserve the right to postpone or cancel a training course at any time.
- If a training course is cancelled by us, we will inform all registered delegates on the course as soon as possible. Upon the cancellation of a course, we will offer to each delegate a full refund for the cost of the course or alternative dates for the course.
- We will not be held liable for any expenses, either direct or indirect, or for loss of time, earnings or business, incurred as a result of a postponed or cancelled course.
A one day training course for legal professionals who have to deal with digital evidence. The course will look at the types of digital evidence that is routinely produced for legal proceedings and the potential issues surrounding that evidence . The course will provide an overview of the forensic principles, techniques and terminology used by forensic investigators. The aim is to provide the candidate with a level of understanding so they can interpret forensic reports and assess the authenticity and integrity of the digital evidence. A reference manual will be provided to each candidate along with a certificate of completion confirming the number of training hours undertaken.Read More
They say there are two certainties in life, death and taxes. I would suggest that there are now three. Death, taxes and being confronted with cybercrime. It is not uncommon to hear the phrase cybercrime or cyberterrorism being used in the media and how another major company has been hacked. Yet many people are still unsure exactly what constitutes cybercrime and whether they may have been a victim.Read More
Introduction to Cyber Security•What is Cyber Security? •Risks with Cyber Security such as Viruses and Malware.Blockchain and Cryptocurrencies•What is Blockchain?•What are the Security Impacts of Blockchain?•What are Cryptocurrencies?•Recommendations on protecting your CryptocurrenciesRead More
I have been a full time digital forensic investigator now for almost 15 years. I still remember the excitement on my first day when I started within the South Yorkshire Police Computer Crime unit. The learning curve was steep. I had no university degree in computers, limited computer training and most of what I knew about computers was self-taught including how to build computer systems.Read More
As the capacity of USB storage devices continues to increase and the price decreases, USB forensics will often play an important part in many forensic investigations. Add to the mix a range of mobile devices such as smart phones, tablets, digital cameras and the ease of connectivity means that there are a lot of USB artifacts to be found if we know where to look. For example in Windows 7, the Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx log file contains useful information such as time stamps for the connection and disconnection of USB removable drives.Read More