|
|
|
|
The IT Roundtable will hold a workshop at NASA Headquarters on the following topic:
Incident Response and Digital Trace Evidence Collection THIS WORKSHOP IS A DUPLICATE OF THE ONE HELD ON JUNE 27, 2003, AND IS INTENDED FOR THOSE WHO WERE NOT ABLE TO MAKE THE JUNE 27 WORKSHOP
LIMITED SEATING IS AVAILABLE.
Members of the NASA OIG Computer Crimes Office will lead the workshop. The following are prerequisites for personnel to attend this meeting:
WORKSHOP OUTLINE
- Fill an IT Security position
- Be willing to sign a non-disclosure agreement
- Familiar with basic UNIX commands and devices
- Ability to understand and navigate a UNIX file system (including NFS)
- Understanding of major UNIX configuration files
- Be able to use and have basic understanding of the following commands:
- ls
- ping
- mount
- grep
- more/less
- netstat
Introcutions/Administrative
Overview of Objectives and Response Concept
- Objectives for this training
- Concept of initial report, response, findings and after actions
- Examples of computer crime
- Non-disclosure requirements and rationale
Console Review Process (Modified Paul Briefing)
- History and rationale
- Concept
- Overview of manual / automated process
Manual Console Review (Susan Briefing)
- Note taking
- Preparing for review
- Connectivity options
- Preparing collection system
- Conducting review and defining information
- Hashing of evidence and verification
Automated Console Review
- Preparing the victim computer (if necessary)
- Preparing collection system
- Conducting the review
- Troubleshooting
Console Review Analysis (Mark Briefing)
Other Issues
- Handling large scale intrusions
- Protection of collected data
- Data needed in reports
- Damages (hours expended, value of damaged data/hardware)
- Impact on mission (or potential impact, e.g. system is used for flight controls)
- Information taken and value
- Type of information on the system (ITAR, Privacy Act, Proprietary, etc.)
- Systems compromised and basic facts about the intrustion
- Information concerning the origin of the intrusion
Registration details of the workshop are as follows:
Date:
October 28, 2003 Location:
NASA Headquarters 300 E Street, S.W. Washington, D.C. 20540 (Federal Center SW Metro Stop) Room MIC 6A (6H46A) Time:
9:00 a.m. to 4:00 p.m.
If interested in registering for the workshop, please contact Ms. Candice Johnson at (202) 358-2556 or by email at cjohnson@imx.hq.nasa.gov. Registration must be received no later than noon on Friday, October 24, 2003. For security processing purposes, the following information must be provided to Ms. Johnson at the time of registration:
- Last Name, First Name, Middle Initial
- Citizenship
- Company/Agency Represented
- Telephone Number