Incident Response Kits Hardware

00:00

Hello. My name's David and welcome to pre incident Response

00:07

and we're taking a look at it to response kids. We looked at the hardware and software in our last one because you do not want to be this cow

00:15

stuck on offense.

00:17

Uh, like I was when I walked into that shop. If you remember my war story

00:21

Ah, and found out that they were apple specific on only used Max and Apple servers. And I had very little experience of this.

00:31

Hopefully, huh? You Whoa,

00:34

have better preparation than I get. In that case, I did adapt and overcome, which is important to keep in mind.

00:43

Um, but when you're dealing with putting your kit together,

00:48

you need to be asking these kinds of questions up front that we went over in our last episode together

00:53

when we looked at software and hardware. Holistic,

00:56

We're here. Episode two

00:59

We're going to be looking more specifically at hardware again. Let's talk about some questions to help you prepare

01:06

What kind of equipment is in your environment,

01:08

Is it

01:11

Ah, small office that has their say, their own

01:17

homegrown server set up with very little outside, um

01:21

influence and say they use office 3 65 This is E mail.

01:26

The employees all used the same model laptop. Um,

01:32

they all have the same fun.

01:34

That's fantastic. That's actually pretty easy to get set up with in order to do incident. Response of environments. Ad

01:42

to say,

01:44

A lot of environments that you go into won't be that simplest.

01:48

Uh, they've been around for a little while. They've got a variety of mobile devices, tablets, own smartphones.

01:55

Each employee has a different laptop with a different set up.

01:59

They may all use the same email environment, but we're talking about hardware here,

02:06

so you need to be able to image a laptop, uh, image smartphone needed able then to take that image and analyze it. So that's why you need to ask these questions upfront. Prepare yourself.

02:19

Do you even need forensic capabilities? Do you need right blockers? You need the ability to do a packet capture on and then hash that pack, capture and store it,

02:30

um,

02:32

for future reference. Or you say there's a criminal case and the fence comes to you and says We want copies of all of your forensic images.

02:42

How do you store those Where do you store those? How do you secure them?

02:46

Those are questions you have to consider when it comes the hardware and off that kind of questions overlooked, especially in the world of consulting.

02:55

Um,

02:58

it could be a something in a simple with a law. I'll, um,

03:02

that you use in order to store your images on hard drives,

03:07

cup boards, caution, air environmental factors to come in and play. If you have a flood zone, you don't want to lose all of your evidence to a flood or even say

03:19

supper. Open water pipe.

03:21

It has happened.

03:22

Um, so ask yourself if you need the forensic capability ends, continue down that line. How am I gonna store the images? How long do I need to store? There's Emmett.

03:32

Um, what's the statue of limitations in the criminal?

03:37

Um,

03:39

you need to know you and you need to ask, um so that you have access to those and there's your legal on statutory. Even if it's an internal investigation saying insider threat,

03:51

um, you need to work with your legal department or legal counsel to determine exactly what you need,

03:59

what kind of storage you needed. How long to store those items.

04:04

Then they look at your existing team.

04:06

Uh, what's their skill level? Do you have someone that's

04:12

familiar with in case and use in case? Um,

04:15

well,

04:16

I want to say Well, because it is important in dealing with certain cases that you have someone that knows. Does your team know how the registry works? Do they have experience using wire shark? You examine packet captures

04:33

you have my wear, reverses new skills?

04:39

Yeah, not you're in a happy either outsource that or rely on their party in order to bring your staff your team up the par and we'll talk about that a little more in depth and we look at the team. More specifically,

04:53

do you answer to regulatory bottoms? Are you a small doctor's office that you're consulting with

05:00

that could fall on your hip?

05:03

Uh, all kinds of questions can arise here,

05:06

but

05:09

you need to ask them, um, if you're gonna do what I did back in the day and start your own consulting business,

05:15

uh, then you need to be able to answer these questions. Who could require a lot of study? A lot of breeding, thankfully. Hey, cyber. He's got lots. Of course. Is on this kind of s o Be prepared to spend some time learning. Ah, and growing and expanding your knowledge days.

05:31

What on orders? Ask sport. Is your business get audited? And if so,

05:38

what kind of questions you were asking? How do they address? Um, I've worked for some credit unions,

05:44

small financial institutions, and they get audited every year on the auditors or individuals, just like you and I are. So each one's a little bit different. One focuses on cyber security.

05:56

One doesn't care.

05:58

So you have to kind of address those needs as they arise and be prepared for just about any kind of eventuality.

06:05

How do you determine what's necessary? He talked to who you ask. Sai Berry is a great way to do that network with people Link then, for example,

06:15

get into, ah, the different league and pages and groups that focus on incident response. Digital forensics,

06:25

hipaa ff. I see those kinds of areas and ask if you don't know. Um, none of us is a walking

06:34

Encyclopedia Britannica to use the example of all knowledge Cyber.

06:40

I hate to break it to you. I'm not going to stand here and put myself up until you are know it all because I don't,

06:46

uh, nobody does.

06:47

And if somebody tells you that they do run the other way because nobody knows it all, that's why we have like that. That's what you have, cyber

06:56

hook up with me on cyber. He reached out to me. Created connection. Get a question. If I don't know the answer, I'll point you to somebody that might. And if they don't know the answer, you see how that networking works.

07:05

Years it.

07:08

What would you do if you came across this in an environment during an incident in spots? How would you address that?

07:19

What if somebody came to you and said my email was hacked? Here's my job.

07:24

What would you do?

07:26

What tools would you need?

07:31

Hey, these are all things that you're gonna have to consider in the incident response around,

07:36

because these are all things that you're gonna come across. I know my own experience. I've hit almost every single one of these images.

07:44

What about a serve? Iraq

07:46

were raid,

07:48

huh?

07:50

That's actually a neat want because they've done right job. Ah, look at that. And apple servers at How would you ended that?

08:00

How would you have them? He had tools.

08:03

Do you have a school skills up?

08:05

When it comes to hardware specific, each of these items is gonna take a different kind of hardware. A different kind of connection

08:13

connector. In order to be able to image and

08:18

been passed the hardware. It takes a different kind of software program in order to do the examination.

08:24

So how do you figure this out here again? We have the 2018 Sands Ah analyst survey.

08:31

Ah, in which they they

08:33

reach pretty wide audience, which is great. And if you're going to be in the incident response field, then you need to be referring to these reports both for your own personal brew, that knowledge and also for

08:46

use in your work environment.

08:50

And as you can see, technology government. Thank you. Finance represented in this kind of thing.

08:56

Learn from this when it comes to hardware, especially what kind of tools you gonna need have set up

09:03

when you drop down to the bottom of the screen? What regulations covering GDP? Ours huge not just in Europe

09:13

but also

09:13

in the U s in India, In Africa, In Australia, if you're dealing with any kind of data that comes out of your eyes going into your GPR applies, how do you address?

09:28

What do you need to do?

09:30

PC I hip a high Packer horse are pretty well known standards. They are the end all be all, but they definitely do affect what you're going to do. So you're some different examples of places that you can go to, especially to the rub sites to river for more information.

09:50

Now, this is a quick screenshot of what the hardware is gonna look like. These right blockers on the screen in the yellow box contains a variety of different kinds of right Walker's. I'll actually have another video giving you a little more hands on demo. Of those,

10:07

the one on the left is boards, some parts

10:11

and tablets so you can see they're slightly different setups. Ah, and if you're gonna be using these,

10:18

you're gonna have to have them. In your token.