Preserving capacity, General Tom Lawson, Chief of the Defence Staff, Keys to Canadian SAR
Issue link: http://vanguardcanada.uberflip.com/i/985397
www.vanguardcanada.com APRIL/MAY 2018 33 CYBER 41 www.huntercomm.net Global Satellite Solu ons Provider Broadcast Mari me Oil, Gas & Mining Avia on 48 49 50 51 52 53 53 52 51 48 Hunter Ku-Band Beam @ 115W.L. 49 50 45 42 • Superior Northern Canadian Coverage • Optimized for Mobile and Broadcast Applications • Aeronautical routes as high as 80 N.L • Available for Military applications • analysis of information within and/or cre- ated by a device that helps describe what happened, when it happened, how it hap- pened, and who was involved. Previously, information requiring analy- sis found in very specific system process slices were not always readily available or viewable in an efficient manner, making comparative analysis difficult and time consuming. Now, with a variety of robust investigative and analysis tools and suites available within operating systems and from third-parties, information analysis is highly automated and more conclusive. Cyber forensics can be easily described in four procedural phases that represent the lifecycle, each relying on the phase before it to maintain integrity: 1) the configura- tion and collection of required informa- tion, 2) the integrity, storage and retention of that information, 3) the investigative analysis, and 4) its consistent report- ing. These phases are relevant across the spectrum of various crime types, such as the examination of cyber exploits (theft, disruption, modification or destruction of an asset), activities that support other agendas (espionage, terrorism, organized crime, etc.), the distribution, access or purveying illegal materials (drugs, weap- ons, child pornography, terrorism materi- als, etc.), and personal (harassment, extor- tion, etc.) and corporate crime. Unearthing the different types of digital evidence on various device types associ- ated with these crime types often relies on other traditional investigative techniques creating probable scenarios to reconstruct, demonstrate and conclude the crime. If digital evidence stops at the device used to commit the crime with no evidence to identify a suspect or if information gaps, this renders continuity and correlation of evidence impossible, and the investigation is over. Planning and Configuration Planning and configuration policy and procedures ensure that the required infor- mation is identified, often in data collec- tion schemas, and that systems and devices are configured to capture the information, which is verified through test and audit activities. Other periphery activities, such as previously performed penetration test- ing results, can be used to extend inves- tigative scenarios that prove and validate the data schema. Overall, this ensures the highest possible success in solving a crime by identifying mandatory post-breach information and procedures, including isolation, preserva- tion, expected chain of custody and ap-