Job Description - Data64 Digital Forensic Analyst

Job Description - Digital Forensic Analyst

www.data64.in

contents

Introduction to the Cyber Tribe

Some of our Global

Achievements Some of our

Indian Achievements

What we do @ data64

Online Test Curriculum

Personal Profile Form

Life @ data64

Job Description

Salary & Selection Process

Cyber Tribe (born 1999)

Soaring temperatures, shots of espressos and four bright young minds.

That's what led to the birth of CyberTribe in 1999 - a revolution with a mission to: empower the citizens of the world through cyberspace.

Cyber Tribe consists of 8 organizations -

It was in the year 2000 that Asian School of Cyber Laws was born in India, a few months before the landmark Information Technology Act was passed.

Then came TechJuris Law Consultants, a dynamic law firm specializing in technology laws, digital evidence, technology contracts and Internet based businesses.

As the face of cyber law changed to make it an inseparable part of other facets of law, ASCL Law School emerged introducing students and professionals to the progressive face of financial and corporate law.

Very soon, the IT industry witnessed explosive growth. Corporates felt the need for cutting edge consultancy in Digital Evidence Analysis and Incident Response. Thus was born, Data64 Techno Solutions Pvt. Ltd., incubated by Science and Technology Park, a STEP promoted by the Department of Science & Technology, Government of India.

Led, as we were, in the right direction by social changes, the inclusion of computers in the lives of children brought forth the need for life skills for youngsters. Republic of Cyberia a virtual nation for youngsters, created to promote life skills above and beyond conventional education - announced its birth.

Association of Digital Forensic Investigators has been created as a member driven organization to develop and design standards and best practices for all areas of digital forensic investigation.

Lexcode Regulatory Compliance Technologies Pvt. Ltd., established in 2011 to develop high quality technological solutions for legal compliance.

Data64 Technologies Pvt. Ltd, established in 2012 to handle all Cyber Tribe operations in Mumbai and Gujarat.

What we do @ data64

Contingency planning refers to interim measures to recover information system services after a disruption.

Interim measures may include relocation of information systems and operations to an alternate site, recovery of information system functions using alternate equipment, or performance of information system functions using manual methods.

Information systems are vital elements in most mission/business functions.

Because information system resources are so essential to an organization’s success, it is critical that identified services provided by these systems are able to operate effectively without excessive interruption.

Contingency planning supports this requirement by establishing thorough plans, procedures, and technical measures that can enable a system to be recovered as quickly and effectively as possible following a service disruption.

Contingency planning is unique to each system, providing appropriate preventive measures, recovery strategies, and technical considerations.

7-step contingency planning process

1. Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.

2. Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organization’s mission / business functions. A template for developing the BIA is provided to assist the user.

3. Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs.

4. Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption.

5. Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the

system’s security impact level and recovery requirements.

6. Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness.

7. Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes.

Contingency Planning Data64 assists organisations in designing contingency plans.

E-discovery is a techno-legal process in which relevant evidence to be produced in a court of law is identified, collected, analyzed and presented from a large set of electronic information.

Identification may include various departments, people, computers and files or documents in paper form.

Since the e-discovery process may involve huge amounts data and it may be unclear what data is relevant in the beginning of a legal dispute, the identification process should anticipate change and have procedures which can accommodate newly discoverable data. Identification requires thorough investigation and analysis.

When a legal duty to preserve data (e-discovery) is initiated, potentially relevant data should be identified and protected in a manner which is legally defensible, proportionate and auditable. Once data has been identified, it has to be collected. Data collection should also be done in a manner which follow the earlier principles of defensibility, proportionability and auditability. After collection, data may require processing with a view to:

1. finding out the exact nature of data identified;

2. record all metadata (in each and every file) prior to processing; and

3. reduce the amount of data that will finally be produced in a court of law by narrowing down the appropriate data for review.

Processing must be such that audit, analysis and validation can be carried out and an appropriate chain of custody maintained. During processing, data has to be converted to more accessible file formats and individual files may be inventoried along with their metadata.

After processing, documents have to be reviewed. This is critical since the review process identifies which documents to produce and which documents to hold back. Here, the legal team has a greater role to play and can expect to obtain a better understanding of the facts. Legal strategy is determined and developed based on document review. Analysis is carried out post review and analytical tools used for this purpose have become more sophisticated. Where there is a need to recover deleted or formatted data, integrated cyber forensics tools may also be put to use.

After analysis, data is produced. The production process involves opposite parties meeting and agreeing to which documents should be produced in what format. It then requires involvement of the technical teams to procure the data in the agreed format.

Finally, data has to be presented, which is done by lawyers. Although, electronic documents are mostly presented to a court of law in paper form, certain cases, e.g., where multimedia files need to be exhibited, lawyers have to present exhibits in native format.

Specific e-discovery processes have already been incorporated into the law in the United States where companies have to comply with such processes.

eDiscovery Data64 provides information management consulting for electronic discovery processes.

Digital forensics, also known as computer and network forensics, is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Data refers to distinct pieces of digital information that have been formatted in a specific way. Organizations have an ever-increasing amount of data from many sources.

For example, data can be stored or transferred by standard computer systems, networking equipment, computing peripherals, personal digital assistants (PDA), consumer electronic devices, and various types of media, among other sources.

Digital Forensics Process

The process for performing digital forensics comprises the following basic phases:

1. Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data.

2. Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data.

3. Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for

performing the collection and examination.

4. Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process.

Integrating Forensic Techniques into Incident Response

Organizations should ensure that their policies contain clear statements addressing all major forensic considerations, such as contacting law enforcement, performing monitoring, and conducting regular reviews of forensic policies and procedures.

Organizations should create and maintain procedures and guidelines for performing forensic tasks, based on

the organization’s policies and all applicable laws and regulations.

Organizations should ensure that their policies and procedures support the reasonable and appropriate use of forensic tools.

Organizations should ensure that their IT professionals are prepared to participate in forensic activities.

Digital Forensic Investigation Data64 provides digital forensic and cyber investigation services.

The Information Technology Act and its allied rules, regulations, orders etc impose several obligations on corporates.

Failure to comply with these obligations may be penalized with fines, compensation and even imprisonment.

ita64 is a suite of technological solutions for facilitating Information Technology Act compliance.

ita64 comprises the following 3 modules:

priv64: The primary law for data privacy in India is the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 issued by the Central Government in exercise of the powers conferred by clause (ob) of subsection (2) of section 87 read with section 43A of the Information Technology Act, 2000.

The data privacy rules define sensitive personal data or information to include passwords, financial information, physical, physiological and mental health condition, sexual orientation, medical records and history and biometric information.

Non-compliance with any of the provisions of the data privacy rules is penalized with a compensation /penalty of upto Rs. 25,000 under section 45 of the Information Technology Act.

Additionally, in some cases there may be liability under section 43A of the Information Technology Act. Under the original Information Technology Act, 2000, compensation claims were restricted to Rs. 1 crore.

Now claims upto Rs 5 crore are under the jurisdiction of Adjudicating Officers. Claims above Rs 5 crore are under the jurisdiction of the relevant courts. Additionally, in some cases there may be liability under section 72A of the Information Technology Act.

This section provides for imprisonment upto 3 years and / or fine upto Rs 5 lakh.

Manual compliance with the stringent data privacy laws would not only be extremely time-consuming but also

would require a lot of people and expense. priv64 is a cutting edge technological solution that automates the data privacy legal compliance process.

cert64: facilitates 100% compliance with CERT and other reporting requirements.

dx64: facilitates real-time, open exchange of data from entities about how and when they are suffering cyber attacks on their systems.

This data is analyzed to provide early-warning of cyber attacks that could bring down critical infrastructure.

Information Technology Act Compliance Data64 has developed technological solutions to enable corporates to manage regulatory compliance under the Information Technology Act

Life @ data64

At data64, each person is looked at as someone who is destined to shine -a star!

To underline this philosophy, it is absolutely prohibited to refer to anyone at data64 as an 'employee'.

No one calls you by your name. Your parents named you when you were born. Now you get to choose your own 'handle' name. Whether its iceberg or router, choose a name that defines you!

Awesome work atmosphere. Great people, virtually no hierarchy, sub-zero office politics and lots more great stuff.

Very generous pay packages. If you get a comparable job that pays better.....take it !!

Insane work hours. We are all very hard working people who love their work. If you prefer a 9 to 5 job with regular holidays....don't apply at data64.

Stars: At CyberTribe, each person is looked at as someone who is destined to shine -a star! To underline this philosophy, it is absolutely prohibited to refer to anyone at CyberTribe as an 'employee'.

Handles: We, here at CyberTribe, have taken measures to do away with the conventional concept of hierarchy at work. So, every Star is addressed by his/her handle. This helps us create a culture of openness that breaks the barriers of hierarchy.

Mentor-Protege Relationship: Everyone (except the Chief Architect) at the CyberTribe is assigned a mentor, who brings out the 'star' in the protege.

Join us as a Digital Forensic Analyst

Job Code: DFA-Data64

Digital Forensic AnalystJob Code: DFA-Data64

Consulting

Training

Business Development

Online Marketing

Product Development

Core Functions

Digital forensics, also known as computer and network forensics, is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data.

Data refers to distinct pieces of digital information that have been formatted in a specific way. Organizations have an ever-increasing amount of data from many sources.

For example, data can be stored or transferred by standard computer systems, networking equipment, computing peripherals, personal digital assistants (PDA), consumer electronic devices, and various types of media, among other sources.

Collection

Examination

Analysis

Reporting

Digital Forensics Process

The process for performing digital forensics comprises the following basic phases:

1. Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data.

2. Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data.

3. Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination.

4. Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process.

A Digital Forensic Analyst specializes in collection, examination, analysis and reporting of digital evidence.

As an organization, we have a very flat structure and every star is a part of five core functions, which are – Consulting, Product Development, Business Development, Online Marketing and Training.

Eligibility:

1. Students of the 2012 batch of B.E or B.Tech in Computer Science or IT or Electronics with no current backlogs.

2. Ability to write and speak English very well.

Apply if you:

+ are very patient by nature + are detail oriented and persistent + are an innovative thinker and problem solver

Data64 Non-Discrimination Statement

It is the policy of Data64 not to engage in discrimination against or harassment of any person employed or seeking employment with Data64 on the basis of race, color, national origin, religion, sex, gender identity, pregnancy, ancestry, marital status, age, sexual orientation or citizenship.

This policy applies to all employment practices, including recruitment, selection, promotion, transfer, merit increase, salary, training and development and demotion.

Digital Forensic AnalystSelection Process

2. Group Discussion

During this round, candidates are divided into groups of 12 or less and given a topic to discuss. We will evaluate your verbal communication skills, clarity of thought and awareness of Indian and global current affairs in this round.

Pre-placement talk

Group Discussion

Online Test

PersonalInterview

On-job Training

Confirmation

1. Pre-placement Talk

The pre-placement talk will be delivered by Data64 at empanelled colleges and will focus on our organisational history of the company, what we do, selection process, your growth prospects, salary and compensation process.

3. Online Test

During this round, candidates who clear the group discussion round, are administered a 60 minute online test. The detailed syllabus for this is provided under the section "Curriculum for Online Test for DFA Recruitment". Alumni of the ASCL Certified Digital Evidence Analyst course are exempt from this online test.

4. Personal Interview

During this round, we primarily focus on two issues - (1) the Data64 Personal Profile Form filled in by you (2) Topics of the online test.

6. Confirmation

On successful completion of the on-job training, you will be designated as a Data64 Digital Forensic Analyst.

You will be entitled to a CTC of either INR 6,50,000 or INR 8,00,000 per annum depending upon your performance.

5. On-job Training

Based upon your performance in the group discussion, online test and personal interview, you may be selected for 8 month on-job training. During this period, you may be required to relocate to any other city.

You will be entitled to a stipend of INR 14,000 (Indian Rupees Fourteen Thousand) per month during this training. Data64 will not provide or reimburse any accommodation or travel expenses during this period.

If, however, you are required to travel on official business during this period, those expenses will be borne by or reimbursed by Data64.

Digital Forensics

You are expected to have a basic understanding of computer security incident handling, forensic techniques and contingency planning. Additionally you are expected to have a basic working knowledge of WinHex 16.4 or above.

To get started on this, you can download some eBooks and the trial version of Winhex 16.4 from: http://www.data64.in/work_with_us/download.zip

Online Marketing

You are expected to be proficient in using facebook, twitter and linkedin, especially from a social media marketing and business development point of view.

Additionally you are expected to read the following eBooks:

1. Marketing and Advertising Using Google

2. A Geek's Guide to promoting yourself and your online business in 140 characters or less with Twitter

3. Unleashing the Ideavirus

To get started on this, you can download these eBooks from: http://www.data64.in/work_with_us/download.zip

You are also expected to read and understand the underlying concepts of the following books:

1. "Buyology: Truth and Lies About Why We Buy" by Martin Lindstrom

2. "Purple Cow: Transform Your Business by Being Remarkable" by Seth Godin

Programming

You are expected to have a good working knowledge of web development using PHP, MySQL, HTML5 and JavaScript.

You are also expected to be conversant with open source platforms such as Wordpress, PhpBB, Zen Cart and MediaWiki.

Life Skills

You are expected to read and understand the underlying concepts of the following books:

1. "The 80/20 Principle - The secret of achieving more with less" by Richard Koch

2. "Outliers: The Story of Success" by Malcolm Gladwell.

3. "Blink: The Power of Thinking Without Thinking" by Malcolm Gladwell.

4. "The Tipping Point: How Little Things Can Make a Big Difference" by Malcolm Gladwell.

5. "Freakonomics: A Rogue Economist Explores the Hidden Side of Everything" by Steven Levitt and Stephen J. Dubner.

Curriculum for Online Test for DFA Recruitment

Data64 Personal Profile Form

Page 1 of 4 of Data64 Personal Profile Form

Draw or write something interesting in this space. Your parents named you when you were born. Now you get to choose your own 'handle' name. What handle name would you choose for yourself and why?

Your name, date of birth, contact information, facebook username.

Your academic background. What's your favourite sport? Why?

What's wrong with the education system? How would you fix it if you had the power to do so?

Data64 Job Code(s) applied for.

What, in your opinion, sets you apart from the crowd?

Page 2 of 4 of Data64 Personal Profile Form

Why are you suitable for this job? What are the 3 things that you hate about yourself? Have you done anything to change these?

What are the weirdest things you do? If you know they are weird, why do you continue to do them?

What kind of people do you hate the most? What would you do if you become invisible for a day?

Describe one incident where you have exhibited leadership qualities.

Which animal would you like to be reborn as? Why?

Page 3 of 4 of Data64 Personal Profile Form

When is it okay to break the rules? How does this job relate to what you really want to be doing in your life?

What is a common misperception about you?

Where do you see yourself in three years?How do others describe you?

If you were hired, what ideas / talents could you contribute?

How do you like to spend a day off?

If you could trade places with any other person for a week, with whom would it be? Why?

If someone wrote a biography about you, what do you think the title should be?

Page 4 of 4 of Data64 Personal Profile Form

When is it NOT okay to break the rules? What kind of people do you like?

Who do you like best, your mom or dad? Why?

If you had only six months left to live, what would you do with the time?What makes you angry?

What have you done to develop or change yourself in the last few years?

In the news story of your life, what would the headline say?

Give 3 reasons why you are NOT suitable for this job.

Give 3 reasons why you are suitable for this job.

Data64 Techno Solutions Pvt. Ltd.

Pune

6th Floor, Pride Senate,

Behind Sigma House,

Senapati Bapat Road,

Pune - 411016.

India

Contact Numbers 020-25667148

020-40033365

020-65206029

Mumbai

7 Vaswani Mansions,

Opp. H.R. College,

Dinshaw Wachha Road,

Churchgate,

Mumbai - 400020

Contact Numbers 9594996366

9594996363

9594996364

(022) 22814502

(022) 22814503

(022) 66300223

Delhi (Liaison Office)

15th Floor,

EROS Corporate Tower,

Nehru Place,

New Delhi - 110019

Contact Numbers 09212227459

08800677554

08800679555

08800644557

www.data64.in | [email protected]