Job Description - Digital Forensic Analyst

www.data64.in

contents

Life @ data64

Some of our Global Achievements

Introduction to the Cyber Tribe

Personal Profile Form

Some of our Indian Achievements

What we do @ data64

Job Description

Salary & Selection Process

Online Test Curriculum

Cyber Tribe (born 1999) Soaring temperatures, shots of espressos and four bright young minds. That's what led to the birth of CyberTribe in 1999 - a revolution with a mission to: empower the citizens of the world through cyberspace. Cyber Tribe consists of 8 organizations It was in the year 2000 that Asian School of Cyber Laws was born in India, a few months before the landmark Information Technology Act was passed. Then came TechJuris Law Consultants, a dynamic law firm specializing in technology laws, digital evidence, technology contracts and Internet based businesses. As the face of cyber law changed to make it an inseparable part of other facets of law, ASCL Law School emerged introducing students and professionals to the progressive face of financial and corporate law. Very soon, the IT industry witnessed explosive growth. Corporates felt the need for cutting edge consultancy in Digital Evidence Analysis and Incident Response. Thus was born, Data64 Techno Solutions Pvt. Ltd., incubated by Science and Technology Park, a STEP promoted by the Department of Science & Technology, Government of India. Led, as we were, in the right direction by social changes, the inclusion of computers in the lives of children brought forth the need for life skills for youngsters. Republic of Cyberia a virtual nation for youngsters, created to promote life skills above and beyond conventional education - announced its birth. Association of Digital Forensic Investigators has been created as a member driven organization to develop and design standards and best practices for all areas of digital forensic investigation. Lexcode Regulatory Compliance Technologies Pvt. Ltd., established in 2011 to develop high quality technological solutions for legal compliance. Data64 Technologies Pvt. Ltd, established in 2012 to handle all Cyber Tribe operations in Mumbai and Gujarat.

What we do @ data64

Contingency Planning
Data64 assists organisations in designing contingency plans.
Contingency planning refers to interim measures to recover information system services after a disruption. Interim measures may include relocation of information systems and operations to an alternate site, recovery of information system functions using alternate equipment, or performance of information system functions using manual methods. Information systems are vital elements in most mission/business functions. Because information system resources are so essential to an organizations success, it is critical that identified services provided by these systems are able to operate effectively without excessive interruption. Contingency planning supports this requirement by establishing thorough plans, procedures, and technical measures that can enable a system to be recovered as quickly and effectively as possible following a service disruption. Contingency planning is unique to each system, providing appropriate preventive measures, recovery strategies, and technical considerations. 7-step process contingency planning

2. Conduct the business impact analysis (BIA). The BIA helps identify and prioritize information systems and components critical to supporting the organizations mission / business functions. A template for developing the BIA is provided to assist the user. 3. Identify preventive controls. Measures taken to reduce the effects of system disruptions can increase system availability and reduce contingency life cycle costs. 4. Create contingency strategies. Thorough recovery strategies ensure that the system may be recovered quickly and effectively following a disruption. 5. Develop an information system contingency plan. The contingency plan should contain detailed guidance and procedures for restoring a damaged system unique to the

systems security impact level and recovery requirements. 6. Ensure plan testing, training, and exercises. Testing validates recovery capabilities, whereas training prepares recovery personnel for plan activation and exercising the plan identifies planning gaps; combined, the activities improve plan effectiveness and overall organization preparedness. 7. Ensure plan maintenance. The plan should be a living document that is updated regularly to remain current with system enhancements and organizational changes.

1. Develop the contingency planning policy statement. A formal policy provides the authority and guidance necessary to develop an effective contingency plan.

eDiscovery
Data64 provides information management consulting for electronic discovery processes.
E-discovery is a techno-legal process in which relevant evidence to be produced in a court of law is identified, collected, analyzed and presented from a large set of electronic information. Identification may include various departments, people, computers and files or documents in paper form. Since the e-discovery process may involve huge amounts data and it may be unclear what data is relevant in the beginning of a legal dispute, the identification process should anticipate change and have procedures which can accommodate newly discoverable data. Identification requires thorough investigation and analysis. When a legal duty to preserve data (ediscovery) is initiated, potentially relevant data should be identified and protected in a manner which is legally defensible, proportionate and auditable. Once data has been identified, it has to be collected. Data collection should also be done in a manner which follow the earlier principles of defensibility, proportionability and auditability. After collection, data may require processing with a view to: 1. finding out the exact nature of data identified; 2. record all metadata (in each and every file) prior to processing; and 3. reduce the amount of data that will finally be produced in a court of law by narrowing down the appropriate data for review.

Processing must be such that audit, analysis and validation can be carried out and an appropriate chain of custody maintained. During processing, data has to be converted to more accessible file formats and individual files may be inventoried along with their metadata. After processing, documents have to be reviewed. This is critical since the review process identifies which documents to produce and which documents to hold back. Here, the legal team has a greater role to play and can expect to obtain a better understanding of the facts. Legal strategy is determined and developed based on document review. Analysis is carried out post review and analytical tools used for this purpose have become more sophisticated. Where there is a need to recover deleted or formatted data, integrated cyber forensics tools may also be put to use.

After analysis, data is produced. The production process involves opposite parties meeting and agreeing to which documents should be produced in what format. It then requires involvement of the technical teams to procure the data in the agreed format. Finally, data has to be presented, which is done by lawyers. Although, electronic documents are mostly presented to a court of law in paper form, certain cases, e.g., where multimedia files need to be exhibited, lawyers have to present exhibits in native format. Specific e-discovery processes have already been incorporated into the law in the United States where companies have to comply with such processes.

Digital Forensic Investigation

Data64 provides digital forensic and cyber investigation services.

Digital forensics, also known as computer and network forensics, is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. Data refers to distinct pieces of digital information that have been formatted in a specific way. Organizations have an ever-increasing amount of data from many sources. For example, data can be stored or transferred by standard computer systems, networking equipment, computing peripherals, personal digital assistants (PDA), consumer electronic devices, and various types of media, among other sources. Digital Forensics Process The process for performing digital forensics comprises the following basic phases: 1. Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data. 2. Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data. 3. Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the examination. collection and the organizations policies and all applicable laws and regulations. Organizations should ensure that their policies and procedures support the reasonable and appropriate use of forensic tools. Organizations should ensure that their IT professionals are prepared to participate in forensic activities.

4. Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process. Integrating Forensic into Incident Response Techniques

Organizations should ensure that their policies contain clear statements addressing all major forensic considerations, such as contacting law enforcement, performing monitoring, and conducting regular reviews of forensic policies and procedures. Organizations should create and maintain procedures and guidelines for performing forensic tasks, based on

Information Technology Act Compliance

Data64 has developed technological solutions to enable corporates to manage regulatory compliance under the Information Technology Act
The Information Technology Act and its allied rules, regulations, orders etc impose several obligations on corporates. Failure to comply with these obligations may be penalized with fines, compensation and even imprisonment. ita64 is a suite of technological solutions for facilitating Information Technology Act compliance. ita64 comprises modules: the following 3

priv64: The primary law for data privacy in India is the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 issued by the Central Government in exercise of the powers conferred by clause (ob) of subsection (2) of section 87 read with section 43A of the Information Technology Act, 2000. The data privacy rules define sensitive personal data or information to include passwords, financial information, physical, physiological and mental health condition, sexual orientation, medical records and history and biometric information. Non-compliance with any of the provisions of the data privacy rules is penalized with a compensation /penalty of upto Rs. 25,000 under section 45 of the Information Technology Act.

Additionally, in some cases there may be liability under section 43A of the Information Technology Act. Under the original Information Technology Act, 2000, compensation claims were restricted to Rs. 1 crore. Now claims upto Rs 5 crore are under the jurisdiction of Adjudicating Officers. Claims above Rs 5 crore are under the jurisdiction of the relevant courts. Additionally, in some cases there may be liability under section 72A of the Information Technology Act. This section provides for imprisonment upto 3 years and / or fine upto Rs 5 lakh. Manual compliance with the stringent data privacy laws would not only be extremely time-consuming but also

would require a lot of people and expense. priv64 is a cutting edge technological solution that automates the data privacy legal compliance process. cert64: facilitates 100% compliance with CERT and other reporting requirements. dx64: facilitates real-time, open exchange of data from entities about how and when they are suffering cyber attacks on their systems. This data is analyzed to provide earlywarning of cyber attacks that could bring down critical infrastructure.

Life @ data64

At data64, each person is looked at as someone who is destined to shine -a star! To underline this philosophy, it is absolutely prohibited to refer to anyone at data64 as an 'employee'. No one calls you by your name. Your parents named you when you were born. Now you get to choose your own 'handle' name. Whether its iceberg or router, choose a name that defines you! Awesome work atmosphere. Great people, virtually no hierarchy, sub-zero office politics and lots more great stuff. Very generous pay packages. If you get a comparable job that pays better.....take it !! Insane work hours. We are all very hard working people who love their work. If you prefer a 9 to 5 job with regular holidays....don't apply at data64. Stars: At CyberTribe, each person is looked at as someone who is destined to shine -a star! To underline this philosophy, it is absolutely prohibited to refer to anyone at CyberTribe as an 'employee'. Handles: We, here at CyberTribe, have taken measures to do away with the conventional concept of hierarchy at work. So, every Star is addressed by his/her handle. This helps us create a culture of openness that breaks the barriers of hierarchy. Mentor-Protege Relationship: Everyone (except the Chief Architect) at the CyberTribe is assigned a mentor, who brings out the 'star' in the protege.

Join us as a Digital Forensic Analyst

Job Code: DFA-Data64

Digital Forensic Analyst

Job Code: DFA-Data64
Digital forensics, also known as computer and network forensics, is the application of science to the identification, collection, examination, and analysis of data while preserving the integrity of the information and maintaining a strict chain of custody for the data. Data refers to distinct pieces of digital information that have been formatted in a specific way. Organizations have an ever-increasing amount of data from many sources. For example, data can be stored or transferred by standard computer systems, networking equipment, computing peripherals, personal digital assistants (PDA), consumer electronic devices, and various types of media, among other sources. A Digital Forensic Analyst specializes in collection, examination, analysis and reporting of digital evidence. As an organization, we have a very flat structure and every star is a part of five core functions, which are Consulting, Product Development, Business Development, Online Marketing and Training.

Core Functions

Product Development
Reporting Analysis Examination

Consulting

Online Marketing

Training

Collection

Business Development
Digital Forensics Process The process for performing digital forensics comprises the following basic phases: 1. Collection: identifying, labeling, recording, and acquiring data from the possible sources of relevant data, while following procedures that preserve the integrity of the data. 2. Examination: forensically processing collected data using a combination of automated and manual methods, and assessing and extracting data of particular interest, while preserving the integrity of the data. 3. Analysis: analyzing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination. 4. Reporting: reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process. Eligibility: 1. Students of the 2012 batch of B.E or B.Tech in Computer Science or IT or Electronics with no current backlogs. 2. Ability to write and speak English very well. Apply if you: + are very patient by nature + are detail oriented and persistent + are an innovative thinker and problem solver Data64 Non-Discrimination Statement It is the policy of Data64 not to engage in discrimination against or harassment of any person employed or seeking employment with Data64 on the basis of race, color, national origin, religion, sex, gender identity, pregnancy, ancestry, marital status, age, sexual orientation or citizenship. This policy applies to all employment practices, including recruitment, selection, promotion, transfer, merit increase, salary, training and development and demotion.

Digital Forensic Analyst

Selection Process

Group Discussion

Personal Interview

Confirmation

Pre-placement talk

Online Test

On-job Training

1. Pre-placement Talk The pre-placement talk will be delivered by Data64 at empanelled colleges and will focus on our organisational history of the company, what we do, selection process, your growth prospects, salary and compensation process.

5. On-job Training Based upon your performance in the group discussion, online test and personal interview, you may be selected for 8 month on-job training. During this period, you may be required to relocate to any other city. You will be entitled to a stipend of INR 14,000 (Indian Rupees Fourteen Thousand) per month during this training. Data64 will not provide or reimburse any accommodation or travel expenses during this period. If, however, you are required to travel on official business during this period, those expenses will be borne by or reimbursed by Data64. 6. Confirmation On successful completion of the on-job training, you will be designated as a Data64 Digital Forensic Analyst. You will be entitled to a CTC of either INR 6,50,000 or INR 8,00,000 per annum depending upon your performance.

2. Group Discussion During this round, candidates are divided into groups of 12 or less and given a topic to discuss. We will evaluate your verbal communication skills, clarity of thought and awareness of Indian and global current affairs in this round. 3. Online Test During this round, candidates who clear the group discussion round, are administered a 60 minute online test. The detailed syllabus for this is provided under the section "Curriculum for Online Test for DFA Recruitment". Alumni of the ASCL Certified Digital Evidence Analyst course are exempt from this online test.

4. Personal Interview During this round, we primarily focus on two issues - (1) the Data64 Personal Profile Form filled in by you (2) Topics of the online test.

Curriculum for Online Test for DFA Recruitment

Digital Forensics
You are expected to have a basic understanding of computer security incident handling, forensic techniques and contingency planning. Additionally you are expected to have a basic working knowledge of WinHex 16.4 or above. To get started on this, you can download some eBooks and the trial version of Winhex 16.4 from: http://www.data64.in/work_with_us/download.zip

Programming
You are expected to have a good working knowledge of web development using PHP, MySQL, HTML5 and JavaScript. You are also expected to be conversant with open source platforms such as Wordpress, PhpBB, Zen Cart and MediaWiki.

Online Marketing
You are expected to be proficient in using facebook, twitter and linkedin, especially from a social media marketing and business development point of view. Additionally you are expected to read the following eBooks: 1. Marketing and Advertising Using Google 2. A Geek's Guide to promoting yourself and your online business in 140 characters or less with Twitter 3. Unleashing the Ideavirus To get started on this, you can download these eBooks from: http://www.data64.in/work_with_us/download.zip You are also expected to read and understand the underlying concepts of the following books: 1. "Buyology: Truth and Lies About Why We Buy" by Martin Lindstrom 2. "Purple Cow: Transform Your Business by Being Remarkable" by Seth Godin Life Skills You are expected to read and understand the underlying concepts of the following books: 1. "The 80/20 Principle - The secret of achieving more with less" by Richard Koch 2. "Outliers: The Story of Success" by Malcolm Gladwell. 3. "Blink: The Power of Thinking Without Thinking" by Malcolm Gladwell. 4. "The Tipping Point: How Little Things Can Make a Big Difference" by Malcolm Gladwell. 5. "Freakonomics: A Rogue Economist Explores the Hidden Side of Everything" by Steven Levitt and Stephen J. Dubner.

Data64 Personal Profile Form

Page 1 of 4 of Data64 Personal Profile Form Data64 Job Code(s) applied for. Your name, date of birth, contact information, facebook username.

Draw or write something interesting in this space.

Your parents named you when you were born. Now you get to choose your own 'handle' name. What handle name would you choose for yourself and why?

What's your favourite sport? Why?

Your academic background.

What's wrong with the education system? How would you fix it if you had the power to do so?

What, in your opinion, sets you apart from the crowd?

Page 2 of 4 of Data64 Personal Profile Form Which animal would you like to be reborn as? Why?

What are the weirdest things you do? If you know they are weird, why do you continue to do them?

Why are you suitable for this job?

What are the 3 things that you hate about yourself? Have you done anything to change these?

What would you do if you become invisible for a day?

What kind of people do you hate the most?

Describe one incident where you have exhibited leadership qualities.

Page 3 of 4 of Data64 Personal Profile Form How do you like to spend a day off?

What is a common misperception about you?

When is it okay to break the rules?

How does this job relate to what you really want to be doing in your life?

How do others describe you?

Where do you see yourself in three years?

If you were hired, what ideas / talents could you contribute?

If you could trade places with any other person for a week, with whom would it be? Why?

If someone wrote a biography about you, what do you think the title should be?

Page 4 of 4 of Data64 Personal Profile Form In the news story of your life, what would the headline say?

Who do you like best, your mom or dad? Why?

When is it NOT okay to break the rules?

What kind of people do you like?

What makes you angry?

If you had only six months left to live, what would you do with the time?

What have you done to develop or change yourself in the last few years?

Give 3 reasons why you are NOT suitable for this job.

Give 3 reasons why you are suitable for this job.

Data64 Techno Solutions Pvt. Ltd.

Pune 6th Floor, Pride Senate, Behind Sigma House, Senapati Bapat Road, Pune - 411016. India Contact Numbers 020-25667148 020-40033365 020-65206029

Mumbai 7 Vaswani Mansions, Opp. H.R. College, Dinshaw Wachha Road, Churchgate, Mumbai - 400020 Contact Numbers 9594996366 9594996363 9594996364 (022) 22814502 (022) 22814503 (022) 66300223

Delhi (Liaison Office) 15th Floor, EROS Corporate Tower, Nehru Place, New Delhi - 110019

Contact Numbers 09212227459 08800677554 08800679555 08800644557

www.data64.in

info@data64.com