LITIGATION SUPPORT TIP OF THE NIGHT

night.png
aceds.png

Featured on the ACEDS blog. 

HOME

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. This policy is subject to change at any time.  The owner is not an attorney, and nothing posted on this site should be construed as legal advice.   Litigation Support Tip of the Night does not provide confirmation that any e-discovery technique or conduct is compliant with legal, regulatory, contractual or ethical requirements.  

Outlook-vlcajcc4.jpg

See my post on Running Regex Searches With a Grep Utility on the ILTA litigation support blog.

New tips for paralegals and litigation support profesionals are posted to this site each week.  Click on the blog headings for better detail.

  • YouTube Social  Icon
See How-To Videos on my  YouTube channel.

Join our mailing list

    Avenir Light is a clean and stylish font favored by designers. It's easy on the eyes and a great go to font for titles, paragraphs & more.

    • All Posts
    • PARALEGAL
    • Forensics
    • eDiscovery Law
    • Mobile Devices
    • Excel
    • Electronic Discovery
    • Hardware
    • Security
    • Hash Values
    • Databases
    • Software
    • File Headers
    • Windows
    • Outlook
    • Graphics
    • Safe Harbor
    • Word
    • Web browsers
    • Social Media
    • Windows commands / batch files
    • Processing
    • Text Editors
    • Technology Assisted Review
    • FRCP
    • Data Storage
    • Redaction
    • Searching
    • Collection
    • Data Transfers
    • Adobe Acrobat
    Search
      • Dec 21, 2021

    CISA checklist

    Last month, CISA (Cybersecurity and Infrastructure Security Agency) published its Cybersecurity Incident

    & Vulnerability Response Playbooks: Operational Procedures for Planning and Conducting Cybersecurity Incident and Vulnerability

    Response Activities in FCEB Information Systems . An appendix to this guide provides a checklist to use in responding to a security breach incident.



    A bare description of the checklist can be boiled down to these steps:

    1. Report the incident (to CISA) within one hour

    2. Assess the operational and information impact.

    3. Collect data about the incident.

    4. Identify the technical basis of the incident - the IOC (indicators of compromise - such as a file hash or IP address) and the TTPs (tactics, techniques, and procedures - which describe why and how the attack took place).

    5. Use a third party for intrusion detection.

    6. Tune tools to mitigate the attack.

    7. Implement a containment strategy - system backups; close ports and servers; prevent domain name resolution for attackers.

    8. Eradication - reimage systems from backups.

    9. Reset passwords and install updates and patches.

    10. Post-Incident action - after action hotwash to evaluate the incident response.

    11. Coordinate with the CISA and receive a CISA National Cyber Incident Scoring System (NCISS) priority level.



    • Security
    33 views0 comments
      • Nov 12, 2021

    Cyber security warning: BazarBackdoor

    Beware of the recent BazarBackdoor exploit. The malware works by sending an email which contains a link to a PDF file. The email may reference a customer complaint.


    According to Sophos the link may appear like this and be to a URL referencing Adobe:


    The link actually leads to the Win 10 application installer (used by the Microsoft store) and the recipient will be prompted to install an ‘Adobe PDF Component’.



    The app installer file comes with its own doctored digital certificate.



    Amongst other things BazarBackdoor runs PowerShell to get the IP address of your network.

    • Security
    5 views0 comments
      • Nov 8, 2021

    Windows EFS Encryption

    The Pro edition of Windows 10, the EFS (Encrypting File System) system is designed to support file encryption. You can encrypt any file by right clicking on it, selecting 'Properties', on the 'General' tab, clicking on 'Advanced' and then checking off 'Encrypt contents to secure data'.


    If this checkbox is grayed out, open the Registry Editor, and at: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem set the value of 'NtfsDisableEncryption' to 1. Then reboot your PC.



    If this does not work, in admin mode of command prompt run this command:

    fsutil behavior set disableencryption 1




    Also run 'sevices.msc', and find Encrypting File System in the menu. Right click on it and select Properties. Then select the startup type to 'Automatic'.



    Reboot your PC after making these changes.


    • Security
    • •
    • Windows
    19 views0 comments
    1
    2345

    Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

    ​

    The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

    ​

    If you have a question or comment about this blog, please make a submission using the form to the right. 

    Your details were sent successfully!

    © 2015 by Sean O'Shea . Proudly created with Wix.com