Business Email Compromise
	Eavesdropping on email
	Inject their own email (spoof sender)
	Money Mules
	
SIM Swapping
	Attacker convinces service provider to change your service to their phone.

Incidents
	Incident from an incident
	   lowering security
	   copy-paste XSS code
	
	"temporary" fixes

	document changes

Equifax Incident Response 2017
	143 Million ssn, names, credit cards, drivers lic.
	
	Waited 40 days to disclose
	Set up third party website with information - suspicious
	   ask for last 6 digits of SSN
	Scammers set up similar sites (phishing)
	Customer service sent some customers to the fake site.


Post-mortem: 
	Keeping it from happening again.
	Assess the response


Digital Forensics
	scientific investigation of a crime or event
	Assume investigation is going to court.

	Chain of Custody
		account for evidence location/ownership at any time.
		show evidence has not been tampered with
		storage: access-controlled location		

	Work on copies
	Hash files/drive images

	Types of evidence
		Drives - encrypted