http://www.csoonline.com/article/448666/Investigations_Merge_Ahead By Malcolm Wheatley CSO Online September 10, 2008 Not long ago, the legal department at a financial services company in New York got a phone call from a hospital in London. The query: Why are you hacking us? With two known IP addresses, it wasn't difficult for the financial firm's information security staff to go back through the logs looking for traffic between the two organizations. And with the traffic identified, locating the computer from which the hacks were taking place didn't take long, either. The culprit: an individual who—as their human resources records soon confirmed—had formerly worked at that very hospital. Ah, the good old days. As investigations go, says Winn Schwartau, founder of security awareness certification company SCIPP International and an information security expert who has testified before Congress, the hospital hack was an increasingly rare example of a fast-dying breed: a pure infosec forensic investigation, carried out digitally. Of course, apprehending the suspect in such a case, or seizing physical evidence, requires a whole new dimension. And that's why CSOs and CISOs increasingly report that purely "computer" investigations, like the hospital hack, are a thing of the past—as are purely "physical" investigations. Pretty much every significant investigation these days now includes elements of both, whether the case at hand requires face-to-face interviews, forensic accounting, e-mail discovery and review, computer and network forensics, cell phone records, video surveillance analytics, access-card logs, inventory audits or all that and more. So in such an environment, how can CSOs and CISOs staff, train and prepare for such "blended" forensic investigations to be effective? What are the areas to concentrate on, and where do the pitfalls lie? And how, in short, can security navigate this blended investigative world? [...] __________________________________________________ Register now for HITBSecConf2008 - Malaysia! With a new triple-track conference featuring 4 keynote speakers and over 35 international experts, this is the largest network security event in Asia and the Middle East! http://conference.hackinthebox.org/hitbsecconf2008kl/Received on Thu Sep 11 2008 - 03:04:55 PDT
This archive was generated by hypermail 2.2.0 : Thu Sep 11 2008 - 03:17:32 PDT