RE: in-house computer forensics

From: Davis, Scott (Scott_Davisat_private)
Date: Wed Jul 25 2001 - 13:48:02 PDT

Next message: Kris Carlier: "Re: NTFS forensic analysis on Unix platform"

Previous message: Everhart, Glenn (FUSA): "RE: NTFS forensic analysis on Unix platform"
Maybe in reply to: Hasty, Gary : "in-house computer forensics"
Next in thread: Security Technology: "RE: in-house computer forensics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Gary, 

From my experience, there is not usually enough work to keep a full-time
employee busy.  The person who is responsible for forensic analysis of
systems will also be responsible for other areas.  For example he/she may be
part of the incident response team, IDS analysis, policy creation or any
number of other security related tasks.  It also depends on the size of the
company, number of locations and type of industry. What I have experienced
is patterns of peaks in workload, it seems like there is an outbreak of
investigations all of a sudden and it may taper off until another outbreak.
You have to fill the lulls with something!

There are pro's and con's on outsourcing vs. in-house.  Depending on what
your ultimate goal is will determine which is best for you.  Some companies
do not like to have outsiders involved in the most sensitive areas of the
business, while others prefer to have an objective third party involved in
case litigation is involved.  Also finding a skilled investigator to hire
may prove more difficult and expensive then your budget allows. Where as
with outside firms you are paying as you need them.  One suggestion I would
make is to develop the talent in-house.  That is how I got my start in the
field.  Usually you can find someone who has an interest in it.  Hope this
helps !

Just my .02
Scott Davis

-----Original Message-----
From: Hasty, Gary [mailto:Gary.Hastyat_private]
Sent: Wednesday, July 25, 2001 3:13 PM
To: 'forensicsat_private'
Subject: in-house computer forensics


I have been looking into creating an in-house "forensics"-type position
within our legal department.  This position would be responsible for
overseeing "traditional" forensics work as well as a liaison with
IT/Engineering, technical contract review, penetration studies, etc...

Question:  Anyone else know of a company with such a position?  Any
details on how well it works to have in-house resources fulltime as
opposed to contracting out on a periodic basis?
---
Gary M. Hasty, IT Manager Internal Audit
BellSouth Corporation
404-249-3057
iPager: garyhastyat_private


-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Kris Carlier: "Re: NTFS forensic analysis on Unix platform"
Previous message: Everhart, Glenn (FUSA): "RE: NTFS forensic analysis on Unix platform"
Maybe in reply to: Hasty, Gary : "in-house computer forensics"
Next in thread: Security Technology: "RE: in-house computer forensics"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 25 2001 - 15:29:03 PDT