Hi all, Talking to alot of persons in the field lately, I don't seem to be able to find a satisfying answer on the following question. " Topic: Digital Forensics -- Where is the line drawn between Network Forensics; which is related to Incident Response, thus focussing on a more IT Security related domain; and the Data/Computer Forensics terrain; which is more focussing on finding / recovering and detecting traces of lost files, ... quite often in fraudulent activity? To me, there is a distinct technical difference, but 'businesswise' and practical this difference seems very thin. Specific situation: imagine, a cracker penetrates the network. The Incident Response team wants to react quickly by identifying the security breach and the result of this incident. This involves a post-mortem analysis of the data/logs/... Is this a 100% Data/Computer Forensics mission or rather a Network Forensics mission? " I know, this is more 'philosophy rather than technics', but ... do share your opinion in public as well as in private. If not all, at least I could get a more clear view on this matter :-) Thanks! Filip ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Aug 18 2001 - 10:29:09 PDT