Post Mon Oct 23, 2006 12:00 am

Nice Article on Corporate Forensics

Good article in SC Magazine by Jim Carr on how to handle a data-stealing breach. Enterprises need to have forensics systems and personnel inplace, whether that be inside your organization or fropm an outsourcer. Either way, this article helps inform you on how to make some of those decisions.

How do you stop a criminal mind from getting into your key line-of-business systems? You probably can't, which is why Mike Jones (not his real name) keeps a computer forensics services company at his beck and call. The attempts to steal the personal identifying information on credit cards never ceases.

Jones, an investigative manager for a large U.S. financial services company (who asked to remain anonymous because of the sensitive nature of his business), relies on Cybertrust, Herndon, Va., to help him identify, forensically examine, and remediate database compromises intended to steal the information on credit cards' magnetic strips processed by his company's systems. The data-stealing breaches don't occur on his firm's systems. They actually take place on those of the retailers, restaurants and other merchants that accept credit cards as payment for goods or services.


Jones certainly isn't alone in this regard, says Michael Gavin, a senior analyst with Forrester Research. "It takes a bit of an expert to run forensics tools and know what you're doing when investigating computer-related crimes," he says.

Some of the enterprise-class computer forensics tools available include CA's eTrust Network Forensics, Guidance Software's EnCase Enterprise Forensic Edition, AccessData's FTK, NetWitness's NetWitness, and the open source Helix. They are all extremely complicated applications that require considerable training and expertise to use properly, according to Matthew Shannon, a principal with Agile Risk Management, a forensics and litigation support services provider based in Tampa, Fla.


Looking to outsource
But it often doesn't make sense to hire and keep forensics experts on staff full-time, notes Shannon. Consequently, most companies find a consulting firm they can partner with for their forensics investigations, Gavin says. PricewaterhouseCoopers and Ernest & Young, are among those Gavin points to. Others include Agile, Kroll Ontrack, Mandiant, and Neohapsis.


Keeping it inside

Still, many enterprises do keep computer forensics in-house. Just how many is open to discussion, says Forrester's Gavin.

Deploying and maintaining an enterprise-class forensics application in-house is something that requires training and a certain amount of experience, Brill says. "And, after a certain amount of time, you have to update the software, and you have to understand how the update affects how you use the software."


For full story:
http://www.scmagazine.com/us/news/artic ... gging-dirt

Don
CISSP, MCSE, CSTA, Security+ SME