Computer forensics paradigm

Networking/Security Forums -> Computer Forensics and Incident Response

Author: qazi PostPosted: Fri Jul 23, 2010 4:06 pm    Post subject: Computer forensics paradigm
i find myself in an awkward position working as a security engineer for my company. The reason for confusion and disarray is mainly due to the reason my company has recently decided to hire the consultancy of a computer forensics company to do their digital artifact identification and analysis.

This decision came when the company security department exists as an logical entity and is still working working on blue-prints and design to develop information security infrastructure for the entire organization. This includes risk analysis, vulnerability assessment and lot others sec assessment exercise(s). The department is not even mature to the point where it could afford additional task of computer forensics. So to me and my fellow engineers this came as a shocking surprise.

There is no existence of log motoring / auditing capability existing to facilitate such an effort. Even the basic level of log monitoring e.g local sys logs, syslog is not operating. Even more important there is no process defining incident response and reporting procedure.

In the backdrop of such disarrayed situation of security is calling the forensics guys a bit too early for the organization.? We are preparing a case for the management to disown and completely reject any proposal of adopting and exercising computer forensics capabilities at this point.

To what i heard that the company was able to convince the management by creating this security hype / scare that you network,services and system are under great threat and risk is all time high. Call it an effective sales pitch success or our senior mangers disillusioned state of security but they have some how miraculously convinced all concerned stakeholders to adopt their solution so they could mitigate those threats and make the organization risk free.

We have a meeting (internal) coming up in next time and we are been given the task by our manger to come up with strategies and good discussion point which we can be used to convince the higher management to dis-announce the entire idea of forensics analysis at this time.

How could you effectively handle this situation.?

1) could you guys provide me some architectural designs which would help me understand where the forensics lies in the entire security landscape for the organisation.

2)Does the realm of vulnerability and threat analysis comes under the realm of computer forensics. What i have heard that these guys would be carrying out some test which would help the organization to have an idea of their security posture / index. Explaining through digital artifacts the state of information and how is it possible to make use for possible exploitation.? is computer forensics eating their way out in domain vulnerability analysis and pen testing?

3) What are the list of prerequisite a company should have in place in terms of technology and standards before calling up computer forensics.

4) What are disadvantages for calling up forensics for an ill-prepared

Other than these basic question kindly help with information which help me build my case make sure that considering i have to pitch my case with the management it doesn't have to be too technical for their appetite. TERMS like ROI and risk analysis would really hit home Smile

Thank you Kindly help

Author: srohrbachLocation: San Diego PostPosted: Fri Nov 19, 2010 9:11 pm    Post subject:
Sorry, no architecture to provide, but just some thoughts. I would do as your management has done, and perhaps only added a little more communication up front to you than you have indicated they provided. For many reasons I would have third party professionals who are not payroll employees as my eyes and ears. I have even advised managers to find these outside consultants prior to hiring system and security architects and sysadmins. I have also advised to use both stealth and plainly visible individuals on a case by case basis. I am a strong believer that security serves the business model. From your posting, it seems you are a very communicative person with a very high level of concern for security, a true professional. However, too many security people create ivory towers around themselves and try to change, alter or influence the business model too much or do not communicate from behind the locked gate of the tower. Also, I am a strong believer in auditing the system admins and architects, and then auditing the auditor. In most corporations, there is too much at risk to take anything for granted in information security.

Networking/Security Forums -> Computer Forensics and Incident Response

output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group