Latest news
Jelle Niemantsverdriet is the Principal Consultant, Forensics and Investigative Response EMEA, Verizon Business Security Solutions. In this interview he introduces the reader to the world of digital forensics and talks about computer forensics tools, privacy concerns, the fundamental differences in investigating different operating systems, and offers advice for anyone interested in learning more about computer forensics in general.Niemantsverdriet will be teaching what can be learned from investigations into confirmed data breaches at the 2011 European Digital Forensics and Incident Response Summit.
Many security professionals are curious about digital forensics. What advice would you give to those just starting out?
Start reading. There is a lot of information out there, I would recommend to keep a good balance between reading about the technical stuff, the investigative strategies and especially also about reporting. There is also a very active community on Twitter or the various forums which is keen to share experiences - as long as you show you are not afraid to do some work yourself and that you participate as well.
The field is very broad on one hand (there are a lot of devices or systems that can hold information and be used in an investigation) but can also be very detailed and specific: you can become a super specialist on forensic artifacts on a specific operating system or type of mobile phone.
And again, I keep stressing that: it is way more than just the technical side of things. Having an investigative mindset, being able to interpret and report your findings are key characteristics on top of knowing 'how things work'.
What are the essential steps involved in conducting a forensics investigation in a large organization? How do you approach such a challenging effort?
I think the main challenge is to take and maintain the 'trusted advisor' role, which stretches from providing advice on technical and investigative steps to providing crisis management recommendations. Imagine, such a company is - especially during a data breach or security incident - in crisis-mode and everybody is under a lot of stress. You are one of the few persons who deals with these situations on a regular basis and are brought min to get them through this, so be prepared for a lot of heads turning your way. And those heads are not only IT or security related, but often also HR, general management or other involved departments within the organization.
Spotlight
17% of the world's PCs are unprotected
Posted on 30 May 2012. | In a study that analyzed data from voluntary scans from an average of 27-28 million computers per month, McAfee researchers found 17% of the world is browsing the internet completely unprotected.
What's new in ISO 22301
Posted on 29 May 2012. | Currently there are many business continuity frameworks and standards around the world, but none of them have really taken the dominant position.
Trojan spyware promoted as Steam keygen
Posted on 29 May 2012. | To users looking for keygens for their Steam games, read on: we found something that will make you think twice and probably leave you steering clear of key generators forever.
New cyber weapon targets systems in the Middle East
Posted on 28 May 2012. | A new sophisticated piece of malware dubbed "Flame" has been discovered in systems belonging to users in many Middle Eastern countries and is though to have been developed by a nation state.
RuFraud scammers caught and fined
Posted on 28 May 2012. | PhonepayPlus managed to cut off a malware attack that took the form of premium SMS fraudulent apps masquerading as popular apps offered on Google Play and other online stores.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
 |
