Large Scale Network Forensics - Itís not just for Law Enforcement Anymore
by Melisa LaBancz - IT Journalist - Thursday, 20 March 2003.
Computer forensics have hit the big time. A previously "superniche" technology, forensics have moved into the collective consciousness of IT sys. admins. and Corporate CSO's. In recent months (late 2002-early 2003), I have seen more articles addressing the use and definition of corporate computer forensics than ever before. I've seen a general acceptance of investigative software as a useful tool for keeping the enterprise internally secure.

Much has been made of firewalls, VPNs, smartcards, and biotechnology. These things are important of course, but how are companies investing in protecting their internal security? Threats from within make up a good percentage of identity theft (read: NY Horse Racing Association scandal), credit card fraud, proprietary information theft, harassment, and intellectual property violations. All very serious business indeed. I am positive that most high tech Human Resources departments do not employ a forensic investigator, nor is it likely that there exists the appropriate funding for IT admins. to attend forensic training.

Proper tools and training are definitely important. Understanding the methodology behind forensic investigations is even more important. I'd go toe to toe with anyone that thought they could purchase a bargain forensic toolkit and do a decent job of it. It's just not comprehensive enough. Then again, what is "enough?" There are many determinants to deciding on appropriate investigative tools: How secure do you want to be? What exactly are you looking for? Do you need to monitor crucial business functions like Accounting and Finance? Is leaked information in Software Engineering a cause of concern? Are PCs and laptops properly investigated for signs of abuse when an employee has left or been terminated?

These are questions that beg consideration. The "threat" to corporate security is not waiting around the outside of the parking lot day after day. Sometimes, yes. More frequently, it's internal. Multi-national companies pose an interesting challenge in that there are hundreds, sometimes thousands of people networked together, making the ability to respond to threats in real-time and from a remote location, increasingly important.

Privacy Issues?

I've spent a good deal of time following the privacy concern issues behind the use of computer forensics in the corporate environment. The fears have been common enough and yet, they seem to stem from a misunderstanding about what forensics can and cannot do. As an employee of any company, you sign documentation to the effect that all company systems, data, inventions on behalf of the company, etc., are property of the company. At least, this is the way North America does business. In knowing and embracing your status as a company employee, you understand that nothing on your desk (save for some pictures, weird objects and a cup of coffee), belong to you. However, this is fundamentally the very first thing that's forgotten when arguments are presented. How can your company "spy" on you? Well, they aren't spying, they are monitoring the data and work flow of their organization. Shouldn't any company in these scary economic times want to assure that it is operating at the most efficient and secure levels possible? If you, as the loyal employee to "Company X", are not in any violation of company policies, then the ad-hoc monitoring of your network communications and actions should not concern youÖor should it? Depends on what you're up to.


MagSpoof: A device that spoofs credit cards, disables chip-and-PIN protection

The device can wirelessly spoof credit cards/magstripes, disable chip-and-PIN protection, and predict the credit card number and expiration date of Amex cards after they have reported stolen or lost.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Nov 26th