Setting up for forensics

Wednesday, 30 July 2003, 7:52 PM EST

You have just been hacked! What do you do next? Many experts say to take forensic evidence. However, if you are not prepared to take this evidence, you may be in worse shape than you realize. Following proper evidence-gathering techniques is critical to preserving the scene of the crime. Just watch an episode of CSI and you can see how complex this can get. With computer systems, the same care must be taken.

Assume that any critical system will be hacked. What do you need to do to ensure that you can gather the evidence and quickly determine the damage, method, and motive of the hack? The goal of this article is is to create a CD-ROM of forensic tools and databases for use with your systems, and also outline some methods to collect forensic evidence from production systems.

Keep in mind that there are many ways to go about this task. When employing any of the techniques and tips covered by this article, first consult your IT department. Preparing for forensics can be a time- and disk-intensive operation. Be aware that security tools themselves may cause issues, and that you should get permission before progressing.

[ Read more ]

Related items


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Thu, Feb 11th