Setting up for forensics
You have just been hacked! What do you do next? Many experts say to take forensic evidence. However, if you are not prepared to take this evidence, you may be in worse shape than you realize. Following proper evidence-gathering techniques is critical to preserving the scene of the crime. Just watch an episode of CSI and you can see how complex this can get. With computer systems, the same care must be taken.
Assume that any critical system will be hacked. What do you need to do to ensure that you can gather the evidence and quickly determine the damage, method, and motive of the hack? The goal of this article is is to create a CD-ROM of forensic tools and databases for use with your systems, and also outline some methods to collect forensic evidence from production systems.
Keep in mind that there are many ways to go about this task. When employing any of the techniques and tips covered by this article, first consult your IT department. Preparing for forensics can be a time- and disk-intensive operation. Be aware that security tools themselves may cause issues, and that you should get permission before progressing.
[ Read more ]