Forensic plan key to hacker prosecution: detective
Detective acting sergeant Roger Clay told conference delegates that forensics should not be ignored -- improperly collected evidence won't hold up in court.
"If an intrusion occurs, at some point a company has to decide whether to report it to police ... they can ignore it or deal with it internally, proceed civilly, or criminally," he told ZDNet Australia after his presentation. "The evidence they gathered must be ... credible."
"Without planning what to do, companies are leaving themselves open," he said.
While it's important to focus on security and preventative measures, Clay says its not always possible to keep attackers out. "A lot of companies spend a lot of money on keeping attackers out ... the reality is not all attackers stay out."
[ Read more ]
- Review: Computer Forensics: Incident Response Essentials (18 August 2002)