AOH :: IS1107.HTM

Investigations: Merge Ahead

Investigations: Merge Ahead
Investigations: Merge Ahead

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By Malcolm Wheatley
CSO Online
September 10, 2008 

Not long ago, the legal department at a financial services company in 
New York got a phone call from a hospital in London. The query: Why are 
you hacking us? With two known IP addresses, it wasn't difficult for the 
financial firm's information security staff to go back through the logs 
looking for traffic between the two organizations. And with the traffic 
identified, locating the computer from which the hacks were taking place 
didn't take long, either. The culprit: an individual who=E2=80=94as their human 
resources records soon confirmed=E2=80=94had formerly worked at that very 

Ah, the good old days. As investigations go, says Winn Schwartau, 
founder of security awareness certification company SCIPP International 
and an information security expert who has testified before Congress, 
the hospital hack was an increasingly rare example of a fast-dying 
breed: a pure infosec forensic investigation, carried out digitally.

Of course, apprehending the suspect in such a case, or seizing physical 
evidence, requires a whole new dimension. And that's why CSOs and CISOs 
increasingly report that purely "computer" investigations, like the 
hospital hack, are a thing of the past=E2=80=94as are purely "physical" 
investigations. Pretty much every significant investigation these days 
now includes elements of both, whether the case at hand requires 
face-to-face interviews, forensic accounting, e-mail discovery and 
review, computer and network forensics, cell phone records, video 
surveillance analytics, access-card logs, inventory audits or all that 
and more. So in such an environment, how can CSOs and CISOs staff, train 
and prepare for such "blended" forensic investigations to be effective? 
What are the areas to concentrate on, and where do the pitfalls lie? And 
how, in short, can security navigate this blended investigative world?


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 

Site design & layout copyright © 1986-2015 CodeGods