±Forensic Focus Partners
New Today: 1
New Yesterday: 7
· Can You Get That License Plate?
· How To Decrypt WeChat EnMicroMsg.db Database?
· A guide to RegRipper and the art of timeline building
· Recovering Evidence from SSD Drives in 2014: Understanding TRIM, Garbage Collection and Exclusions
· FT Cyber Security Summit 2014 – Recap
· Why Offender Profiling is Changing Thanks to Mobile Forensics and Increasingly ‘Social’ Criminal Activity
· Understanding Cyber Bullying – Notes for Digital Forensics Examiners
· Investigating the Dark Web – The Challenges of Online Anonymity for Digital Forensics Examiners
· The Complete Workflow of Forensic Image and Video Analysis
±Follow Forensic Focus
7Safe UK Security Breach Investigations Report 2010
The UK Security Breach Investigations Report, supported by high profile organisations SOCA (Serious Organised Crime Agency) and the Metropolitan Police’s Police Central e-Crime Unit, is available in digital format free of charge from www.7Safe.com Breach Report
7Safe is a leading Computer Security and Forensics consulting firm offering a diverse portfolio of services in the fields of computer forensics, Incident Response, penetration testing, PCI DSS compliance and audit, eDiscovery / eDisclosure, and IT security training & certification.
To find out more, please visit 7Safe
- Mogyin what makes for fascinating reading.
It does make for some fascinating reading, thanks.
However, and with all due respect for the Authors, I can find in the report conclusions very little beyond the "normal common sense" that any IT managing a site/web resource managing sensible data should already have of should have been thought the very first day of the "basic course" he should have attended (I am talking about the twelve requirements).
I am a bit perplexed by the contents of page 20.
I have the impression that most people will simply look at the very nice chart stating that 36% of attacks came from Vietnam and 29% from U.S.A. and, completely avoiding reading the actual text, from which it is clear the absolute lack of connection between the pie and the actual origin of the attacks, draw "false" conclusions.
Since 62 is already a very small sample to draw statistical data from, and the number of cases where an actual trackback was performed (the exact number of which is not specified, but that is clearly a very small sub-set of the 62 cases total), I don't think that the data so well rendered graphically is anywhere near an actual representation of the provenance of the attacks.
Maybe the disclaimer about the chart only representing (mostly) just last "hop" should be given more evidence, to avoid "speed readers" get the "wrong" idea (that most the "bad" guys are either in the US or in Vietnam instead of the only conclusions one can draw, which is IMHO that - for reasons unknown - servers or PC's in U.S.A. and Vietnam appear like more easily accessible/exploitable).
- Senior Member