As days pass and the cyber space grows, so does the number of computer crimes. The need for enterprise computer forensic capability is going to become a vital decision for the CEO's of large or even medium sized corporations for information security and integrity over the next couple of years. Now days, most of the companies don't have in house computer/digital forensic team to handle a specific incident or a corporate misconduct, but having digital forensic capability is very important and forensic auditing is very crucial even for small to medium sized organizations. Most of the corporations and organizations are still not aware of the risks and this can be very harmful in the long run. This paper will particularly focus on examining different aspects of enterprise computer forensics with in-house forensics capability. It will also try to clarify some of the issues that surround enterprise computer forensics.

Keywords

Enterprise computer forensics, computer crime, digital forensics.

In today's fast growing economy, a company's IT infrastructure controls a significant part of business and communication needs. The needs are obvious but often companies misunderstand or sometimes deliberately ignore the need for proper security measures to secure the company's network resources and intellectual property. A single security breach or an attack can cause great financial and reputation loss, which can be devastating for a well-known organization. As security experts are trying their best to defend against the latest forms of attacks, attackers are moving on devising plans and potentials for more sophisticated attacks. This causes growing concerns for security experts around the world. That is why organizations really have to realize the risks before an actual attack or security breach. Therefore, both internal and external threats should be considered and a significant portion of the IT budget of an organization needs to be devoted for hiring security experts and taking proper security measures. Now days, security experts prefer detecting and tracing attacks before an actual attack and they also try to motivate the organizations to think about the post attack scenario. A certain security breach can leave different trails and clues, which helps forensic experts to identify the person/s responsible for the incident. Of course, external forensic teams can be brought in and they can solve a certain case/security breach. Nevertheless, companies have to understand that this is an ongoing problem and it repeats over time. Often the company looses control of the case or hide information from the third party forensics examiners as sensitive internal issues/secrets can be revealed. Having in-house forensic team can save both time and money and it would reduce the chance of information leakage about any internal matters. Therefore, having an in-house forensic team to validate and gather information that can have forensic value will help a company to defend against attacks and prosecute attackers; as a result, save the company from financial loss. Companies and organizations that deal with sensitive customer information like credit card numbers; health records, mortgage information etc. are particularly vulnerable to attacks. Other companies no matter what type of business they do are not safe because IT is almost an essential part of every business now days. Every company deals with sensitive business information no matter how small and regardless of what business they do. Attacks and intellectual property theft is more common these days as it was couple of years ago. A company would be fortunate if they were able to recover the financial loss caused by an attack/ breach but their reputation will be at stake and what if the attack comes from an external source, which sometimes makes prosecuting the attacker even more difficult. This is where enterprise computer forensics comes in with in-house forensic experts and save a company from disaster. Forensic audits can reveal information that would be some intruder's nightmare. To be very specific, in-house forensic teams can save a company from both financial and intellectual property losses in most cases. Forensic audits are vital to analyze and validate information that enables experts to scientifically and forensically analyze and reconstruct the events that took place. This paper examines how enterprise computer forensics can help to trace and deal with attacks and intellectual property thefts when applied in-house. It will also identify some important issues related to enterprise computer forensics.