±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34479
New Yesterday: 4 Visitors: 144

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

DATA BREACH: CULPRITS STILL GET AWAY!

Discussion of legislation relating to computer forensics.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

DATA BREACH: CULPRITS STILL GET AWAY!

Post Posted: Mon Oct 30, 2017 9:33 pm

Symantec (ISTR) 2016 Report has shown that for the last 8 years more than 7.1 billion identities has been exposed in data breach. Year 2016 also has been witnessed of few notable targeted attack incidents such as destructive malware used in cyber attacks against power station in Ukraine in January 2016.I'm attached security -cum-forensic agency and I'm perplexed with the Law & governed the Digital Forensics. The big question is why the culprits seemed to be always get away with the crime? Aren't the existing Law strong enough?
 

afifasyakila
Newbie
 
 
  

Re: DATA BREACH: CULPRITS STILL GET AWAY!

Post Posted: Tue Oct 31, 2017 2:29 am

For cyberlaw questions you may get in touch with www.nelson.law/  

RolfGutmann
Senior Member
 
 
  

Re: DATA BREACH: CULPRITS STILL GET AWAY!

Post Posted: Mon Jan 22, 2018 8:29 am

Data breach attackers not being caught: there are a lot of reasons including:

1) Law enforcement focus/resources. The FBI has 600 technical agents worldwide; there just aren't enough of them to look at any but the largest cases, in general.
2) IT and forensic screwups. IT, even when they're not directly involved, have hosed many, many sets of evidence. And our personal experience is that IT is involved in a significant number of cases. We've also seen Big Four consultancies hose up evidence; we had a large case in 2016 where the Big Four firm literally lost 6 of 30 PC evidence images, and another 7 were contaminated in some way: image was truncated, a 2nd image was put on the storage medium (integrity), file dates were showing activity 6 months after acquisition date (breaking chain of custody), and mismatches between chain of custody docs and hardware (labeling wrong, serial number wrong, etc).
3) Failure to log. Cloud is great, but cloud with no preservation of logging after VMs are terminated is not so great.

If you look at a number of the breaches, however, oftentimes the failures occurred much earlier.

Experian, for example. While failure to identify and patch the Struts vuln was the proximate cause for that breach, the true failure was the organizational failure to segment that customer service database. It is pure laziness that permitted decades of customer service calls to be stored in the active customer service database - which is why that breach was so large.  

c1ue
Newbie
 
 

Page 1 of 1