±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34298
New Yesterday: 0 Visitors: 241

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

RSS Feed Widget

±Latest Webinars

How efficient computer forensics

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
Go to page 1, 2  Next 
  

How efficient computer forensics

Post Posted: Mon May 21, 2018 1:11 am

I work at one institutional hospital as a medical record officer. Recently everyone talks about internet of thing(iot) and also change environment of managing medical record from paper to electronic.

I already doing the benchmark at another hospital that apply Electronic Medical Record(EMR) and knowing that EMR is more efficient than using paper. Unfortunately, the future challenge that we need to face when use fully EMR is prone to cyber crime such as attacking unknown virus from outsider.

But how efficient computer forensic help in solve the problem when medical data invaded by someone?

Please anyone explain to me to make it clear.  

Linda
Newbie
 
 
  

Re: How efficient computer forensics

Post Posted: Mon May 21, 2018 3:11 am

- Linda

But how efficient computer forensic help in solve the problem when medical data invaded by someone?

Please anyone explain to me to make it clear.


It is absolutely inefficient.

Computer Forensics happens only AFTER an incident happened.

The scope is to find out:
WHO invaded the medical data
WHEN the medical data was invaded
HOW that happened

Of course from the HOW a past incident happened you can learn how not to make that particular incident happen again, but nothing more than that.

You are looking for other fields, data and network protection, operating systems hardening, penetration testing, etc.

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 

jaclaz
Senior Member
 
 
  

Re: How efficient computer forensics

Post Posted: Mon May 21, 2018 6:38 am

- Linda

But how efficient computer forensic help in solve the problem when medical data invaded by someone?


The answer is, it depends.

As has been pointed out, computer forensics is reactionary, but to answer your question, it depends upon how systems were set up. Many computer systems and applications are capable of logging significant data, but as an incident responder, I have rarely seen an instance in the private sector where systems were configured to meet the needs of a computer forensic investigation.

Ideally, what you'd want to do is start by protecting the information as best as possible...role based access, permissions, etc. If the information is in a database, do not allow direct access to the data; instead, require that all data requests go through a stored procedure that logs the request, etc.

Then, enable logging of those items that will help you "solve the problem".  

keydet89
Senior Member
 
 
  

Re: How efficient computer forensics

Post Posted: Mon May 21, 2018 11:02 am

- Linda
But how efficient computer forensic help in solve the problem when medical data invaded by someone?


Well, if the patient dies because someone decided to alter the prescription... not much. IT-forensics does nothing to prevent incidents, except to let you learn from it so it (probably) wont happen again.

In my book, forensics should be part of an IR team, threat hunting, pentesting, security engineering that all work together around a security operation center. That is my definition and it is far away from the more common perception of "let's hire a bunch of monkeys who sit and stair at logs".

There are ways to increase an organisations resilience to incidents, but it does not involve writing word documents. You need backups, integrity checking, dual sign off (etc). Practical hands on preventive work and redundancy to prevent a nightmare for patients because some IT incident happened.

Just look at what happened at the NHS when the ransomware hit about a year ago, patients had their surgery cancelled because systems were down, and no (pardon my choice of language but what happened back then still pisses me off) f--king paperwork could have stopped that.

So stop hiring compliance monkeys and start fixing IT-security for real. Compliance is the lowest form of mandatory security, it's the equivalence of a "one size fits all" sock. To get a reasonable degree of security you should have a team of security people working continuously on upping the game against real adversaries (pentesters can help, but they are not what you are up against).

It may be a bit to take in, but IT-security isn't a beginners game and security has been a low priority pretty much everywhere in the world up to now.  

MDCR
Senior Member
 
 
  

Re: How efficient computer forensics

Post Posted: Mon May 21, 2018 12:36 pm

- Linda

Please anyone explain to me to make it clear.

Again a student from Malaysia, who tries to get answers for his or her study related homework. And again she tried it first at "ComputerForensicWorld" without success. I am not sure she is a female, it is more likely that even name and sex are fake.  

Bunnysniper
Senior Member
 
 
  

Re: How efficient computer forensics

Post Posted: Mon May 21, 2018 12:58 pm

- Bunnysniper
Again a student from Malaysia, ...


I even seem to remember someone asking something fairly close to this question last year. Let's see ... yes, NadiaH.

May not even be a student ... may be someone trying to find and sell 'the right answer' of the year to students.

I wonder ... could we smuggle in some strange word into an answer, which a clueless cheater would not detect, but which might tell an examiner that this is not above board? A kind of canary? We could stress the importance of pandiculation in professional forensic work, perhaps? (No, too obvious ... it shouldn't be that susceptible to googling ...)

(Dashiell Hammet did that with one or two of his detective stories -- used one obvious word that he expected his editor to see, and remove as offensive, and another that seemed innocuous, was less amenable to detection by clueless editors, and that would remain and light up the lives of future non-clueless readers ... See www.miskatonic.org/gooseberry.html for some literary forensic work. Smile  

athulin
Senior Member
 
 
  

Re: How efficient computer forensics

Post Posted: Mon May 21, 2018 1:11 pm

- athulin
- Bunnysniper
Again a student from Malaysia, ...


I even seem to remember someone asking something fairly close to this question last year. Let's see ... yes, NadiaH.


This time i did not step into the case Very Happy
But last time i did and gave a quite comprehensive answer.  

Bunnysniper
Senior Member
 
 

Page 1 of 2
Go to page 1, 2  Next