Corporate Forensics...
 
Notifications
Clear all

Corporate Forensics - OMG!

34 Posts
12 Users
0 Likes
2,558 Views
whitecap
(@whitecap)
Posts: 16
Active Member
Topic starter
 

Is it just me or is it a pain setting up Computer Forensics in the corporate enviroment? After (too) many years in LE I took the plunge and followed the money into the corporate world. Now before I start just let me say I AM enjoying it but feel incredibly frustrated!

So, main gripes

Everything happens so sloooooowly! - In LE if it needed doing it was done, no if's, no buts.

The lack of teamwork. - -Do I need to say more?

How many times do I have to say…….? - Getting sick of telling Directors/Managers why we HAVE to introduce evidence handling procedures.

Obstructive IT departments/managers! - What is it, are they jealous of the fact that someone who has lived/worked in the real world, (as opposed to university), is accessing THEIR network!

Trying to explain…..! - Why, after the company has invested LARGE sums of money in a forensics package do I have to continually justify the purchase of equipment to ACTUALLY CARRY OUT INVESTIGATIONS!…..Ahhh I know, nobody asked anyone with forensics experience to actually spec the purchase, it was left to the IT department.

And….of being told, all the time, don't worry about 'forensicy stuff' it'll never go to court/tribuneral/anything!

Anyone else with similar experiences?

 
Posted : 05/03/2007 5:47 pm
deckard
(@deckard)
Posts: 77
Trusted Member
 

Well…..
Welcome to the world of corporate. What you are describing is fairly typical. It's a jump that keeps a lot of ex LE guys from functioning well in the corporate environmnet, not in just in CF but in security and PI as well.

The primary goal of LE is to enforce law as well as do things that make the public feel safe. The primary goal of the corporate world is profit and shareholder happiness.

When a private concern has a incident, profit considerations will rule the response. Same with planning, staffing and outfitting the CF dept.

CF is seen in most cases as a necessary evil that is required by compliance issues, not as a moral or enforcement tool of policy. The guys in charge want to fix the problem, get all systems back in operation, keep from having expenses, maxmize revenue and handle any employee isseues quietly without LE involvement. And yes, most if not all corp CF issues will never end up in any kind of court, by choice of mgmt.

FWIW, that has been my long term experience working as a consultant to corps in CF and IR.

 
Posted : 05/03/2007 7:11 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

I'll second most of that (on the corporate side). Any regrets, whitecap?

Jamie

 
Posted : 05/03/2007 7:34 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Whitecap,

It appears that while you've physically made the move to corporate, you still need to change your mindset, as well.

In the corporate arena, there is no "you must to this"…in some cases, even if the CEO says this, it still isn't the case. The requirement is often things like profits, or other external factors such as Visa PCI, potential for (negative) public exposure, fines, etc. Regulatory organizations and compliance issues play a big part, too.

Good luck,

H

 
Posted : 05/03/2007 8:11 pm
(@andyfox)
Posts: 43
Eminent Member
 

Hi Whitecap

good topic - most of our business comes from LE but we are slowly doing more corporate work but the issue we find is that companies don't really want to admit they have a problem and there are two reasons for this. If the are a big company then forensics is all about damage limitation - eg theft of data, databases, dox etc - they don't want to be seen to have a problem - the second is that is they have been defrauded through ecommerce or hackers etc then they don't want mto have to admit to have to spend more moeny on new or upgraded security.

I always look at the UK banking industry as the example - fraudulent activity costs UK banks well over £250 million per year but, unfortunately this isn't enough for them to lose. The technology is available to wipe out fraud it just that the costs of installing/rolling out + the fraud bill is just too small for the banks to get enough of a fincial benefit back. Eg if they are only going to save £300 million and new systems cost £50 million then to them there is really no point when they are making £10billion worth of profit anyway - you get my drift?

 
Posted : 05/03/2007 8:58 pm
whitecap
(@whitecap)
Posts: 16
Active Member
Topic starter
 

Thanks for the replies guys,

Guess I am just having a bad day today! I appreciate the business reasons for not taking things to court/tribunals but this, (IMHO), does not mean that we should not apply similar procedures to those used in LE. After all, how embarrassing will it be to stand in front of a tribunal/judge, shrug your shoulders and explain why the evidence requested is not available. I think it was $23 million that that explanation cost UBS.

No Jamie, no regrets at all, it was time to move on.

Oh well………once more into the breech!!

 
Posted : 05/03/2007 9:25 pm
(@andyfox)
Posts: 43
Eminent Member
 

I don't think anyone is saying apply alternative procedures or process it's just the buy in from the client in where the problem is.

 
Posted : 05/03/2007 9:35 pm
deckard
(@deckard)
Posts: 77
Trusted Member
 

I'll back up what Andy says. I turn down many engagements because the potential client wants me to compromise good fornesic procedure. They have a right to not do it the right way, but I have a right NOT to do it that way. I too understand their profit and PR motives, and applaud their right to hold them, but if I compromise for them every opposing attorney in the land would bring that up at my next court appearance bringing into question my methodologies.

Bill

 
Posted : 05/03/2007 9:49 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

> I appreciate the business reasons for not taking things to court/tribunals but
> this, (IMHO), does not mean that we should not apply similar procedures to
> those used in LE.

There's no reason to not follow the standards for such investigations, but not every investigation in a corporate environment is going to require that level of investigation.

One thing that many LE investigations do not address is a live response.

Harlan

 
Posted : 05/03/2007 10:46 pm
hogfly
(@hogfly)
Posts: 287
Reputable Member
 

Corporate forensics is all about operations. Rarely do companies worry about prosecution. It's about meeting business need, getting the company back on line and making money. It's not so much about the procedure as it is about results for companies, unless they are threatened by a government agency or compliance requirements. Investigations will generally only go so far as to identify how much money was lost and how bad the damage is.

In my experiences I've been asked to do several things
I've been asked to destroy evidence
I've been asked to lie
I've been asked to ignore data
I've been asked to not do certain things that would otherwise make the client look bad.

Welcome to corporate forensics and incident response.

 
Posted : 05/03/2007 10:57 pm
Page 1 / 4
Share: