1-)What a forensics team might contribute to a company?
2-)How they will help the company fight "digital" crime?
3-)How they will help to protect the company from future "attacks"?
4-)How they might help in recovering/destroying leaked information?
5-)How with the advancement of technology more and more sensitive information is present on the internet and that this trend will keep going upwards and more digital forensic specialists will be needed to counteract the spread of the digital information?
Could you please explain and give some websites related to this question?
Thanks in advance,
OP edited original post, so deleted my old comments.
1-)What a forensics team might contribute to a company?
2-)How they will help the company fight "digital" crime?
3-)How they will help to protect the company from future "attacks"?
4-)How they might help in recovering/destroying leaked information?
5-)How with the advancement of technology more and more sensitive information is present on the internet and that this trend will keep going upwards and more digital forensic specialists will be needed to counteract the spread of the digital information?
Could you please explain and give some websites related to this question?Thanks in advance,
I'm going to quote your post. Generally I don't do that because it's a waste of space, but since you changed your question once already, I'm going to preserve the questions that I'm answering. General forum etiquette is that if you change your mind about what question you are asking, you make a fresh post so that answers to your original question don't look out of place.
1. Provision of an internal investigative and compliance function relating to your digital resources. This answer assumes that you are talking about a regular company, and not a company with an investigative or forensic function.
2. Forensics helps provide evidence to support a successful prosecution of offenders.
3. If forensic examination of for example an intrusion shows a particular vulnerability, that information can be used to plan better security for the future.
4. Forensics doesn't destroy leaked information. The destruction of information is contrary to everything that forensics stands for. Forensics is about the preservation of evidence. As for recovery, evidence found during examination may provide leads to an investigator which help identify a person or location with leaked info.
Question 5 is overbroad, and frankly if you want websites, I'm going to do a Harlan here and tell you to go spend some time on Google. (No offense Harlan.)
Thanks you very much.
It is very clear explanation.
Just to be clear, forensics is from the Latin, forensis meaning forum, and while its original use was far more general, today the term replies to the application of science and scientific knowledge to the law or issues facing courts of law.
That is not to say that forensic investigative techniques cannot be used in non-legal settings, but forensics should not be confused with incident response, intrusion and extrusion detection, malware analysis, amd all of the other areas of information technology dealing with the security and integrity of digital devices and networks.
Many of the issues that you raise are not exclusive to or necessarily relevant to forensic IT, but the forensic investigator is not simply trying to find the answer nor is he/she trying to mitigate the effects of future events. Rather, the forensic investigator must obtain, handle, analyze and report on his or her findings in a manner which would be consistent with the presentation of all of these to a court of law.
As a forensic investigator I, and I suspect many others, have often times worked directly with internal incident response teams to assist them in the process of conducting their investigation in a manner which might need to be admitted to a court of law. The incident response team is most interested in limiting the damage whereas the forensic investigator often needs to balance immediate action against the need to preserve certain information for judicial purposes.
Hi April,
It sounds like you may be writing a report for school and it may be too late but it may help to tell you what we do where I work. I am a member of a small Information Security Office for a large state govt. agency. We are a four person office supporting 25,000 employees with 10,000 desktop computers and 3,000 laptops. We have personal, financial, medical and legal information to protect on our network and workstations. Our boss is an auditor and information security manager and comes from that background. My two co-workers and I form a three person team. One handles infrastructure dealing with the switches, servers and applications and she interfaces with the people who work on those. The other handles database security, personal information and network incident response. I do computer forensic investigations, desktop security and workstation incident response.
Together we have a good team and have pretty much all the bases covered. We keep busy and would like to hire a couple more people eventually when the budget crisis has ended. We cross train each other also so that our skills will orverlap.
There is a gray area between computer incident response and network incident response and it is easy to confuse the term forensics but there is both a similarity and a difference between computer forensics and network forensics. Computer forensics is ususally looking for evidence of wrongdoing but can be looking for evidence of intrusion like an attack by spyware. Network forensics is usually in response to an attack by an intruder or malware but can be looking for evidence of wrongdoing. It is as if they start out at opposite ands and work there way toward the middle where they meet.