Stephen is President of the
SANS is a thought leader in information security making The SANS Technology Institute one of the nation's leading graduate schools that grants Masters degrees in information security. Students are taught to be leaders with a demonstrated track record of leadership, knowledge and expertise in information technology and security.
Stephen freely admits that forensics is not one of his core capabilities, his expertise lying more in the areas of policy and management.
Do you think there are ethical challenges specific to forensic examiners or incident handlers? What do you think is the most effective method of oversight in small offices where there may only be one examiner? Would you say that strong personal ethics are more important than technical skill for an examiner/incident handler?
Do you think MS Vista's "protected kernel" and BitLocker technology will affect the IR/IH community, and if so, what will be the affect and the anticipated community response?
Every few months more data and disk encryption products become available, what do you for-see as being the next major technological push in data encryption?
Like attornies, doctors, and nurses before, Computer Forensics is just beginning the growing pains to establish itself as a profession. What can todays examiners do to best facilitate the craft becoming a profession?
Also, thanks for your support of the ISSA.
Dear Sir,
If I wanted to add Digital Forensics as a part of the existing Incident Management Framework, what in your opinion would be the best way to incorporate this?
I am a bit confused, considering the fact that many of the system administrators today, after discovering that their systems have been attacked, would first try and restore the systems; destroying vital forensic evidence in the process.
Will Policies and Procedures be the best way to address this issue?
Thanks