I've been working in IT for around 15 years now, and have spent the last couple of years working for an internal group doing computer forensics at a science-related corporation. My experience has been based exclusively on cases that are internal to my company.
For those of you who are consultants (contractors who get their work from a variety of firms, corporations, etc) I'm interested to hear about the kinds of cases you most typically encounter with your clients. For example, I sometimes get cases on Internet abuse at the workplace, and allegations of theft of proprietary information. What types of cases are you encountering in the consulting world these days?
Thanks as always!
I get quite a variety of cases, to name a few, fraud, violation of privacy, hacking, fraud, stalking, kiddy porn, software piracy, stealing commercial information, and recovering deleted information.
As a consultant in the US…
- Malware, lots of malware-related stuff
- PCI/breach of sensitive data
- Suspected intrusion
- Unauthorized access or use
Many times, as a consultant, I respond to incidents in which the customer simply panicked when something happened, and didn't think things through. Most of the time, these engagements are a wash, due to the actions of the first responders, or lack thereof, with respect to preserving data.
Greetings,
I'm based in the Silicon Valley and I think that leads to many of my cases involving theft of intellectual property, fraud, and hacking.
-David
All over the map, actually. Among the cases that I have had in the past two years
Phishing schemes where there were substantial monetary losses
Theft of Intellectual Property
Copyright Violation
Spoliation of Evidence/Wiping
Sexting/cell phone evidence of CP
Identity Theft
Breach of Contract
Recovery of personal data for use by a forensic psychologist in a wrongful death lawsuit
Recovery of personal data for use by a forensic psychologist in a murder case
Recovery of personal data for use in a child custody case
Malware analysis
Identification of a BOTNET
Probably the most common that I see that doesn't involve a complete investigation is preservation of evidence in anticipation of discovery motion or lawsuit. The 2006 changes to the Federal Rules of Civil Procedure are much specific regarding the duties of parties to preserve evidence and what is considered a "Safe Harbor" is much narrower. As a result, I often get calls from lawyers who want systems preserved, forensically, but with minimal impact on the day to day operation of the business. Many of these never end up going to court.
Thanks for the input everyone!