Michael Roberts of Mile2 Discusses Computer Forensics
Digital Forensics Training - Not Just for Cops
Having been involved in the IT Security Education space for some time I have found that it is a common misconception that Computer Forensics training is only for Law Enforcement. On the contrary, the FBI is currently so backlogged with computer related criminal cases related to terrorism and big crime that they will often pursue only serious felony cases. Even if the FBI decides to take on a felony case it can be subsequently shut down by their local US Attorney whose case load is so heavy that they cannot handle additional cases despite FBI's willingness to pursue.
Our team experienced this exact scenario two months ago despite unimpeachable evidence of unauthorized access by an individual to a bank account which resulted in a wire fraud of more than $100,000 as well as illegal interceptions from an "efax.com" fax service and unauthorized access to Yahoo Briefcase accounts. This only leaves local or county law enforcement authorities who, despite best intentions, often do not have the sophistication or skills required to prosecute a computer crime case; and if they do, lack of quality training can result in the evidence being corrupted due to improper chain of evidence procedures.
These problems leave the frontline network administrators in a frustrating situation with obvious crimes often going unpunished. Whereas, if organizations invested modestly in basic "first response" training for their network staff, then evidence can be preserved and documented in such a way that it can be admissible in criminal or civil actions. Successful actions serve further as a deterrent to would be hackers who will often choose "soft targets."
Legal actions are the most obvious benefits of effective Computer Forensics training, and effective forensics capability can be built in-house for a very reasonable investment. These skills can contribute significantly to effective security policies and implementation for a given enterprise because the knowledge gained can better identify "what went wrong" in any IT problem, whether it is caused as a result of malicious actions from within or without, or from an innocent glitch or rash action.
Original post : http://www.mile2.com/Michael_Roberts_Mile2_Digital_Forensics.html .