Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

7/17/2019
08:00 AM
Connect Directly
Facebook
Twitter
RSS
E-Mail

The 10 Essentials of Infosec Forensics

Whether it's your first investigation or 500th, review the basics of IT forensics to streamline and simplify your discovery.
2 of 11

1. Know the Investigation's Intent
Maybe you already know an incident is so egregious that your organization plans to prosecute those responsible. More on legal issues in a minute, but suffice it to say that the legal action will dictate both process and tactics. 
But not every forensics investigation will have the same purpose - or trajectory. It's not always obvious where to begin. 'What questions am I trying to answer, and is this process key to getting the answer?' Motorola's Rushing asks. If there's a faster way to get to the same information, use it, he adds. This is where pragmatism and a little ingenuity come in handy.
(Image: Stepan Popov - stock.adobe.com)

1. Know the Investigation's Intent

Maybe you already know an incident is so egregious that your organization plans to prosecute those responsible. More on legal issues in a minute, but suffice it to say that the legal action will dictate both process and tactics.

But not every forensics investigation will have the same purpose or trajectory. It's not always obvious where to begin. "What questions am I trying to answer, and is this process key to getting the answer?" Motorola's Rushing asks. If there's a faster way to get to the same information, use it, he adds. This is where pragmatism and a little ingenuity come in handy.

(Image: Stepan Popov stock.adobe.com)

2 of 11
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
The Edge Cartoon Contest: Need a Lift?
Flash Poll