{"id":197,"date":"2008-10-26T00:00:00","date_gmt":"2008-10-26T00:00:00","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2008\/10\/26\/forensic-teams-take-on-hackers\/"},"modified":"2021-12-30T11:36:43","modified_gmt":"2021-12-30T11:36:43","slug":"forensic-teams-take-on-hackers","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2008\/10\/26\/forensic-teams-take-on-hackers\/","title":{"rendered":"Forensic Teams Take On Hackers"},"content":{"rendered":"

The sophistication of today’s cybercriminals is evidenced by the 2008 CSI Computer Crime & Security Survey’s results indicating that stealthy, highly targeted attacks have gone from hypothetical a few years ago to a significant problem today. Because attackers are primarily motivated by financial gain, as soon as they have your data, it’s being converted into profit by selling identities and corporate secrets and draining bank accounts.<\/p>\n","protected":false},"excerpt":{"rendered":"

Speed is vital, so the time may be right to assemble a forensic SWAT team trained to locate high-risk threats, armed with the latest investigative software, and empowered to work directly with legal counsel to report breaches in accordance with policy.<\/p>\n

Acquiring evidence in a forensically sound manner isn’t difficult with the proper tools and training, but policies and procedures must be put in place that ensure the repeatability, accuracy, completeness, and verifiability of evidence as proscribed by the Federal Rules of Evidence. In addition to clearly written policies, there must be a forensic methodology that’s followed for acquiring, handling, and analyzing evidence.<\/p>\n

AccessData, Guidance Software, and Mandiant are at the forefront of producing enterprise versions of robust, collaborative incident-response and forensic tools. Both AccessData’s and Guidance Software’s suites allow for remote access to computers so investigators can retrieve details from running systems. Mandiant’s Intelligent Response has comparable capabilities but is more focused on incident response. Agile’s F-Response product allows investigators to mount Windows hard drives and physical memory remotely and in a read-only manner so they can perform forensically sound “live” analysis of running Windows systems. The remote systems’ hard drives and physical memory appear as normal attached drives to the investigator’s system, allowing IT to use any forensic product for analysis.<\/p>\n

Every enterprise forensic tool has added memory imaging capabilities in the past 12 to 18 months, with varying capabilities for in-depth analysis of acquired images.<\/p>\n

The Volatility Framework is an open source tool leading the way with its ability to list running processes, open network ports, and files opened and DLLs loaded by each process; it can also extract executables from memory for further analysis.<\/p>\n

http:\/\/www.informationweek.com\/news\/security\/management\/showArticle.jhtml;jsessionid=BRQVSY1YF4EB4QSNDLPCKH0CJUNN2JVN?articleID=211600249<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-197","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=197"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/197\/revisions"}],"predecessor-version":[{"id":2684,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/197\/revisions\/2684"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}