Newbie introduction to digital forensics Part 1.

Monday, March 08, 2010

Juan Granados

The economic and business challenges of the last year have forced changes to business priorities in many areas. For IT, increased scrutiny was placed on data leakage and security. When times are good, businesses can become distracted with new products and technologies. It is not until budgets are cut that the focus moves inward.

This shift can be very hard for IT professional who are used to the “fast paced” environment that higher IT budgets create. For IT management, the need for increased internal security can be a very uncomfortable transition. Being an ex-Police officer, this company shift was much easier for me to digest. However, I had no idea that these two “worlds” would collide so quickly.

So, what does an IT manager do when the company shifts toward a compliance focus?

You can either embrace change or be beaten by it. For me, I looked at this shift as an opportunity to increase my IT skills. What I did not expect was an increased energy and motivation for my job. Since I was not a security professional, I had to spend significant personal time learning about the industry. Thankfully, the internet and sites like Infosec Island provide excellent sources for information

Where to begin?

The answer was easy. In fact the decision was made for me by the business. My industry deals with the creation and dissemination of a significant amount of intellectual property. Many of these documents have confidential client information. The stealing or loss of this data could have significant impact on the company business. The economy challenges of 2009 gave many employees the excuse they needed to justify the “borrowing” of this data for personal gain. Either they were upset with the company or they needed the competitive edge to find a new job. Either way, company theft issues were on the rise. The ability to identify and document these situations is key to the successful future litigations performed by the company. So, I started my journey with “Digital Forensic Analysis”. 

In my next blog, I will attempt to document my process for learning about proper “Digital Forensic Analysis”. This will include the use of “Open Source” products and security certifications such as the CISSP. I hope that you will find these articles useful.
Possibly Related Articles:
Budgets Enterprise Security Security Awareness Security Training
Budgets Security Management
Post Rating I Like this!
Leon Goodwin Woah! Talk about dropping yourself in at the deep end! Digital forensic analysis is a hugely technical subject and requires an in depth knowledge of file systems and data recovery procedures, all the while complying with legal requirements for presentation of gathered data. I'm not sure the CISSP cert will help with this too much...
My recommendation to starting learning about forensic analysis would be firstly, gain an excellent knowledge of file systems and structure and secondly read up on the legal side. You can find a copy of COFEE on the web which might give you a insight as a starting point otherwise read the manuals for products like X-Ways and EnCase.
I wish you luck in your learning process and anticipate your next blog on this subject.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.