Richard Stiennon has an interesting weblog post on computer forensics. He views forensics as a last resort or to quote the piece “Forensics is the back side of security.” According to Dennis Portney of the firm Security Forensics Inc. “99% of the time the forensics experts have to be called in it is because existing policies were not enforced. Downloading hacking tools, disk erasure, and the use of thumb drives to walk off with critical data are all things that can be protected against.” While I don’t dispute these sorts of things can be protected against, people will always find a way irrespective of the technologies in place. I have found that the spectre of forensics will often go a long way to dissuade people from attempting to try something devious. “My take is that it would be extremely valuable for IT security practitioners to get up to speed on forensics, even walk through a dummy scenario.” This great advice. I routinely practice on mock up scenarios on systems in the lab to keep up to speed on forensics. There is a slew of products out there in the computer forensic space not the least of which is EnCase from Guidance Software (and no, they don’t pay me to say that).
[tags]EnCase, Forensics, Computer Forensics, Weblog, Hacking Tools, Disk Erasure[/tags]