This article can also be found in the Premium Editorial Download "Information Security magazine: Top forensics tools for tracking down cybercriminals."
Download it now to read this article plus other related content.
Forensics is becoming an integral part of ensuring compliance with the top regulations affecting organizations: SOX, SB 1386, GLBA and HIPAA.
SOX section 404 outlines management's responsibility pertaining to financial controls and requires that any shortcomings in these controls be reported; section 802 forbids intentional destruction or modification of financial or operational records; section 301 covers how organizations must handle fraud complaints and investigations. Case law has established that forensics is an important component of investigating this type of fraud because it provides a reliable method to determine if digital
| records have been modified or deleted.
GLBA's Financial Privacy Rule, which addresses the collection and dissemination of non-public customer information, and its Safeguards Rule, which outlines how controls should be governed to protect this type of information, also fall under forensics' umbrella. Forensics is becoming more of an integral piece of auditing and investigating compliancy with the Safeguards Rule.
HIPAA has similar requirements pertaining to medical information, requiring thorough analysis and reporting of security incidents.
SB 1386 requires that companies doing business in California must report the unauthorized disclosure of sensitive information, which can be a driver's license number, Social Security number or financial account number.
Among the tools Helix employs are its feature-packed Sleuth Kit and graphical interface Autopsy Browser. Used in tandem, these give the digital investigator a very capable graphical analysis platform similar in functionality to many commercial products.
Since Helix is a shareware tool, it's inexpensive but lacks the technical support and fixes to bugs when needed. Also, its youth is a drawback; there is little if any court case history in which Helix has been used.
Paraben has an extensive suite of tools that can be used to examine e-mail, recover passwords, analyze chat logs and perform powerful Web surfing analysis.
Paraben's NetAnalysis tool can examine AOL history files, reconstruct a cache for viewing, recover deleted Internet history files, identify Google searches, and provide a cookie and URL decoder. Its ability to capture evidence from most cell phones and PDAs is more comprehensive than similar capabilities in other tools.
Although Paraben has an extensive toolset, it has not caught on in the industry as well as the EnCase and AccessData products.
This was first published in December 2005