This article can also be found in the Premium Editorial Download "Information Security magazine: Top forensics tools for tracking down cybercriminals."
Download it now to read this article plus other related content.
After your internal forensics team has carried out an incident or crime investigation with the appropriate toolkit, it's important to understand what went right and what went wrong so the process can be improved.
Some questions the team should address include whether additional training or tools are needed for future incidents, and whether any recovery activities introduced vulnerabilities or affected the company's regulatory status. Based on the forensics team's discoveries and its assessment of damages from a particular incident, a company can decide whether to take the case to court.
The team should be able to determine the technical sophistication of the criminal and the likelihood of being able to catch him. It's also important to determine what type of individual did this type of crime. Was it a competitor or just some kids hacking for fun?
Choose your battles wisely: It would not be a good business decision to win a multimillion-dollar lawsuit against a few teenagers who have no money.
Ultimately, having a skilled computer forensics team will ensure your company is prepared for the worst. Knowing how to track digital footprints can help your business catch a thief before he escapes into cyberspace.
This was first published in December 2005