This article can also be found in the Premium Editorial Download "Information Security magazine: Top forensics tools for tracking down cybercriminals."

Download it now to read this article plus other related content.

Post Mortem
After your internal forensics team has carried out an incident or crime investigation with the appropriate toolkit, it's important to understand what went right and what went wrong so the process can be improved.

Some questions the team should address include whether additional training or tools are needed for future incidents, and whether any recovery activities introduced vulnerabilities or affected the company's regulatory status. Based on the forensics team's discoveries and its assessment of damages from a particular incident, a company can decide whether to take the case to court.

The team should be able to determine the technical sophistication of the criminal and the likelihood of being able to catch him. It's also important to determine what type of individual did this type of crime. Was it a competitor or just some kids hacking for fun?

Choose your battles wisely: It would not be a good business decision to win a multimillion-dollar lawsuit against a few teenagers who have no money.

Ultimately, having a skilled computer forensics team will ensure your company is prepared for the worst. Knowing how to track digital footprints can help your business catch a thief before he escapes into cyberspace.

    Requires Free Membership to View

This was first published in December 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: