What CISOs need to know about computer forensics


This article can also be found in the Premium Editorial Download "Information Security magazine: How to dig out rootkits."

Download it now to read this article plus other related content.

"It's more important that you've been involved in a lot of cases," he says.

Forensics investigators use a number of different tools-- commercial, open-source and custom--depending on the job at hand, so it's tough to judge them based on the tools they use. "I don't think there's any one tool set that guarantees proficiency," says Montebello's Cornish.

"You need someone you can trust," he adds. "Someone who has knowledge of IT systems, who's not going to walk around like a bull in a china shop, and understands you have a business to run."

When Spernow interviews candidates for organizations' in-house forensics teams, he looks for people with an in-depth understanding of network architectures and how syslog environments function. "So they have a rounded picture of what a corporate infrastructure looks like."

For her part, Jenkins is well versed in multiple platforms--Unix, Windows and Macintosh--and uses multiple tools including Guidance Software's EnCase and Helix, an open source Linux-based bootable live CD. She has the EnCase forensics certification and a SANS incident handling certification. Master's degrees in ancient history and library science also prepared her well for her job, she says.

Building an in-house forensics team makes sense for some organizations, particularly large ones. Boeing has handled computer forensics in-house for years because it was cost effective, says spokesman Tim Neale.

In a 2004 presentation, Spernow estimated

Requires Free Membership to View

that a forensics lab with one analysis system cost $156,110, including personnel. A lab with 10 analysis systems cost $388,640. Outsourcing costs can range from $33,200 to $55,100 for one event and from $332,000 to $555,100 for 10 events. Those estimates remain on target, he says.

"Depending on how big you are, the economies of scale come into play pretty quick," he says.

This was first published in September 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: