Home > Information Security Magazine > Features > What CISOs need to know about computer forensics
EMAIL THIS
Information Security Magazine

  CURRENT ISSUE  
  FEATURES  
  COLUMNS  
  HOT PICK & PRODUCT REVIEWS  
  ARCHIVES  
  SUBSCRIBE/RENEW  
  

What CISOs need to know about computer forensics
by Marcia Savage
Issue: Sep 2007
printer-friendly
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   NEXT PAGE  >

Complexity hinders Investigations


Mobile devices and monstrous hard drives are giving specialists fits.

Multiple types of computing devices, bigger hard drives and increased use of encryption are making the job of a digital forensic examiner tougher than ever.

"Go back seven years or so, all forensics in the business world was based on PCs. It was very simple," says Luther Martin, security architect at vendor Voltage Security. "It's a lot more complex today. Now you have PDAs, cell phones, BlackBerries, iPods--all which contain potentially interesting data."

An investigation usually starts with a single system and grows to wherever evidence may reside, which can include digital cameras, USB drives and even printers, says Brian Gawne, managing director of forensics at risk management firm Veritas Global. But the bigger challenge in forensics today is the sheer size of hard drives, he says.

"You're seeing hard drives from desktops and laptops that are 400 gigabytes and growing," he says. "So the amount of data we have to parse through is ever mounting."

The 14 Regional Computer Forensics Laboratories across the U.S., wh...



ich are jointly operated by the FBI and local law enforcement agencies, processed a whopping 2.8 petabytes of data last year.

"With disks getting as big as they are, we're trying to find ways to work smarter, not harder," says Chris Beeson, FBI supervisory special agent and director of the Silicon Valley RCFL. "The days of being able to go through every sector on a drive just don't exist."

One way investigators can work smarter is by tapping databases with hash sets of known software files; the hash values allow them to reduce the number of files they need to inspect, Beeson says. One such database is the National Software Reference Library, a project supported by the U.S. Department of Justice and federal, state and local law enforcement.

But encryption can pose a big problem for investigators. Attackers are encrypting files and stripping out references, which makes analysis harder, says Evan Wheeler, senior consultant in charge of forensics at IT services firm Akibia.

"Encryption can slow us down and stop us in our tracks," Beeson says.

"It just depends on the amount of resources we can plug into that case."

--MARCIA SAVAGE
< PREV PAGE   |   1  |   2  |   3  |   4  |   5  |   6  |   7  |   8  |   9  |   10  |   NEXT PAGE  >




TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts