|
"It's more important that you've been involved in a lot of cases," he says.
Forensics investigators use a number of different tools-- commercial, open-source and custom--depending on the job at hand, so it's tough to judge them based on the tools they use. "I don't think there's any one tool set that guarantees proficiency," says Montebello's Cornish.
"You need someone you can trust," he adds. "Someone who has knowledge of IT systems, who's not going to walk around like a bull in a china shop, and understands you have a business to run."
When Spernow interviews candidates for organizations' in-house forensics teams, he looks for people with an in-depth understanding of network architectures and how syslog environments function. "So they have a rounded picture of what a corporate infrastructure looks like."
For her part, Jenkins is well versed in multiple platforms--Unix, Windows and Macintosh--and uses multiple tools including Guidance Software's EnCase and Helix, an open source Linux-based bootable live CD. She has the EnCase forensics certification and a SANS incident handling certification. Master's degrees in ancient history and library science also prepared her well for her job, she says.
Building an in-house forensics team makes sense for some organizations, particularly large ones. Boeing has handled computer forensics in-house for years because it was cost effective, says spokesman Tim Neale.
In a 2004 presentation, Spernow estimated that a forensics lab with one analysis system cost $156,110, including personnel. A lab with 10 analysis systems cost $388,640. Outsourcing costs can range from $33,200 to $55,100 for one event and from $332,000 to $555,100 for 10 events. Those estimates remain on target, he says.
"Depending on how big you are, the economies of scale come into play pretty quick," he says.
|
