a conference held recently in Mumbai, Andy Miller, Business
Support Manager, Asia Pacific, spoke about the importance
of being equipped in case of security breaches, and
the possible ways by which enterprises can act in case
of a security compromise.
"Computer evidence is fragile and can be easily
modified, but there are very good forensics programs
which make the process of collecting evidence easier.
It is important to document the steps taken throughout
the investigation no matter how minuscule the action
may seem," said Miller.
Computer forensics is the process of extracting information
from computer storage media and guaranteeing its accuracy
and reliability. It involves deductive reasoning, investigative
skills, and common sense.
Forensic software can be used to make a bit stream backup
of the suspect drive, and run a hash of the suspect
hard drive and backup tape to help prove reliability
of evidence. It can also document the system date and
time, use key search words to look for suspect data,
and locate free and slack space for deleted files. Examples
of forensic tools are Guidance Software's Encase Professional,
Sydex Corporation's Safeback, tape drives, and CD ROM
Intrusion detection systems can also detect attacks,
provide alerts, collect reports from distributed environments,
and analyze the information centrally. Examples are
Enterasys Dragon, ISS RealSecure, and Cisco Secure IDS