Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.
The 10 Essentials of Infosec ForensicsThe 10 Essentials of Infosec Forensics
Whether it's your first investigation or 500th, review the basics of IT forensics to streamline and simplify your discovery.
Terry Sweeney, Contributing Editor
July 17, 2019
11 Slides
Most infosec forensics investigators walk a fine line. They must adhere to specific institutional processes, which, in many cases, are state and federal requirements. But they must also use a certain amount of pragmatism since no two investigations are exactly alike.
So while there may be a corporate best practice of collecting log files from all systems, that approach doesn't make sense if what you need is a single line of code from a log file to get you to the next level of the investigation, explains Richard Rushing, CISO of Motorola Mobility.
"I need to know if this user account logged into that server. And that information may already be somewhere else that doesn't require me to go through all the log files," he says. "That's the sort of thing people overlook sometimes." Process and pragmatism can work in tandem to help peel back the layers, Rushing adds.
With that in mind, here are 10 tips and refreshers for forensics pros working on IT incidents, suspected or real.
About the Author(s)
You May Also Like
More Insights
Webinars
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023