Don't Overdo It
Preparedness often saves the day, and that means managing logs well and in advance. But be forewarned: Overpreparation can cost you dearly, too.
"It's easy to just log everything, but without being deliberate in your approach, you may end up increasing risk instead of mitigating it," AlixPartners' Madura says.
Unencrypted PII, user data, passwords, or other sensitive information can be accidentally collected in efforts to log all things loggable, but that could "land you in hot [regulatory] water," he adds.
Even so, less isn't best either, adds Matt Ruddell, MEDEX trainer and lecturer at the Global Forensic and Justice Center at Florida International University.
"While the sheer amount of this data may seem daunting, good forensic examiners should have software and hardware tools beefy enough to comb through these logs – which can certainly be voluminous if you turn them all on," he says. "Admittedly, this can frequently be an issue as digital forensic examiners are often battling for budget dollars to keep their equipment and skills up to date."
(Image: minicel73 via Adobe Stock)