Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Edge Articles

08:00 AM
Terry Sweeney
Terry Sweeney
Edge Articles
Connect Directly

The 10 Essentials of Infosec Forensics

Whether it's your first investigation or 500th, review the basics of IT forensics to streamline and simplify your discovery.
1 of 11

Most infosec forensics investigators walk a fine line. They must adhere to specific institutional processes, which, in many cases, are state and federal requirements. But they must also use a certain amount of pragmatism since no two investigations are exactly alike.

So while there may be a corporate best practice of collecting log files from all systems, that approach doesn't make sense if what you need is a single line of code from a log file to get you to the next level of the investigation, explains Richard Rushing, CISO of Motorola Mobility. 

"I need to know if this user account logged into that server. And that information may already be somewhere else that doesn't require me to go through all the log files," he says. "That's the sort of thing people overlook sometimes." Process and pragmatism can work in tandem to help peel back the layers, Rushing adds.

With that in mind, here are 10 tips and refreshers for forensics pros working on IT incidents, suspected or real.


Terry Sweeney is a Los Angeles-based writer and editor who has covered technology, networking, and security for more than 20 years. He was part of the team that started Dark Reading and has been a contributor to The Washington Post, Crain's New York Business, Red Herring, ... View Full Bio

1 of 11

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building Cybersecurity Strategies in Sub-Saharan Africa

Filmed for Dark Reading News Desk at Black Hat Virtual.

LAURA TICH: We have that imbalance, where the big organizations are more protected, where the smaller ones -- which are the most common businesses in the region -- they are least protected... Sometimes they do get the tools, they do get the funding to buy some critical tools, but there's a lack of skills to handle or people who understand how to work those tools. So there are a lot of factors that contribute to our growth -- or lack thereof -- in the cybersecurity industry.


Name That Toon: Tough Times, Tough Measures
Latest Comment: Wear a mask, please!
Flash Poll