CSI - cyber security investigators
Bryan Sartin Ubizen
The use of forensics analysis in information security is growing, much in response to a sharp uptake in more criminally
motivated attacks on organizations' networks and IT infrastructure. Much like their law enforcement brethren glamorized
on popular TV shows, cyber forensics experts use forensics investigative techniques to examine attacks on comprised
networks, tracing a hacker's "footsteps and fingerprints" to determine a motive, a target and, in best case scenarios,
the hacker's identity. In this presentation, security expert Bryan Sartin will explore the ever-intriguing and complex
field of forensics analysis.
Beginning with hacking attempts that breach a network's security defenses, the presentation will walk attendees through
the processes by which cyber forensics teams identify the source of compromises, determine if data has been damaged or
stolen and investigate how compromises are executed. Sartin will also discuss how forensics experts methodically comb
through network systems to pinpoint affected systems and to gather electronic evidence, which must be carefully preserved
for future research or legal prosecution. Attendees will receive both technical and business perspectives on the benefits
of forensics analysis when breaches occur and leveraging investigation findings in overall network security strategies.
Additionally, attendees will learn methods, such as gap analysis, to be employed after an attack to mitigate
vulnerabilities and to compare a company's security infrastructure to current security standards.
This month VB's test team put 26 products to the test on
Windows Server 2008. John Hawes has the full results.