Blog: First Aid in Digital Forensics

On this years annual conference — FFG — of German Unix User Group (celebrating 2009 its 25th anniversary), I gave a presentation about the first important steps in digital forensics, a.k.a incident reponse. Only in some cases of a system compromise the local administrator — unfortunately very often not familiar with the does and donts — is not able to deal with the situation correctly. This can be important if the system is a crucial one and the organisation depends on a correct evidence collection.
  Further defecencies: Only a few companies nowadays have a procedure in place how to deal with system compromises. There are seldom ISMS (information security management systems), no escalation procedures, no emergency manual or anything like that. So a technical issue could get from the business perspective even worse.
  Feel free to have a peek at the (german, sorry) paper and the presentation.

(Dirk Wetter, 03/17/2008)


Discuss this article  |   Permalink, Comments [0]   |   del.icio.us   |   digg this