Blog: First Aid in Digital Forensics
On this years annual conference — FFG — of German Unix User Group (celebrating 2009 its 25th anniversary), I gave a presentation about the first important steps in digital forensics, a.k.a incident reponse. Only in some cases of a system compromise the local administrator — unfortunately very often not familiar with the does and donts — is not able to deal with the situation correctly. This can be important if the system is a crucial one and the organisation depends on a correct evidence collection.
Further defecencies: Only a few companies nowadays have a procedure in place how to deal with system compromises. There are seldom ISMS (information security management systems), no escalation procedures, no emergency manual or anything like that. So a technical issue could get from the business perspective even worse.
Feel free to have a peek at the (german, sorry) paper and the presentation.
(Dirk Wetter, 03/17/2008)
Discuss this article | Permalink, Comments  | del.icio.us | digg this