1 / 8

The Need For Forensic Capabilities In The Commercial Sector

The Need For Forensic Capabilities In The Commercial Sector . Dominique Brezinski. Computer Forensics. Methodology and tool set for analyzing computer systems for evidence of compromise or misuse Methods and tools must be defensible in a court of law. Problem Space.

tuvya
Download Presentation

The Need For Forensic Capabilities In The Commercial Sector

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Need For Forensic Capabilities In The Commercial Sector Dominique Brezinski

  2. Computer Forensics • Methodology and tool set for analyzing computer systems for evidence of compromise or misuse • Methods and tools must be defensible in a court of law

  3. Problem Space • Without the ability to tell when our digital assets have been compromised, we have an incomplete security solution at best • Forensic tools fill the gap between what computer security should be and what it is today

  4. Where we are today • Computer security solutions and architectures are incomplete • One and a half trillion dollars of loss due to computer crime in 1999 worldwide (PricewaterhouseCoopers) • Computer crime increasing in parallel with overall Internet growth • Current forensic tools support analysis of captured personal computers, not business computing environments

  5. How Did We Get Here? • Computer security solutions have not kept up with the risks associated with worldwide interconnectivity • High value digital assets that are easy to move and sell with a low risk profile (attractive to criminals) • Law enforcement has to transition to support Third Wave criminal investigation

  6. Still Getting There • Time consuming to do initial analysis to determine if system has been compromised • Law enforcement does not have the staff or expertise to investigate even a small percentage of computer crime • Currently a bit lawless, so we need to defend our own homesteads

  7. Available Options • Gap analysis—where do we need to be and where are the holes • We cannot effectively prevent computer crime with current technology • Need to be able to investigate and prosecute computer crime and recover losses (civil action)

  8. Recommendation • Develop accepted methodologies for investigating computer crime • Develop robust tools for system analysis and evidence collection to support investigations • Augment law enforcement by taking up slack • Pursue civil action (must support burden of proof)

More Related