- Training
- Training Live Events
- Training Without Travel
- SANS Courses
- Certified Instructors
- Career Roadmap
- Training Calendars
- SANS @Home
- SANS OnDemand
- Community SANS
- SANS Mentor Program
- SANS Onsite
- SANS SelfStudy
- SANS Partnership Series
- SANS Workshop Series
- Webcasts
- Work Study
- Events Archive
- DoD 8570
- Voucher Credit Program
- group discounts
- Certification
- Resources
- Vendor
- Portal
- Storm Center
- College
- Developer
- About
the most trusted source for computer security training, certification and research
Computer Forensics - We've Had an Incident, Who Do We Get to Investigate?
- Abstract
- Computer forensics is the equivalent of surveying a crime scene or performing an autopsy on a victim" (James Borek 2001). How many people in your organization, who have not had law enforcement training, would have the ability to do this and present evidence that would be acceptable in a court of law? Regardless of whether the incident is an external intrusion, fraud, or internal staff misconduct, the investigation needs to be treated the same way, and the same rules of evidence apply. So how does a manager (IT or not) decide how to investigate an incident? Does the company conduct the investigation themselves using their existing personnel, do they bring in the assistance of the Police, or do they hire the services of a professional computer forensics company? This paper's aim is to provide Australian managers with a basis to make this decision by providing an insight into computer forensics and evidence handling, and giving advantages and disadvantages for each option.