Talk With an Expert

Investigating an Internal Case of Internet Abuse

Investigating an Internal Case of Internet Abuse (PDF, 1.83MB)Published: 06 Sep, 2001
Created by:
Mal Wright

I was recently required to investigate an incident of Internet abuse that led to the discovery that one of our own administrators was a security risk. Though this investigation was triggered by an incidence of 'Internet abuse' the tools used and lessons learned are relevant for many types of security incident that require an internal investigation to discover the offender. This essay describes the detection investigation and various tools used to collect the evidence. Lessons learned from the investigation are included as well as some useful resources for security investigators s o they can be more prepared when they deal with internal computer security incidents.

Investigating an Internal Case of Internet Abuse