Home

Editor's Corner

Akibia Data Center Solutions Case Study

An Introduction to Digital Forensic Investigations
from Akibia

Citrix Application
Delivery Infrastructure

Payment Card Industry (PCI) Compliance from RSA

Preventing Data Leaks on
USB Ports with Pointsec

Nokia Extendable
Security Appliances

Akibia News

Akibia Partners

Contact Akibia

 

akibia

 

 

 

 

 bandwidth

Editor's Corner

In this issue of Bandwidth, we are featuring an article on Digital Forensics by one of Akibia’s Senior Security Consultants, Evan Wheeler. While working with Evan on this article and the introduction of Akibia’s new Forensic services, it was interesting to learn about the ways he has used his forensics skills and knowledge to help several of our clients in ways that I would not have considered a “forensics investigation.”

Whenever I hear “forensics,” I immediately conjure up images of one of the many CSI episodes that are airing on TV. Scientists, crime scene investigators, and law enforcement are all part of the aura that surrounds “forensics.” Within the corporate environment while the cast of characters may not be quite as dramatic, a forensics investigation can impact a broad cross section of the organization.

In working with Evan, and talking to clients, I learned that forensic readiness for an enterprise is not merely about being ready for possible legal actions, but is an important part of a life-cycle management process used within the organization’s information technology program.

As you’ll learn in Evan’s article, one of the areas that benefits most from forensic readiness is an organization’s incident response plan. By considering the steps and process that a forensic investigation would take, a company may make some changes to their incident response plan. Their response plan may be modified to include steps that would preserve data and the chain of custody for investigative purposes during an incident response. For others, new scenarios and contributors may be added to their plan that were not originally considered.

Another area impacted that I hadn’t considered was how a forensic investigation might change an organization’s provisioning process. In preparing the tools, systems, and processes needed to conduct a forensic investigation, an IT department may add steps to their provisioning process that would allow them to store, recall, and deliver device configurations to a third party or internal investigation team at a moments notice. The time it takes to deliver baseline configurations of devices is an integral part of the overall response time for both a forensics investigation, as well as an incident response. Depending on an organization’s capability maturity, this may spawn entirely new processes and documentation about their configuration sets, or merely be an additional step in a well established provisioning program.

In both these scenarios, by considering the impact and scope of a forensic investigation, an enterprise can enhance existing programs and processes - enhancements that can help a business be more responsive to the daily operational challenges they face and improving the maturity of their IT programs.

Tim Richardson

Product Marketing Manager, Akibia, Inc.