Forensics Tools Help Companies Investigate Intrusions Remotely

For global companies, forensics applications provide another weapon in the security arsenal.

How it works: Forensics software from vendors such as Guidance Software and Mandiant let companies remotely examine machines for evidence of intrusion. These applications help security professionals find signs that other tools miss-checking registry files, hard drives, even a computer's memory.

Who is doing it: Google's break with China in January over compromised e-mail accounts highlighted the need for global companies to adopt more sophisticated methods of protecting data. Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, says antivirus and anti-malware software isn't enough because hackers tailor malware for specific victims. China isn't the only worry, he adds, especially for companies in industries such as defense.

Growth potential: Forensics software represents a fraction of the security market, which IDC estimates is worth $24.5 billion, but Guidance Software says its products are used by 20 percent of the Fortune 500. As western companies take a hard look at their security postures, forensics may become key to survival, say analysts. Today, if you work for the government or a company with sensitive business, "You don't take your own computer when you go to China because of the likelihood of intrusion, " Warner notes. -

Read more about legal in CIO's Legal Drilldown.

This story, "Forensics Tools Help Companies Investigate Intrusions Remotely" was originally published by CIO .

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies