Cisco Subnet An independent Cisco community View more

Trends in Computer Forensics

Security incidents, changing technology, and litigation are pushing the envelope

While at FOSE last week, I attended a very good session called SANS Forensic and Incident Response. The session was led by Rob Lee from Mandiant who moonlights as a computer forensics trainer. Rob identified 7 key trends in computer forensics: 1. Data breach incidents are increasing. More events, more forensics needed. 2. Lack of preparation for when things go bad. Rather than relying on technology, we need more skilled professionals. 3. Loss of forensic expertise. Corporate-based forensic experts tend to flee to higher paying jobs with technology vendors and service providers. 4. Civil cases increasing in sophistication. As lawyers learn more, cases become more complex. Lee talked about the burgeoning focus on meta data in legal cases. 5. Too much data. Log data experts like LogRhythm, Log Logic, ArcSight, Nitro, and Q1 Labs present a ton of data to evaluate. Lee said that the real challenge is host-based data, not network data. 6. Mobile data forensics. We need the ability to understand what's happening on iPhones, Droids, and Blackberries, not just Windows PCs. 7. Volatile data collection and analysis. This is all about the collection of data residing in memory, which could make or break a case. Lee did a great job of explaining the art, science, and challenges of forensics and the pressing need for more experts in the field. IT professionals take note, computer forensics is a high growth and potentially high paying area.

Join the discussion
Be the first to comment on this article. Our Commenting Policies