Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

What type of advantages could a forensic technician get from it?

0
10 Posted

What type of advantages could a forensic technician get from it?

0
10

Robert Watson: Post-mortem analysis is a tricky business — you want to figure out how the system was broken into and what was done, but this is complicated by the fact that software is extremely flexible and there isn’t much log information. It could be that the first thing you know of an attack is a defaced web page, but maybe the actual break-in occurred weeks before. A detailed audit trail of events can often directly answer the question of how and when the break-in occurred, and allow the technician to backtrack through the log identifying what files were modified by the attacker, what software was run, and what other activities, such as attacking other systems, were performed. As audit is flexible to configure and we ship trail reduction tools, administrators can decide on their own trade-offs between disk space use, performance impact, and log completeness. For example, administrators might choose to audit only system logins, which has very low space and performance overhead —

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.