The Lazy Genius

Security News & Brain Dumps from Xavier Ashe, a Bit9 Client Partner

Improving the Process of Evidence Collection in Incident Handling Procedures

Posted by Xavier Ashe on June 6, 2005

This paper suggests that administrators form a
new way of conceptualizing evidence collection across an intranet based
on a model consisting of linked audit logs. This methodology enables
the establishment of a chain of evidence that is especially useful
across a corporate intranet environment. Administrators are encouraged
to plan event configuration such that audit logs provide complementary
information across the intranet. Critical factors that determine the
quality of evidence are also discussed and some limitations of the
model are highlighted.

Read the full paper at Forensics Focus.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: