Improving the Process of Evidence Collection in Incident Handling Procedures

This paper suggests that administrators form a
new way of conceptualizing evidence collection across an intranet based
on a model consisting of linked audit logs. This methodology enables
the establishment of a chain of evidence that is especially useful
across a corporate intranet environment. Administrators are encouraged
to plan event configuration such that audit logs provide complementary
information across the intranet. Critical factors that determine the
quality of evidence are also discussed and some limitations of the
model are highlighted.

Read the full paper at Forensics Focus.

Author: Xavier Ashe

Entrepreneur, Infosec Executive, CISSP, CISM, Ironman triathlete, traveler, UU, paleo, father of 8, goyishe, gamer, & geek.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s