SANS Digital Forensics and Incident Response Blog: Tag - incident

NCS vs DRN - Educating the Client

As forensic analysis, our product is only as good as our input. And unfortunately, many times our input is not what we would hope for.

If you have worked many unauthorized access cases in the past, you know what I am talking about. These cases are my favorite to work honestly. Seeing the new methods used to compromise systems and the challenge of trying to find every way the system was affected is great. However, much of the evidence from these cases has issues that are common from one case to the next.

First response

For years now users have been taught that on the first sign of problems with their system, the best thing to do is run a full anti-virus check of the entire system. And for good measure, follow that up with an anti-malware scan or two. And for the most part users have got this message.

It is not just users that do this. How many times do you see companies with very informal incident response plans which leaves the process of what to do

... Continue reading NCS vs DRN - Educating the Client