tag:blogger.com,1999:blog-6447283518071683105.post6248772155467654972..comments2023-04-02T10:17:04.631-04:00Comments on Forensic Incident Response: The faces of Digital Forensic Sciencehogflyhttp://www.blogger.com/profile/00741773109962883616noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-6447283518071683105.post-84965754609258169812007-06-03T19:53:00.000-04:002007-06-03T19:53:00.000-04:00...how are you answering this question? If the dat...<I>...how are you answering this question? </I><BR/><BR/>If the data's not there, I can't answer the question. <BR/><BR/>The question of what files were copied to an external storage device (without having that storage device to analyze) has also come up, even though it was explained to the customer that forensics cannot show that.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-55064630947638752622007-06-03T16:51:00.000-04:002007-06-03T16:51:00.000-04:00This is a BIG one because this is the question I'm...<I>This is a BIG one because this is the question I'm getting asked more and more.</I><BR/><BR/>I'm curious..how are you answering this question? I've been coping with it for about 2-3 years now, and the thing I try to remind folks is that I can't prove that the data didn't walk(can't prove a negative) because I don't have all the requisite information, even though business managers want to hearhogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-73465067367126592782007-06-03T07:33:00.000-04:002007-06-03T07:33:00.000-04:00Incident Response:...Provide accurate information ...<B><I>Incident Response:</I></B><BR/>...<BR/><I>Provide accurate information to security team to defend against further attacks</I><BR/><BR/>I would suggest expanding "defend" to "prevent, detect, and defend"<BR/><BR/><I>Provide evidence that suggests or "proves" that regulated or sensitive data was or was not accessed(insert stolen if need be) by unauthorized individuals.</I><BR/><BR/>This is a H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com