Detect and Survive

08 August 2011
Download Type: Adobe PDF

The ability to detect complex cases of computer misuse within an organisation, whether perpetrated by outsiders or from within, is vital to the continuing survival of the company. But as computer criminals refine their techniques, so must the detection methods evolve. To enable this, modern-day IT departments need to employ techniques and tools previously only available to forensic investigators within the law enforcement community. Thankfully, those tools are becoming available outside of the justice environment, and are proving highly effective in solving cases that would otherwise have remained impossible to close.

The ability to examine the contents of a hard disk or other storage device at a very deep level has long been a fundamental requirement of technical support personnel and data recovery specialists. They need to analyze the data below the level of the operating system, on a per-byte or per-sector basis, rather than per-file. Those bytes or sectors often comprise current files, but this may not always be the case. Often, the data will represent remnants of deleted files, or information from the partition table, directory structure or other key elements of the copious metadata that exists on every hard disk, CD, DVD, USB pen drive, SD card, and similar devices.

Beyond even the requirements of support personnel and data recovery specialists is a level of device examination product known as forensic examination software.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×