A typical incident response pits technicians against networks that aren't prepared forensically. [1, 2] If practitioners do consider collecting network forensic data, they face a choice between expending extraordinary effort (time and money) collecting forensically sound data, or simply restoring the network as quickly as possible. In this context, the concept of organizational network forensic readiness has emerged. The following is a discussion of selected computer crime cases, using publically available information, spanning a period of time of several years, that together demonstrate the need for a preventive and proactive response to malicious intrusion over a reactive one. It concludes with recommendations for how to "operationalize" organizational network forensic readiness.
Revised: October 27, 2010 |
Published: October 1, 2005
Citation
Popovsky B., D.J. Ryan, and D.A. Frincke. 2005.The New Zealand Hacker Case: A Post Mortem. In Oxford Internet Institute (OII) Cybersecurity Conference Safety and Security in a Networked World: Balancing Cyber-Rights and Responsibilities. Oxford:Oxford Internet Institute.PNNL-SA-46503.