Case study: Network intrusion investigation - Preparation and challenges
Digital Investigation: The International Journal of Digital Forensics & Incident Response
Using time-driven activity-based costing to manage digital forensic readiness in large organisations
Information Systems Frontiers
Hi-index | 0.00 |
Investigations of network security breaches are both complex and costly. Even a moderate amount of forensic preparation in an organization can mitigate the impact of a major incident and can enable the organization to obtain restitution. A case study of an intrusion is outlined in which the victim organization worked with law enforcement agencies to apprehend the perpetrator. This case study contains examples of challenges that can arise during this type of investigation, and discusses practical steps that an organization can take to prepare for a major incident. The overlapping roles of System Administrators, Incident Handlers, and Forensic Examiners in a network intrusion are explored, with an emphasis on the need for collaboration and proper evidence handling. This case study also shows how effective case management and methodical reconstruction of events can help create a more complete picture of the crime and help establish links between computer intruders and their illegal activities.