How are computer incidents investigated?

M

Mark Rosenthal2015-12-14 15:03:06

Information Security

Mark Rosenthal, 2015-12-14 15:03:06

Hello!
I decided to ask how the investigation is going on in Russia. From the point of view of the law, not everything is clear, but it is not interesting.
How are data analyzed? Making copies? What if the offender managed to turn on the lock, and after 10 minutes the data is destroyed, or if the input is incorrect, for example?
How do they prove who is doing it, who benefits?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

N

nirvimel, 2015-12-15
@nirvimel

According to this book, all investigators work, because the other, in general, does not exist.

V

Vladimir Martyanov, 2015-12-14
@vilgeforce

Take and investigate. Stealing a database by an employee using a stupid flash drive is one thing, infecting a machine with access is another. The home visit to the participants in the first two scenarios is the third.

A

Alistair O, 2017-09-23
@box4

Investigates depending on who, in banks, usually according to ISO 27001 or itil there is an incident management process, the policies say how to respond (response to an incident) according to the roadmap, another process is connected, this is DFI digital forensics, investigation. They act according to the procedure, for example, a memory dump, a hard disk, is taken from netflow network equipment. As often happens, dfi is a post-mortem procedure, when the threat has already been identified, localized and eliminated, or is in an acceptable state. With dfi, the task is to determine the chronology, and report, after which it is necessary to review the risks, and finally accept, reduce or transfer risks.
For dfi, there are paid applications and free ones, paid ones are automated and if you have experience, you can use it, as this simplifies the process and saves time.