Trends in Computer Forensics
While at FOSE last week, I attended a very good session called SANS Forensic and Incident Response. The session was led by Rob Lee from Mandiant, who moonlights as a computer forensics trainer. Rob identified seven key trends in computer forensics:
- Increasing data breach incidents . More events, more forensics needed.
- Lack of preparation for when things go bad. Rather than relying on technology, we need more skilled professionals.
- Loss of forensic expertise. Corporate-based forensic experts tend to flee to higher paying jobs with technology vendors and service providers.
- Increasingly sophisticated civil cases . As lawyers learn more, cases become more complex. Lee talked about the burgeoning focus on metadata in legal cases.
- Too much data. Log data experts like LogRhythm, Log Logic, ArcSight, Nitro, and Q1 Labs present a ton of data to evaluate. Lee said that the real challenge is host-based data, not network data.
- Mobile data forensics. We need the ability to understand what's happening on iPhones, Droids, and Blackberries--not just Windows PCs.
- Volatile data collection and analysis. This is all about the collection of data residing in memory, which could make or break a case.
Lee did a great job of explaining the art, science, and challenges of forensics in addition to the pressing need for more experts in the field. IT professionals take note: computer forensics is a high growth and potentially high paying area.
Read more of Jon's blog entries at Insecure About Security.
*All views and opinions expressed in ESG blog posts are intended to be those of the post's author and do not necessarily reflect the views of Enterprise Strategy Group, Inc., or its clients. ESG bloggers do not and will not engage in any form of paid-for blogging. Click to see our complete Disclosure Policy.