CHAPTER 7
The Cyber-Firefighters
Computer forensic investigators often work hand in hand with network security professionals, law enforcement, or traditional investigators and are required to respond to events as they take place in real time, from both the monitoring perspective as well as the data collection perspective. Sometimes, data has been created seconds ago, and in other cases, the data may have been created a decade ago. In either case, the forensic examiner has the tools to deal with these scenarios. See Exhibit 7.1.
EXHIBIT 7.1 Corporate Server Cluster
This cluster is in four standard racks containing file servers, e-mail servers, web servers, application servers, firewalls, archival and backup systems, antispam, antivirus, and intrusion detection systems, voice mail systems, smartphone servers, transactional servers for e-commerce, time and billing applications, logistics applications, video surveillance systems, thin-client services, and a large transactional database. This overwhelming and highly concentrated environment is where advanced computer investigators often find themselves tasked with preserving or monitoring data without adversely impacting day-to-day or second-to-second operations of the company.
The cyber-firefighters are almost exclusively relegated to the world of reactive or reactionary tasks. A company is hacked, the data is breached, a system ...
Get Investigative Computer Forensics: The Practical Guide for Lawyers, Accountants, Investigators, and Business Executives now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
