Educause Security Discussion mailing list archives
Re: Good Investigation/Forensic groups - was: SSNs, rootkits, Incident Response, etc...
From: "H. Morrow Long" <morrow.long () YALE EDU>
Date: Sat, 8 Jul 2006 09:08:00 -0400
Jim -- Might I recommend Stroz Friedberg, LLC ( www.strozllc.com ). They have offices in DC, NYC, LA and MN.Eoghan Casey (author of Digital Evidence and Computer Crime, Second Edition, editor of Handbook of Computer Crime Investigation: Forensic Tools & Technology and co- author of Investigating Child Exploitation and Pornography : The Internet, Law and Forensic Science)
works for Stroz Friedberg -- and is a former employee of mine. - H. Morrow Long, CISSP, CISM, CEH University Information Security Officer Director -- Information Security Office Yale University, ITS From http://www.strozllc.com/methodology.htmlFounded in 2000, Stroz Friedberg, LLC is a consulting and technical services firm specializing in computer forensics; cyber-crime response; private investigations; and the preservation, analysis and production of electronic data from single hard drives to complex corporate networks. Typically, we perform this work in the context of civil litigation, criminal and regulatory matters, and internal corporate investigations. Our unique methodology — which brings technology, law, investigative experience and behavioral science to bear while providing assurance to all parties — has made us the firm of choice in the areas of our expertise. Stroz Friedberg provides objective, comprehensive answers based upon expert analysis of electronic data and disputed facts that our clients can rely on in critical and routine matters, with the assurance that our reports will withstand the scrutiny of opposing counsel and experts, courts, and the government.
On Jul 7, 2006, at 11:18 AM, James H Moore wrote:
We have ended up in an investigation, where I thought I was done. I am looking for recommendations of forensic firms to finish it. I have 2 piecesof advice currently.1) Find a firm that is not entirely ex-law enforcement (of verify that they have acquired the right amount of Computer Science background). The reverse holds for any group that is entirely ex-systems administrators, as theydon't understand the criminal mind as well. 2) Find someone that know anti-forensics.As I mentioned, I thought I was done. Then I talked to a mentor. He said that some hackers/worms/bots/spyware ftp stuff back that looks nasty (likeold rootkits) just to throw you off. He said that I should consider professional help (I think that he meant for forensics ;-) So I am looking for suggestions. Jim - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 Office: 585-475-5406 Lab: 585-475-4122 Fax: 585-475-7950"Distrust and caution are the parents of security." -- Benjamin Franklin"We will bankrupt ourselves in the vain search for absolute security." --Dwight D. Eisenhower
Current thread:
- Good Investigation/Forensic groups - was: SSNs, rootkits, Incident Response, etc... James H Moore (Jul 07)
- <Possible follow-ups>
- Re: Good Investigation/Forensic groups - was: SSNs, rootkits, Incident Response, etc... Jeni Li (Jul 07)
- Re: Good Investigation/Forensic groups - was: SSNs, rootkits, Incident Response, etc... H. Morrow Long (Jul 08)