Educause Security Discussion mailing list archives
Re: Outsourcing Forensics
From: Jim Dillon <Jim.Dillon () CUSYS EDU>
Date: Tue, 29 Aug 2006 15:52:27 -0600
There is much that can be done under internal policy that is eliminated as an option once the option is made to involve law enforcement, as their hands are tied when it comes their scope of work. Under policy you can declare a machine and all data the property of the institution, and deny its use for personal ends. Then
during investigation, anything out of sorts can be pursued per policy in any imaginable way. Under a legal review, you will be restricted to the particular scope of the charges and the restrictions provided by both state and federal law as to what you may do with the data you find. Policy is far less limited in terms of discovery.
GF>> It sounds like you're making the argument that internal or third GF>> party, non-law enforcement forensics is a better first option than GF>> contacting law enforcement because the scope of the investigation GF>> can be broader. Gary, I was not really trying to make that argument, more to the point I was trying to distinguish between everyday recovery and snooping along policy lines and full blown, disciplined forensics with prosecution as an objective. I think there is use for some skill and effort being applied to the first w/o the perfect investment in skills and resources, whereas the second shouldn't be pursued w/o the requisite skills and resources as it is doomed to likely failure. I was more concerned with the definitional aspect of "forensics" than the philosophical approach. One of those "do it right the first time" sorts of things - or don't do it, get someone who can. Ultimately, the discipline is worthy of the right level of investment, or don't bother to pursue it was my line of thinking - but a lesser form of the discipline still has utility under policy, and that may serve the institution just the same, just don't confuse it with the other or you are not likely to succeed. Jim
Current thread:
- Re: Outsourcing Forensics, (continued)
- Re: Outsourcing Forensics Delaney, Cherry L. (Aug 28)
- Re: Outsourcing Forensics Gary Flynn (Aug 28)
- Re: Outsourcing Forensics Russell Fulton (Aug 29)
- Re: Outsourcing Forensics Cam Beasley (Aug 29)
- Re: Outsourcing Forensics Samuel Liles (Aug 29)
- Re: Outsourcing Forensics Ken Connelly (Aug 29)
- Re: Outsourcing Forensics Daniel R Jones (Aug 29)
- Re: Outsourcing Forensics Jim Dillon (Aug 29)
- Re: Outsourcing Forensics Gary Flynn (Aug 29)
- Re: Outsourcing Forensics Mclaughlin, Kevin L (mclaugkl) (Aug 29)
- Re: Outsourcing Forensics Jim Dillon (Aug 29)