Covert Searches
A company might be able to narrow down the range of suspects to a small group. For example, network logs might indicate that harassing emails came from a specific subnet, but logs might be unavailable to further refine the specific client. Access logs might implicate a certain group of administrators, all of whom had a common administrator account. The company could choose to call in all of the suspects, advise them of the situation, and seize their computers for examination. The company could also decide to examine the computers covertly without the employees’ knowledge. A company can also choose to covertly examine a computer if it doesn’t want to directly confront the employee until it has more evidence.
In such a covert search, ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
