Responding to Insider Attacks
Although the methods used in responding to an external attack are still valuable, some special techniques are especially useful in insider attacks. Computer forensics is possibly the most specialized of these. Forensics is discussed further in other chapters, but it has special applicability to insider attacks. First, the computer used in an attack probably belongs to the company, so there is generally no issue about search and seizure. The company might have physical control of the computer (less so when the computer is a laptop). If the investigation is to be conducted without the subject’s knowledge, the company can arrange a “black bag” job in which the drive is imaged during the night or weekend and the forensics ...
Get Incident Response: A Strategic Guide to Handling System and Network Security Breaches now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
