Network intrusion investigation – Preparation and challenges

As new legislation is written mandating notification of affected parties following the compromise of confidential data, reliable investigative procedures into unauthorized access of such data assume increasing importance. The increasing costs and penalties associated with exposure of sensitive data can be mitigated through forensic preparation and the ability to employ digital forensics. A case study of the compromise of several systems containing sensitive data is outlined, with particular attention given to the procedures followed during the initial response and their impact on the subsequent digital forensic examination. Practical problems and challenges that arise in intrusion investigations are discussed, along with solutions and methodologies to address these issues. This case study illustrates both the importance of evaluating the evidence analyzed and of corroborating findings and conclusions with multiple independent sources of evidence. An initial response that incorporates forensic procedures provides a solid foundation for a successful and thorough forensic examination.