Product Group Tests
Digital forensic tools (2013)May 20, 2013
Best Buy: Lima Forensic Case Management Software from IntaForensics
Recommended: AccessData Forensic Suite and Cellebrite’s UFED Touch Ultimate
Ensuring the security of your organisation involves efficient technology yes, but also trained personnel to make sense of log data that is continuously accumulating, says Brendan Carroll.
With the rapid evolution of cyber capabilities and the increasing reliance on technology by corporations and government, processes have become more efficient, collaboration has been made simple and flexibility and versatility have come to be regarded as cornerstones within successful IT departments. In order to prevent the exploitation of vulnerabilities within critical processes however, one must be equipped with the right tools in order to detect, prevent and analyse any actual or attempted intrusions.
The products that we review this month fall into the categories of network and media forensic tools. These solutions provide a critical line of defence, allowing an organisation increased control over its network and the ability to analyse critical data stored on any digital medium.
Network forensic devices allow the traffic flowing over a network to be captured, logged and analysed. Features employ anything from granular control mechanisms to automated reporting capabilities - providing a security team with all of the tools necessary to ensure the protection of its network.
While the devices we examined this month provide the capability to extract and analyse data, the true benefit an organisation will receive from these solutions depends on having strong policies in place, developed processes and a well-trained and experienced security team. Further, the raw data exchanged over any network can be critical to its security. This makes having a forensic tool to capture and log that data necessary and, more importantly, to have a team that can analyse and understand what it is they are looking for and guarding against.
In order to gain the best results from one's investment the software should be implemented with several considerations. Filters are necessary in refining data search so a user is not overwhelmed with unnecessary information. Contextual information about the network architecture should be provided in order to make analysis more efficient. Finally, if one is to make the investment in a network forensic product, training should be integrated into the organisation's deployment plan. Having a well-trained team that knows what they are looking for will increase the efficacy of the product and ensure the security of the organisation's network. With the proper organisational considerations and foundations, the deployment of a network forensic tool can strongly impact the evolution of the security standards a company has in place.
However, even the best forensic team must be equipped with the proper tools to do its job appropriately. Many investigative teams need to recover files that have been deleted or access specific files buried in the depths of a system's file structure. With forensic tools such as we examine here, investigators have the ability to create an image of a digital storage medium where they can then drill down and analyse the necessary data at a granular level. This kind of transparency enables a team to recover and analyse whatever information could be deemed a threat.
From malicious insiders to viruses, phishing scams and more, organisations' data faces a persistent threat of compromise. As a result, we are forced to remain ever vigilant for the next threat to our resources. There is no one solution, no one guarantee. Rather, each organisation has the responsibility to tailor its security to the values and corporate policies in place, and for each organisation there are a host of forensic products that may prove fitting.
Brendan Carroll will graduate in May from Norwich University with a degree in computer security and information assurance. The following NU students contributed to this month's reviews: Georgij Lazarevski, Marjan Shapkaroski, Trevor Bergeron, Saul Costa, Mathew Davis, Ryan Dibble, Alexander Foskarino, Brendon Gallant, Steve Gonzales, Dillon Halliday, Katya Lopez, Zachery Matera, Gabriel McLean, Rory O'Neil, John Parker, Daniel Smith, Joshua VanLaar and Benjamin Wright.
All products in this group test
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Senior Network Security Engineer, London, £68-85k + package
Infosec People - England, London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Report: Mirai 'is just the tip of the iceberg'
- Data centres are on the move - where will they end up?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- 400% increase in POS malware variants across US Thanksgiving weekend
- Only 25% of businesses can effectively detect and respond to data breaches
- Is BYOD your company's norm? Beware the ghosts of data past this Christmas
- Over 400,000 phishing sites have been detected each month in 2016
- TalkTalk customers urged to get routers swapped over hacker fears