Go Back   AnandTech Forums > Software > Security

Forums
· Hardware and Technology
· CPUs and Overclocking
· Motherboards
· Video Cards and Graphics
· Memory and Storage
· Power Supplies
· Cases & Cooling
· SFF, Notebooks, Pre-Built/Barebones PCs
· Networking
· Peripherals
· General Hardware
· Highly Technical
· Computer Help
· Home Theater PCs
· Consumer Electronics
· Digital and Video Cameras
· Mobile Devices & Gadgets
· Audio/Video & Home Theater
· Software
· Software for Windows
· All Things Apple
· *nix Software
· Operating Systems
· Programming
· PC Gaming
· Console Gaming
· Distributed Computing
· Security
· Social
· Off Topic
· Politics and News
· Discussion Club
· Love and Relationships
· The Garage
· Health and Fitness
· Merchandise and Shopping
· For Sale/Trade
· Hot Deals with Free Stuff/Contests
· Black Friday 2014
· Forum Issues
· Technical Forum Issues
· Personal Forum Issues
· Suggestion Box
· Moderator Resources
· Moderator Discussions
   

Reply
 
Thread Tools
Old 02-15-2013, 07:00 PM   #1
theNEOone
Diamond Member
 
Join Date: Apr 2001
Posts: 5,718
Default Please help me understand computer hacking 'forensics'

After reading the post of the FB hack and how the company 'does not believe that user data was compromised' I thought to myself, 'How do they know that to be true?'

I'm sure this is not the right analogy (which is why I'm posting here) but if someone were to break into my house and take pictures of my belongings or my bank statements, how would I know? Likewise, if someone hacked FB data and simply took screenshots or some other kind of screen capture (or file copy), how would FB know?


=|
theNEOone is offline   Reply With Quote
Old 02-15-2013, 07:25 PM   #2
lxskllr
Lifer
 
lxskllr's Avatar
 
Join Date: Nov 2004
Location: Somewhere over the rainbow
Posts: 38,458
Default

Probably checking the logs to see what was accessed, and by who.
lxskllr is online now   Reply With Quote
Old 02-16-2013, 07:24 PM   #3
unokitty
Platinum Member
 
Join Date: Jan 2012
Posts: 2,582
Default

Quote:
Originally Posted by theNEOone View Post
After reading the post of the FB hack and how the company 'does not believe that user data was compromised' I thought to myself, 'How do they know that to be true?'

I'm sure this is not the right analogy (which is why I'm posting here) but if someone were to break into my house and take pictures of my belongings or my bank statements, how would I know? Likewise, if someone hacked FB data and simply took screenshots or some other kind of screen capture (or file copy), how would FB know?


=|

Five Comments

One
Note that FB's statement "does not believe that user data was compromised" is meaningless.

Similar to the "There is no evidence that the compromised data has been used in a crime." which is another meaningless statement.

Two
All forensics, digital and physical, is based on Locard's exchange principle.

Three
The two major computer forensic vendors are Access Data and Encase. Access Data offers several certifications. You can find more information about them here. (Full disclosure, I've earned their ACE cert.)

Some schools offer digital forensics training as do the vendors as do SANs and the EC Council. If you enjoy learning about systems, you might enjoy forensics.

Four
What Facebook can discover about the intruders depends on several factors including what ID or IPS controls that they had in place at the time of the intrusion as well as what happened to the compromised systems between the time of the compromise and the discovery of the compromise.

Five
If you want to read something now, you could download NIST's Computer Security Incident Handling Guide.

Uno
unokitty is offline   Reply With Quote
Old 02-18-2013, 05:44 PM   #4
RompinRaider
Junior Member
 
Join Date: Jan 2013
Location: Texas
Posts: 3
Thumbs up forensics

Thanks for the info.....good stuff!
RompinRaider is offline   Reply With Quote
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 09:25 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.