Please help me understand computer hacking 'forensics'

Discussion in 'Security' started by theNEOone, Feb 15, 2013.

  1. theNEOone

    theNEOone Diamond Member

    Joined:
    Apr 22, 2001
    Messages:
    5,733
    Likes Received:
    1
    After reading the post of the FB hack and how the company 'does not believe that user data was compromised' I thought to myself, 'How do they know that to be true?'

    I'm sure this is not the right analogy (which is why I'm posting here) but if someone were to break into my house and take pictures of my belongings or my bank statements, how would I know? Likewise, if someone hacked FB data and simply took screenshots or some other kind of screen capture (or file copy), how would FB know?


    =|
     
  2. lxskllr

    lxskllr Lifer

    Joined:
    Nov 30, 2004
    Messages:
    44,669
    Likes Received:
    91
    Probably checking the logs to see what was accessed, and by who.
     
  3. unokitty

    unokitty Diamond Member

    Joined:
    Jan 5, 2012
    Messages:
    3,349
    Likes Received:
    0

    Five Comments

    One
    Note that FB's statement "does not believe that user data was compromised" is meaningless.

    Similar to the "There is no evidence that the compromised data has been used in a crime." which is another meaningless statement.

    Two
    All forensics, digital and physical, is based on Locard's exchange principle.

    Three
    The two major computer forensic vendors are Access Data and Encase. Access Data offers several certifications. You can find more information about them here. (Full disclosure, I've earned their ACE cert.)

    Some schools offer digital forensics training as do the vendors as do SANs and the EC Council. If you enjoy learning about systems, you might enjoy forensics.

    Four
    What Facebook can discover about the intruders depends on several factors including what ID or IPS controls that they had in place at the time of the intrusion as well as what happened to the compromised systems between the time of the compromise and the discovery of the compromise.

    Five
    If you want to read something now, you could download NIST's Computer Security Incident Handling Guide.

    Uno
     
  4. RompinRaider

    RompinRaider Junior Member

    Joined:
    Jan 5, 2013
    Messages:
    3
    Likes Received:
    0
    Thanks for the info.....good stuff!
     
Loading...