Please help me understand computer hacking 'forensics'

theNEOone

Diamond Member
Apr 22, 2001
5,745
4
81
After reading the post of the FB hack and how the company 'does not believe that user data was compromised' I thought to myself, 'How do they know that to be true?'

I'm sure this is not the right analogy (which is why I'm posting here) but if someone were to break into my house and take pictures of my belongings or my bank statements, how would I know? Likewise, if someone hacked FB data and simply took screenshots or some other kind of screen capture (or file copy), how would FB know?


=|
 

unokitty

Diamond Member
Jan 5, 2012
3,346
1
0
After reading the post of the FB hack and how the company 'does not believe that user data was compromised' I thought to myself, 'How do they know that to be true?'

I'm sure this is not the right analogy (which is why I'm posting here) but if someone were to break into my house and take pictures of my belongings or my bank statements, how would I know? Likewise, if someone hacked FB data and simply took screenshots or some other kind of screen capture (or file copy), how would FB know?


=|


Five Comments

One
Note that FB's statement "does not believe that user data was compromised" is meaningless.

Similar to the "There is no evidence that the compromised data has been used in a crime." which is another meaningless statement.

Two
All forensics, digital and physical, is based on Locard's exchange principle.

Three
The two major computer forensic vendors are Access Data and Encase. Access Data offers several certifications. You can find more information about them here. (Full disclosure, I've earned their ACE cert.)

Some schools offer digital forensics training as do the vendors as do SANs and the EC Council. If you enjoy learning about systems, you might enjoy forensics.

Four
What Facebook can discover about the intruders depends on several factors including what ID or IPS controls that they had in place at the time of the intrusion as well as what happened to the compromised systems between the time of the compromise and the discovery of the compromise.

Five
If you want to read something now, you could download NIST's Computer Security Incident Handling Guide.

Uno