Strengthening Evidence Through Smarter Infrastructure Design

Modern information technology infrastructure generates a large amount of data that could potentially be used to investigate a crime. A brief list of sources of this data include:

• Firewall log data
• Router logs
• Anti-malware activity logs
• Intrusion detection or prevention logs
• Server time-stamped access logs
• Network directory services logs
• Web server logs
• Remote access or application logs
• Desktop, laptop, personal digital assistant, and smartphone logs
• Platform monitoring tools that monitor server, workstation, and network device activi¬ties for events of interest or concern

Data obtained from one of these sources may not be compelling by itself. However, placing it into context with other available information may enable an investigator to start drawing some conclusions as to the details of the crime.

Given that the average information technology infrastructure produces a large amount of potentially useful data, how to protect the integrity of that information and ensure that it can stand up to whatever scrutiny may arise must be considered. There are numerous techniques for achieving this, many of which revolve around technical or procedural methods.

In this Knowledge Sharing article, Jason Ventresco discusses a number of these technical and procedural techniques within the context of preserving the integrity of information in general, with a focus on that which is likely to be used during an investigation. He introduces some of the difficulties that organizations need to anticipate in the event that they are asked to participate in an investigation.

Jason makes a strong case that organizations serious about protecting potential evidence must take a close look at their data protection and infrastructure monitoring methods, policies, and procedures.

Read the full article.