Image © armmypicca, 123RF Free Images
Digital Forensics
Welcome
In the Welcome column, I write about jobs, careers, trends, and sometimes random but relevant topics. For this issue, I'm discussing a new direction in system administration that you might know as computer forensics, cyberforensics, or digital forensics.
Digital forensics is the discovery, recovery, investigation, and examination of data found in computer systems. Computer systems is a broad category that includes databases, network devices, and mobile devices. It may also include other devices (e.g., supervisory control and data acquisition (SCADA) instruments) that store, process, or use data. Although digital forensics isn't new, it can be a new direction for those who have traditionally held system administration jobs.
You might wonder why I'm discussing a security topic for a column focusing on system administration. I've mentioned before that security is everyone's job, and it's certainly true for system administrators, and digital forensics is an extension of that role. The reality of the system administrator's role is that our job description is "Other duties as assigned" and little else. We do everything, and security is often the least offensive task that we have the pleasure to perform.
To illustrate how the roles overlap, assume that you suspect a system has been compromised. You begin collecting and comparing logs to find out when the breach occurred. Next, you search for compromised or new accounts. You search for open ports and check network data to see if information is being exfiltrated. You isolate systems and run various vulnerability and rootkit scans. You might even enlist the assistance of other digital forensic specialists to help locate backdoors, trojans, scripts, and changed files. You probably changed all your root and administrator passwords. Performing these and similar tasks is digital forensics.
Some sys admins have a special talent for digital forensics, while others will have no interest at all. I
...
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Cloud Forensics
Is your data really secure in the cloud? If a compromise occurs, current forensic approaches will not work and new techniques and standards will be needed.
-
Forensic analysis with Autopsy and Sleuth Kit
Forensic admins can use the Autopsy digital forensics platform to perform an initial analysis of a failed system, looking for traces of a potential attack. -
Forensic Tools
Criminals often focus on browsers for various attacks because they are a worthwhile, attractive, and often easy target. However, admins can investigate such attacks with forensic tools that provide the ability to reconstruct browser sessions.
-
Comparison of forensic toolkits for reconstructing browser sessions
Criminals often focus on browsers for various attacks because they are a worthwhile, attractive, and often easy target. However, admins can investigate such attacks with forensic tools that provide the ability to reconstruct browser sessions. -
Where Is Your Big Data?
You'd think that massive amounts of data wouldn't have the opportunity to be elusive, but we know this isn't true from the sheer number of data breaches in the past couple of years.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
