Post Process

Everything to do with E-discovery & ESI

Posts Tagged ‘Mandiant’

Around the Block for 9/1/10-Technical Articles of Note

Posted by rjbiii on September 1, 2010

On the Mandiant blog, Nick Harbor reflects on the topic of DLL Search Order Hijacking. Using this method, a person can, by placing a DLL file in a directory accessed by the targeted application, execute malicious code. An advisory on the subject, issued by Acros Security, can be found here.

In CSI SQL Server, Jasmin Azemovic discusses collecting evidence from MS SQL Server systems. Most of the article deals with handling and auditing logs, and it’s a nice read.

Attorney and technology consultant Craig Ball weighs in with a discussion of the the mechanics of email communications, in his article, E-Mail Isn’t as Ethereal as You Might Think.

Posted in Articles, email | Tagged: , , , , | Leave a Comment »

Companies are taking Forensics in-house

Posted by rjbiii on October 16, 2007

According to an article posted by Dark Reading, (annoying ad warning) IT departments are doing more of the intrusion investigations, and other tasks traditionally outsourced to experts, themselves.

If you think finding out who did what with your data always means calling in high-priced spooks armed with arcane software, think again. The trend is toward placing the power to handle investigations in the hands of enterprises themselves. Why? With security incidents, e-discovery and litigation on the rise across all industries and organizations of all sizes, having tools in-house allows IT to mobilize quickly and address situations before there’s significant impact.

The forensics software landscape has also gotten more inclusive, with enterprise-class investigative tools in the pipeline along with log-analysis software, network monitors, and systems that can aid in investigations and e-discovery involving e-mail. Many of these do double duty, making them easier sells come budget time.

The article also discloses that Guidance Software, producer of EnCase, will soon get a little more competition:

In the forensics space, at least two upstarts are set to rival the enterprise edition of Guidance Software’s Encase, the granddaddy of investigative toolsets. By year’s end, security services provider Mandiant will step into the enterprise incident response arena with its Intelligent Response appliance, and AccessData is also prepping an offering, due in the first half of next year, that will encompass forensics, incident response and e-discovery.

I’m not sure what a product that encompasses “forensics, incident response and e-discovery” will look like (seems like it might be taking too big a bite of the cookie), but I’m willing to reserve judgment for now.

Posted in Articles, Computer Forensics, Computer Security, Discovery | Tagged: , , , , | Leave a Comment »