Page 663 - StudyBook.pdf
P. 663

Operational and Organizational Security: Incident Response • Chapter 11  647

                 setup may also be required if the equipment is returned to the owner.To ensure
                 the equipment is set up properly, the front and back of the machines should be
                 photographed upon seizing it. Photographs or diagrams should be made showing
                 how cables and wires were attached.
                    As seen in the previous section, volatile data must be collected first, as any data
                 stored in memory will be lost when power is lost. Because power failures can occur
                 anytime, it is important to collect, photograph, and document whatever informa-
                 tion is available on the screen or in memory.When evidence is collected, it is
                 important that each piece is tagged with an identifying number and information
                 about the evidence is added to the log. It also needs to be bagged properly to pre-
                 serve the evidence, such as storing hard disks in anti-static bags to prevent damage
                 and data corruption. Once placed in an anti-static bag, it should then be placed in
                 a sealed bag to ensure that no one can tamper with it. It should then be placed in a
                 locked storage facility (evidence locker or evidence room), so that access to the
                 evidence can be properly controlled.

                   Forensic Procedures
               Head of the Class…  investigation, you must ensure that it has not been compromised in any
                   Forensics is a science in which the evidence may help identify or convict a
                   culprit. Because of the weight this evidence presents in a trial or internal


                   way. If evidence is compromised, it can mean that someone whom you
                   are certain committed a crime cannot be convicted, and an employee
                   who threatened security will go unpunished.
                        A standard requirement in forensics is practicing due care. You need
                   to be extremely careful as to how evidence is handled, and that every
                   action is documented and accountable. At no time should there be any
                   confusion as to who had possession of evidence or what was done to it
                   during that time. By taking precautions to protect the data, you will
                   ensure that it is not compromised in any way.


                 Risk Identification

                 Risk is the possibility of experiencing some form of loss. It does not necessarily
                 mean that the risk will become a real problem, but that it has the potential to.To
                 deal with this potential, risk management is used to determine what risks are
                 potential threats, and then devise ways to deal with them before they become
                 actual problems. By taking a proactive approach to risks, the damage that can occur
                 from them is minimized.





                                                                              www.syngress.com
   658   659   660   661   662   663   664   665   666   667   668