by Paul Kenyon
For a number of years digital forensics has referred to "the application of computer investigation and analysis techniques to gather evidence suitable for presentation in a court of law." While collecting this digital evidence, to be used retrospectively in subsequent litigation, is a valid activity there is growing support for a more proactive proposition.
Organizations need all the help they can get if they’re to adequately fight back against malware proliferation and malicious activity. We’re about to witness a new dawn for digital forensics.
We’re all familiar with the risks our enterprises face from rogue or untrained IT administrators gaining access to the corporate servers and wreaking havoc. This can be anything from accidental and/or unwanted changes and bad IT practices to corporate espionage and malicious revenge attacks.
This has been a key driver for organizations to develop and store an audit trail of privileged activity, across the network, to provide clear visibility of what’s taking place and who is performing it. More recently, this trail has also been critical to verify an organizations compliance with legislation.
Source: Help Net Security