BENEFITS OF PROFESSIONAL FORENSIC METHODOLOGY

BENEFITS OF PROFESSIONAL FORENSIC METHODOLOGY

The impartial computer expert who helps during discovery will typically have experience on a wide range of computer hardware and software. This is always beneficial when your case involves hardware and software with which this expert is directly familiar. But fundamental computer design and software implementation is often quite similar from one system to another, and experience in one application or operating system area is often easily transferable to a new system.
Unlike paper evidence, computer evidence can often exist in many forms, with earlier versions still accessible on a computer disk. Knowing the possibility of their existence, even alternate formats of the same data can be discovered. The discovery process can be served well by a knowledgeable expert identifying more possibilities that can be requested as possibly relevant evidence. In addition, during on-site premises inspections, for cases where computer disks are not actually seized or forensically copied (see below), the forensics expert can more quickly identify places to look, signs to look for, and additional information sources for relevant evidence. These may take the form of earlier versions of data files (eg. memos, spreadsheets) that still exist on the computer's disk or on backup media, or differently formatted versions of data, either created or treated by other application programs (eg. word processing, spreadsheet, e-mail, timeline, scheduling, or graphic).
Protection of evidence is critical. A knowledgeable computer forensics professional will ensure that a subject computer system is carefully handled to ensure that:
1. no possible evidence is damaged, destroyed, or otherwise compromised by the procedures used to investigate the computer.
2. no possible computer virus is introduced to a subject computer during the analysis process.
3. extracted and possibly relevant evidence is properly handled and protected from later mechanical or electromagnetic damage.
4. a continuing chain of custody is established and maintained

====================================================================

Reporting

Users,

Reporting a security breach does not require much of expertise. It is very easy to lookout for a loophole or a vulnerability at a given target to be assessed.
However what signifies the most is the preventive maintenance to be acknowledged and should be carried out immediately. For example the SSH Login attempts.
SSH provides an alternate authentication method which successfully mitigates password guessing attacks. This authentication method is based on cryptographic keys, or so-called private key and public key. The public key is placed onto the server and acts as a custom lock for access to your account. This lock can only be opened with the corresponding private key. Once you provide this key, you gain access.
Password guessing attacks would fail as attackers cannot guess or generate such a private key. All modern SSH servers are configured by default to support this authentication method. However, they usually fail back to password-based authentication in case the incorrect private key is provided, opening the door for password guessing attacks once again. The server needs to instead be configured to accept key-based authentication only for this mitigation strategy to be successful.
The above have been written down from a combined study.
Hope this would shed some light on the Security concerns.

====================================================================