Artificial Intelligence: A Force for Good

  Artificial intelligence (AI) is a rapidly developing technology with the potential to revolutionize many aspects of our lives. While there are some concerns about the potential negative impacts of AI, there are also many ways that it can be used for good. Here are some examples of how AI is being used for good: Healthcare: AI is being used to develop new drugs and treatments, improve diagnosis and treatment of diseases, and provide personalized healthcare. For example, AI-powered systems are being used to analyze medical images and data to detect cancer and other diseases earlier and more accurately than ever before. Education: AI is being used to personalize learning, provide real-time feedback, and help students learn at their own pace. For example, AI-powered tutors can provide personalized feedback to students on their homework and help them identify areas where they need additional help. Environment: AI is being used to monitor and protect the environment. For ex...

Incident Response and Forensic Analysis, a relationship.

Hello, and Welcome to my blog!

This week, we will be discussing how forensics is related to incident response.

Before we dive in, if you are not familiar with incident response, check out this link that will take you to one of my other posts that describes what incident response is.


The forensics part that is related to the incident response takes place after everything has happened. After the response team has done what they can, the forensic team comes in and analyze what has been taken. This team can be part of the response team or a separate group from the response team.


They have their own goals, data requirements, team skills, and benefits for both teams they have, and each of these has differences between them. It is also possible for a person to have both sets of skills and maybe both teams.

Incident Response vs. Forensic Analysis

Both of these are two related disciplines that use similar tools. Here are the essential highlights.

Incident Response:

Goals:

·         Focused on determining a quick response.

Data Requirements:

·         Requires short-term data sources, often no more then a month.

Team Skills:

·         Strong log analysis and malware analysis capabilities.

·         Ability to quickly isolate an infected device and to develop means to mitigate or quarantine the devices

·         Interaction with other security and operations team members.

Benefits:

·         The first line of defense in security operations.

·         Eliminate a threat on one machine in real-time.

·         Keeping breaches isolated and limited in impact.

               

Forensic Analysis:

Goals:

·         Completing analysis and gathering risks and impacts (part of scheduled compliance, legal discovery, or law enforcement investigation).

·         Focused on a full understanding and thorough resolution of a breach.

Data Requirements:

·         Requires much longer-lived logs and files.

·         A successful attack investigation can occur over somewhere between 150 and 300 days.

Team Skills:

·         Strong log analysis and malware analysis capabilities.

·         Requires interaction with a much broader set of departments, including operations, legal HR, and compliance.

Benefits:

·         Post-Incident Analysis.

·         Resolution of all threats with the careful analysis of an entire attack chain.

·         Ability to respond judicially.

 

Both are similar and take place in different stages. These stages are short-term, which happens during the attack. And long-term, which take place post-incident.

The short-term part of the incident response happens during the event of the attack, which are:

  • ·         Events
  • ·         Isolation, Containment, and Investigation
  • ·         Reporting
  • ·         Acquiring the evidence without altering or damaging the original.
  • ·         Verify that your recovered evidence is the same as the originally seized data.
  • ·         Transport evidence and ensure that integrity of the evidence.
  • ·         Communicate the incident to the receptive entity.

While the long-term is:

  • ·         Post-incident analysis
  • ·         Analyze the data without modifying it.
  • ·         Deepen visibility into processes and actions that occurred on devices and operating systems.
  • ·         Mitigate gaps and vulnerabilities.
  • ·         Focus on a scientific approach.
  • ·         Extensive reporting features.

 

A lot goes into both; however, they are essential for a business to understand that without a response team, it could spell trouble down the road if an attack happens and is not stopped in time. This is why it is vital to have an incident response team with forensic skills.

So, did I leave anything out? If so, please leave a comment below, I would love to hear from you.

Also, are you part of an incident response team? How has your experience in this area surprised you in any way? If so, please leave a comment below as well.

Until next week!

 

Source

Infosec. (n.d.). Incident response and forensics. Infosec Resources. https://resources.infosecinstitute.com/category/computerforensics/introduction/areas-of-study/computer-forensics-investigations/incident-response-and-forensics/#gref

Updated: 8/26/2020

Comments

Popular posts from this blog

What Makes a Security Plan?

Public vs. Private Clouds: A quick look at the Pros and Cons

The Differences between Hubs, Bridges, and Switches, and which one I would recommend using in your home or office