I was doing an assessment today and thought to myself....outside of using our traditional commercial forensic software, what steps has this employee taken to the "why" and "how" the software does what it does.
Have we become too reliant on software that does "what it is supposed to do" or are you routinely validating the software to ensure it's accuracy? It seems to me that the course materials being taught in the SANS Forensic tracks do just that - teach us how to use more of a "grassroot type" forensics whereby we are able to better validate our results.
My conclusion - we need a little bit of both. The commercial software is polished and quite frankly, I don't know if we could keep up without it. That being said, as a Forensic Analyst I believe it is important for us to "question the obvious", "test our theories" and quite frankly, do what we can to disprove our assumptions. Back to basics - when we can answer the 5 "W's" and "how", perhaps we can truly be confident of the integrity of our results.
No comments:
Post a Comment