January 24th, 2003, 08:54 PM
Disaster Recovery <=> Forensics?
More of a question than anything. A few of us here are looking to incorporate what we can into a disaster recovery plan. I am not sure if AO is the place to ask this, but I figured to at least ask as there are many great topics here already. If not here, can anyone recommend a board to pose such questions about disaster recovery?
Thanks much for what is out here already!
January 24th, 2003, 09:25 PM
I would suggest that security breaches can very well be disasters and as such they would be appropriate topics on AO.
Since security breaches are somewhat dissimilar to other forms of disaster they will require skills, knowledge and procedures that many would not have considered in the normal field of disaster recovery. Take for example the following two scenarios:-
1. A flood strikes a remote data center causing a complete loss of all assets and data.
2. All data on a server on the internal network of the same datacenter has been deleted by persons unknown.
While being a royal pain in the a$$ scenario 1 is relatively simple for any technician. Dry the place - get new hardware - install OS's - restore from offsite backup.... Bingo, (over-simplified but you get the point).
Scenario 2 has a few twists.
1. How did the intruder operate, internally, externally or a combination of both?
2. Does s/he still have access?
3. What means are being used to maintain the access and can it be blocked?
4. A biggie...... What have they compromised? A single machine or multiple?
5. Does the company wish to take action and if so are you prepared for evidence gathering?
6. Why didn't we log more activity? <s>
The issues are quite different and require an entirely different skill set and mind set. I for one think it is quite appropriate to discuss certain facet of isaster recovery on a security forum.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
February 6th, 2003, 07:52 PM
As it turns out, I need to pick a topic for my graduate thesis. I was thinking about disaster recovery with a focus on IT. Now within my organization I can pick up a lot of information that I can use in the paper, but it would need to be deemed confidential or the like. I however, would like to write something that would serve some use in the real world. The cool thing is that this project does not have to follow the traditional style of thesis structure, and therefore allows for other avenues to report research, (e.g., novella, extended lit review, or even a comic book <= not as easy as on would first think). This site seems to have a lot of good tutorials, so if deemed okay and it works out, I would like to post my research here and see what people think.
The data and research would be real, and would be backed up by a formal lit review of at least - least 10-20 other sources. What I am struggling with now is the scope of the project, and as Tiger Shark pointed out, there are at least two different scenarios to work from. I will update when I can, but if anyone has any input, it would be much appreciated.
February 6th, 2003, 09:35 PM
I posted in a thread about disaster recovery a while ago; I've searched it out, here
February 6th, 2003, 09:48 PM
Very cool. Depending on how my thesis committee feels, I may ask to use various site information from AO as a source for my references. I am not sure if this would be something that would provide people a cookbook to recover from a specific disaster, but maybe look towards preparation and prevention - then again, I am still scoping the project out.
Thanks to slarty for taking the time to look up your previous post on this! I am sure it will help others as well if they did not see it before.