Computer Crime Incident Management

When a security breach occurs, what steps should an organisation take?

Do treat the matter of computer crime seriously. The people that commit this crime depersonalise it, as humans do not appear to be involved, however the damages can have severe affects on your business as well as your health and well being.

Do not tell anyone about your suspicions unless they really need to know as rumours do spread like wildfire.

Do not challenge the target with your concerns. If they are up to no good you’re simply going to alert them that you’re on to them.

Do not let your own IT department have a quick look at the computer media as this can damage the evidence and yield it useless in a court of law. You would not ask a conveyance solicitor to look at a murder trial, therefore an IT person should not look at the computer unless specifically trained in computer forensics. A computer forensic investigator will obey ACPO (Association of Chief Police Officers) guidelines to ensure evidential continuity is upheld and that certain standards are complied with.

Do take legal advice before beginning a covert investigation. We live in a very litigious society and you could end up on the wrong side of a court case for all the wrong reasons.

Do not switch the computer on if possible as every time a computer is switched on data can be changed. Computer forensic analysts use special forensic tools to ensure that when they investigate the computer no changes are made to the digital evidence.

Do make notes as to who has used the computer and any other information you may have, however remember that you may have to surrender them to the other side at some point if the case progresses to court.