Consultants

Wireshark, Tools and forensic

  Intro   Making a forensic analysis means to be able to collect and analyze data in order to find out evidence that could led you to a specific break.   Although is usually considered a post-mortem activity in the IT realm this aspect is less marked than in other forensic environment. If we are running an investigation on a homicide, as an example, we will be present when everything is already done, and we just have to collect cold evidence. On the other end when we are running a forensic IT investigation we cannot be sure that the event…

Wanted Dead or Alive: The Human Factor

TECHNOLOGY originally published on DaftBlogger.com Wanted Dead or Alive: The Human Factor By Antonio Ieranò on September 29, 2013 at 7:45 PM Contents [hide] 1 From where should we start? 2 I said it all but… 3 Theory? OK I confess I am quite bored to listen to all those knowledgeable IT security experts talking about what is needed to secure a system. Everyone has his own point of view; of course they’re right when they say we need end-point security, mobile protection, anti-malware, anti-hacking, dlp, advance threat defense and protection. We all know we need firewalls, IPSIDS, cypher encryption systems, SSO, 802.1x, strong authentication, anti-virus, anti-everything,…

Digging it up on Security Costs and Security Budgets – part1

In my previous article, security costs and security budget, I made some assumption to simplify an introductory analysis on how much we should spend on security. Some of those assumptions have been made to simplify out tasks. Today I would like to quickly analyse some of those simplifications. One of the biggest assumption I made on the previous article is that if a problem cost us X then we can find a number n that express the number of incidents I’m allowed to permit so that nX can express the cost I’m allowed to accept. This simplification was based on…

Security Costs and Security Budgets

When I’m talking about security with customers, partners or at an event the first question I usually receive is: “how much this will cost to me?” This is an understandable question, costs have to be monitored and expenditure have to be planned wisely, the problem of  how much I canshould spend on security is a quite interesting topic. The problem, alas, is that usually IT managers do not use a clear model when planning investment in security but seamed to be attracted more by strange inner believes than a empirical analysis of cost and benefits. Another point that I’ve always found quite curious is that I’ve…

(ISC)2 Italy Chapter Site » Mobile Security Series – Beyond BYOD – Slides

(ISC)2 Italy Chapter Site » Mobile Security Series – Beyond BYOD – Slides Mobile Security Series – Beyond BYOD – Slides inShare1 Le slide del primo approfondimento (ISC)2 Italy Chapter sul Mobile (Beyond BYOD) sono disponibili ai soci a questo link(*): Webinar – (ISC)2 Italy – Mobile Series 1 – Beyond BYOD Ringraziamo tutti coloro che hanno seguito il seminario e ancor di piu’ chi ha dedicato del tempo per completare il sondaggio sull’iniziativa. Stay tuned: nelle prossime settimane vi informeremo sulle date del secondo e poi del terzo seminario della serie. (*) Per accedere alle slides e’ necessario essere Soci di (ISC)2 Italy Chapter; l’utenza…

Security Summit :: Il 12 marzo si apre l’edizione 2013: pronto il programma, definiti i contenuti

Steve Purser, Head of the Technical Department, ENISA (Photo credit: Security & Defence Agenda) Security Summit :: Il 12 marzo si apre l’edizione 2013: pronto il programma, definiti i contenuti Il 12 marzo si apre l’edizione 2013: pronto il programma, definiti i contenuti E’ praticamente definito il programma della prima tappa del Security Summit 2013 che si aprirà la mattina del 12 marzo a Milano. Si inizia infatti con un ospite d’eccezione, Steve Purser, Head of Technical Department, ENISA – European Network and Information Security Agency, che disegnerà il quadro dei progetti europei in tema di Ict security, tema di grande rilevanza…

Rapport clusit sulla sicurezza informatica in italia

È uscito il rapporto clusit sulla sicurezza informatica in italia, una finestra autorevole per conoscere lo stato della cybersecurity nel nostro paese. La documentazione si può scaricare direttamente e gratuitamente dal sito clusit 🙂 o direttamente dal link del security summit. Related articles The First Italian Cybercrime Report is Available [Infographic] (hackmageddon.com) Forensic incident response to the fore (scmagazine.com) Browse with a shared device,but watch out! (smiley2.wordpress.com) Browse with a shared device,but watch out! (securitytoolbox.wordpress.com) Spending your 2012 IT Security budget – beware of cheap, look for value (h30499.www3.hp.com) How ICT World Lived By Q1 2012 (it-sideways.com) Business insurance news:…

Forensic Software Tools

Image via Wikipedia Forensic Software Tools This post summarizes the features and advantages of a large number of software forensics tools. For detailed information and technical reports it is always best to view the vendor Web sites as well as organizations that conduct technical reviews and evaluations such as National Institute of Standards and Technology (NIST). The Computer Forensic Tools Testing project (CFTT) web site contains additional valuable information: http://www.cftt.nist.gov/disk_imaging.htm http://www.cftt.nist.gov/presentations.htm http://www.cftt.nist.gov/software_write_block.htm The information presented in this chapter is heavily based on the assertions of the various vendors who make the products listed in the chapter. Much of the information…

Posts navigation