05 Nov Solving Redmond computer mysteries
Software from Redmond, Washington always seems newsworthy. This software project was going well and beginning to get national attention. One day the focus turned inward, however. During a test of the project, the boss discovered that the new software was providing links to pornography on the Internet. Ouch! He made solving this problem a high priority and called to provide a forensic investigation of the issue.
Computer forensic imaging and analysis of a server at work didn’t give any clues. Our investigation moved to the exec’s home on a nearby island. We made forensic images of computers, looked at the network and interviewed staff to understand general activity at the home. The answer turned out to be inside a computer at the house. Looking at a timeline of PC activity clearly showed that the problem was house staff surfing the web and a browser that wanted to return to yucky web sites. Wow, a forensic investigation really can provide answers.
It was not a problem with the company software but was a problem with usage of this computer.
There is a security lesson here. The advantage of great network security at work can be lost if a computer can be accessed by your babysitter’s boyfriend. For more great tips on how to secure computers in a world of imperfect humans see: http://securingthehuman.sans.org/resources/newsletters/ouch/2016
These tips are free and can be distributed without cost… but the advice that they have from SANS experts is top notch.