Solving Redmond computer mysteries

By Gordon 2 years ago

Software from Redmond, Washington always seems newsworthy. This software project was going well and beginning to get national attention. One day the focus turned inward, however. During a test of the project, the boss discovered that the new software was providing links to pornography on the Internet. Ouch! He made solving this problem a high priority and called to provide a forensic investigation of the issue.

The investigation

Computer forensic imaging and analysis of a server at work didn’t give any clues.  Our investigation moved to the exec’s home on a nearby island. We made forensic images of computers, looked at the network and interviewed staff to understand general activity at the home.  The answer turned out to be inside a computer at the house. Looking at a timeline of PC activity clearly showed that the problem was house staff surfing the web and a browser that wanted to return to yucky web sites.  Wow, a forensic investigation really can provide answers.

It was not a problem with the company software but was a problem with usage of this computer.

Lessons learned

There is a security lesson here. The advantage of great network security at work can be lost if a computer can be accessed by your babysitter’s boyfriend. For more great tips on how to secure computers in a world of imperfect humans see: http://securingthehuman.sans.org/resources/newsletters/ouch/2016
These tips are free and can be distributed without cost… but the advice that they have from SANS experts is top notch.

Category:
  Blog
this post was shared 0 times
 000