Announcing the SANS 2013 Digital Forensics and Incident Response Survey Results!

   Announcing the SANS 2013 Digital Forensics and Incident Response Survey

PR Newswire

BETHESDA, Md., July 8, 2013

New technologies are challenging professionals in the areas of digital
forensics and incident response, and policies and tools must catch up.

BETHESDA, Md., July 8, 2013 /PRNewswire-USNewswire/ -- SANS announces the
results of its first-ever survey on digital forensics and incident response,
sponsored by Bit9, Cellebrite, FireEye and Guidance Software. The survey
results will be previewed at the SANS Digital Forensics and Incident Response
Summit in Austin, TX, June 9 and the full results will be released during a
SANS Analyst Webcast on July 18 at 1 PM EDT.

In the survey, 54% of respondents indicated their digital forensic
capabilities are reasonably effective. Although the majority of their
investigations still take place on company-issued computers and laptops and
internal networks and systems, participants also conduct forensic
investigations on virtual and cloud-based systems and other unconventional
endpoints. When it comes to investigating these new media types, participants
are nearly equally divided among several challenges inherent to such
investigations—including a lack of specialized tools, standards and training,
and visibility into potential incidents.

"The landscape of digital forensics has changed dramatically over the last
several years while in many cases our tools and techniques have lagged
behind.This survey illustrates the technical and policy challenges faced with
mobile and BYOD investigations, while highlighting the need for additional
response and investigative capabilities. It also shows that overwhelmingly,
respondents do not have SLAs with cloud providers that cover forensic
investigations.The results of this survey should help organizations
understand how they compare to others in industry and is a useful planning
tool for those looking to increase their capabilities," says Jacob Williams, a
forensics consultant and SANS co-instructor who is co-authoring the survey

The respondents for this survey were numerous and diverse, with more than half
representing organizations of 2,000 employees or more. Smaller operations were
also well represented; organizations with fewer than 500 employees comprised
almost one-third of all responses. Respondents also came from a range of
industries; the largest group (almost one-quarter of survey respondents) was
government professionals. Education, financial, consultants in forensics and
incident response, and technology were the next most represented industries,
with approximately 10% of responses each.

"Digital investigations are rapidly assuming a larger role in our system of
justice and in our greater society. This survey informs us that digital
investigations are changing as technology changes. The experts and the
authorities who conduct and rely upon digital investigations are scrambling to
catch up. They need better tools, new practices, updated education and more
savvy professional guidance," says Ben Wright, a SANS senior instructor and
attorney who is also co-author of the survey report. "This survey demonstrates
that investigators need to review policies and practices with knowledgeable
legal counsel, to ensure that evidence is managed effectively and that
investigations are not derailed by surprises such as privacy law."

New technologies bring complications as well as convenience, as Paul Henry, a
SANS senior instructor who is also co-author of the report explained:
"Although the community has long recognized the benefit of performing a
physical analysis of a mobile device in recovering deleted data, device
vendors are not making such analysis any easier by implementing mandatory
encryption of storage media. In just one example, this caused a delay of
several weeks while law enforcement waited for Apple to unlock and decrypt an
iPhone; sometimes such requests take months. Meanwhile, forensics in the cloud
requires an updated skill set—in many respects it can be more technically
difficult, as traditional forensic procedures can potentially destroy the
evidence you are trying to collect."

Those who register for the July 18 webcast where we release our results will
be given access to the full report developed by Jacob Williams, Paul Henry and
Ben Wright.

During the webcast, attendees will learn:

  oWho uses digital forensics
  oHow and why investigations take place
  oThe challenges of investigations at the cutting edge of technology

About SANS Institute
The SANS Institute was established in 1989 as a cooperative research and
education organization. SANS is the most trusted and, by far, the largest
source for world-class information security training and security
certification in the world, offering over 50 training courses each year. GIAC,
an affiliate of the SANS Institute, is a certification body featuring over 20
hands-on, technical certifications in information security. SANS offers a
myriad of free resources to the InfoSec community including consensus
projects, research reports, and newsletters; it also operates the Internet's
early warning system—the Internet Storm Center. At the heart of SANS are the
many security practitioners, representing varied global organizations from
corporations to universities, working together to help the entire information
security community. (


Press spacebar to pause and continue. Press esc to stop.