by Robert McMillan

Forensics Tools Help Companies Investigate Intrusions Remotely

Mar 17, 2010

For global companies, forensics applications provide another weapon in the security arsenal.

How it works: Forensics software from vendors such as Guidance Software and Mandiant let companies remotely examine machines for evidence of intrusion. These applications help security professionals find signs that other tools miss—checking registry files, hard drives, even a computer’s memory.

Who is doing it: Google’s break with China in January over compromised e-mail accounts highlighted the need for global companies to adopt more sophisticated methods of protecting data. Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham, says antivirus and anti-malware software isn’t enough because hackers tailor malware for specific victims. China isn’t the only worry, he adds, especially for companies in industries such as defense.

Growth potential: Forensics software represents a fraction of the security market, which IDC estimates is worth $24.5 billion, but Guidance Software says its products are used by 20 percent of the Fortune 500. As western companies take a hard look at their security postures, forensics may become key to survival, say analysts. Today, if you work for the government or a company with sensitive business, “You don’t take your own computer when you go to China because of the likelihood of intrusion, “ Warner notes. —