 
        	    Image © armmypicca, 123RF Free Images
Digital Forensics
Welcome
In the Welcome column, I write about jobs, careers, trends, and sometimes random but relevant topics. For this issue, I'm discussing a new direction in system administration that you might know as computer forensics, cyberforensics, or digital forensics.
Digital forensics is the discovery, recovery, investigation, and examination of data found in computer systems. Computer systems is a broad category that includes databases, network devices, and mobile devices. It may also include other devices (e.g., supervisory control and data acquisition (SCADA) instruments) that store, process, or use data. Although digital forensics isn't new, it can be a new direction for those who have traditionally held system administration jobs.
You might wonder why I'm discussing a security topic for a column focusing on system administration. I've mentioned before that security is everyone's job, and it's certainly true for system administrators, and digital forensics is an extension of that role. The reality of the system administrator's role is that our job description is "Other duties as assigned" and little else. We do everything, and security is often the least offensive task that we have the pleasure to perform.
To illustrate how the roles overlap, assume that you suspect a system has been compromised. You begin collecting and comparing logs to find out when the breach occurred. Next, you search for compromised or new accounts. You search for open ports and check network data to see if information is being exfiltrated. You isolate systems and run various vulnerability and rootkit scans. You might even enlist the assistance of other digital forensic specialists to help locate backdoors, trojans, scripts, and changed files. You probably changed all your root and administrator passwords. Performing these and similar tasks is digital forensics.
Some sys admins have a special talent for digital forensics, while others will have no interest at all. I
...Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
 
            
		





 
         
        