Datacollection

Why is proper data security important?

Data security and collection is one of the important things in case of an attack. There are many reasons for this, such as if you report the attack to the authorities and 3´rd partied. They need to understand what has happened based on the datacollection.

If the attack is to end in court, then it is important that there has been control of the process. If there is not, then there is a possibility that the case may fall in court. Here you get knowledge about how a good data security can be performed.

What data do we have?

What data do you have available if things go wrong? If you need to get logs out of a computer, then you will often be able to retrieve the computer and data secure. But if you have a cloud service, how are you? Do you know how data can be retrieved? These are just some of the questions that you have to ask yourself before you get hit.

Have a test been performed to test how the collection of data works? This will give you great insight of what you can expect in the event of an incident. The timeframe of the export of data from external systems like fx cloud is crucial.

Questions before we collect data?

The most important thing is to have described your process for the collection. The more careful you look the better datacollection you can create.

  • Date and time of start and end time
  • performed by whom?
  • what data is retrieved?
  • tools have been used for the collecting of data? (version of the tool)
  • Are data from a tool (antivirus, IDS, IPS, network equipment and what version of software did it have?)
  • how integrity checks was made? and the tool used?
  • what does the data contain and what format and fields are there? (description of data)
  • Where are data stored and how are access granted?

Integrity and data collection

How can you make sure that the data you collect, remains the same when sharing with peers ? and do you have a chain of custody)

The first question is of course yeasy to answer. greate a process for colelcting the data, storing it on a storage solution you have access and control over. Then you can run a program like DirHASH to calculate the hash values of the files you collected. The time to calculate depends on, how many files you have and the size. A rule of thumb is often the same time as you spend copying the files, as it heavily replies on disk I/O and the CPU at your disposal.

more will come later. (2511-2022)