A few weeks ago, someone got access to our customer data, and posted a video on YouTube claiming to be hackers and published defamatory content about us online - with details of our customers. The attack has since spread to 8 videos on YouTube, FB, Vimeo and DailyMotion - along with several comments online. We've had a hard time finding the person, and our lawyers are asking for a large sum in order to obtain a UK court order for these sites to disclose the person. I'm not sure that would work as they've used anonymous names and email addresses. We've also had limited success with those sites. They are agreeing to block the content in the UK only, but not globally. What should we do in such a situation? I fear for the longevity of our business.
In a word: Forensics.
Computer forensics is the art of examining a system and determining what happened upon it previously. The examination of file and memory artifacts, especially file timelines, can paint a very clear picture of what the attacker did, when they did it, and what they took.
Just as an example - given a memory dump of a Windows system, it is possible to extract not only the command lines typed by an attacker, but also the output that they saw as a result of running those commands. Pretty useful in determining impact, eh?
Depending on the freshness of the compromise, it's possible to tell quite a lot about what happened.
Answered 7 years ago
Access 20,000+ Startup Experts, 650+ masterclass videos, 1,000+ in-depth guides, and all the software tools you need to launch and grow quickly.
Already a member? Sign in