Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
· Home
· Content
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: Sarahhaydock
New Today: 2
New Yesterday: 2
Overall: 29713

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 With the drizzle, a round of crescent
 the sunset kisses the Western Hills
 eSoftTools Excel Password Unlocker
 Ceiling suppliers
 Red Raspberry Extract Wholesale

Computer Forensics World Forums

Pages Served
We received
page views since August 2004

Security Sources

OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - does anyones work practice what they preach
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

does anyones work practice what they preach

Post new topic   Reply to topic    Computer Forensics World Forum Index -> Miscellaneous
View previous topic :: View next topic  
Author Message

Joined: Dec 02, 2013
Posts: 1

PostPosted: Tue Dec 03, 2013 1:19 am    Post subject: does anyones work practice what they preach Reply with quote

I work in the forensics practice in one of the "big 4" companies. Recently myself and 2 colleagues decided to see if our company actually used the forensic techniques we use. A colleague of ours left her laptop unlocked to go to a meeting, we used her email to send a faked approval email to a colleague using an email in her drafts folder. It was only signing off an agenda so we thought nothing of it. We imagined that at work as we can identify suspicious mailings they would be able to identify it...we also pretended to be hackers so they would conduct a thorough investigation. She's not been at work for 3 weeks and her name has disappeared from contacts...this would indicate they don't practice what they preach. Has anyone else had a similar experience?

Originally posted Sunday December 1st.Edited Monday November 2nd
Back to top
View user's profile

Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Tue Dec 03, 2013 1:35 am    Post subject: Reply with quote

In reality, if you didn't have the approval of the company to conduct the "test", you broke several laws and could face criminal prosecution.
How did you attempt to "pretend to be hackers"?
The email would trace back to her laptop so there would be no real reason to suspect that she didn't send it.
It looks like you probably succeeded in getting her fired.
An honest person would go to the company and try to explain what you did.
Back to top
View user's profile

Joined: Oct 19, 2007
Posts: 241

PostPosted: Tue Dec 03, 2013 2:42 am    Post subject: Re: does anyones work practice what they preach Reply with quote

guest101 wrote:
Has anyone else had a similar experience?

Some years ago I was peripherally involved in investigating an incident in which an employee of a company was convinced her personal email was being read by someone else. The main investigations did not produce any strong leads, so at the end she came under suspicion herself, and left the company -- though there were other, and possibly stronger reasons for that.

It was a somewhat messy investigation, and didn't seem to get anywhere. It somewhat prejudiced me against CIOs leading incident investigations -- and it helped me understand that many people reach and affirm conclusions on very tenuous grounds, and are quite disinclined to explained the logical sequence of their decisions, or to go on looking for additional evidence when an apparently acceptable explanation has been reached.

I have worked with penetration testing for severeal years -- and I have learned the hard way that you never perform any tests without a means of short-circuiting all kinds of incident response that may start because of your tests. It can be extremely upsetting to everyone involved when an incident investigation gets out of hand.

An acquaintance once told of an investigation that ended up with a company manager concluding that his son had borrowed his laptop, and logged into the company network. But even when they found out that the logs that were being investigated had timestamps that were several hours out of synch, and thus that particular laptop was not involved at all, did not in any way undo the damage that was done to that family.

Forget about investigating if other people practice what they preach. Investigate your own practices instead.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Miscellaneous All times are GMT + 10 Hours
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003

Forums ©


TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted (c)2003, and is free under licence agreement. All Rights Are Reserved.