Because attackers are now using memory-resident malware and tools that leave no trace on the disk, forensics experts must take a different approach to their investigations, says Christopher Novak, director of Verizon's global investigative response unit.
Organizations relying heavily on disk-based forensics may fail to detect breaches, he warns in part two of an interview with Information Security Media Group. "The reality of it is they might have had a very serious breach but it's all memory-resident," he says. "A lot of incident response firms out there rely heavily on taking forensic disk images."
Just as cybercriminals are relying more on automation and collaboration, so too organizations defending against attacks must become more sophisticated in their breach detection and prevention efforts and work with others on threat information sharing, Novak stresses.
"The whole landscape has changed both for the attacker...(continued)