File Integrity Monitoring
Remote Log Forwarding
Answer: Covering Tracks
File Integrity Monitoring: Every file has a unique signature that can identify it, like a fingerprint for a file. These file fingerprints are known as hashes, and even the tiniest change in a file will completely change the file’s hash. In theory, these hashes are supposed to be long and complex enough that they are unique, but the exact same file will always generate the same hash. By hashing your files and routinely monitoring the file hashes, you can be reasonably assured that your files have not been altered or replaced.
Remote Log Forwarding: Logs are an important tool in monitoring system health, potential cyberattacks, and general events. Storing logs in only one place comes with a risk: if the storage is compromised, the logs may also be lost or compromised. Remote log forwarding is the process of automatically sending logs to extra storage locations, usually to 3rd party security organizations. This generates extra backups and improves the integrity of your logs.
Digital Forensics: Digital forensics is the science of recovering data from systems which can be used to reconstruct a sequence of events on computer systems. Digital forensics is all about recovering data from storage devices, such as hard drives and flash drives. Forensics tends to be a slow, steady process, usually taking days or weeks. Forensics doesn’t happen in ten minutes flat like you see in the movies!
If only digital forensics worked in real life the way it does in movies.