Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Incident Response Tools


Incident-response tools are becoming increasingly important as new regulations and legislation stipulate disclosure after security breaches. Without established procedures, companies can be penalized for noncompliance.

Well-known software companies such as Guidance Software, Mandiant and Technology Pathways are developing products to assist with live incident response and memory acquisition. Independent researchers are publishing their findings on their Web sites and producing open-source tools for incident response.

Live incident response and new memory analysis techniques are providing more information than believed possible. For companies subject to rigorous legal inquiry, mature commercial tools offer benefits over open-source tools, which must undergo peer review and may be met with skepticism in a courtroom.

Regulations such as the Gramm-Leach-Bliley Act, HIPAA, Sarbanes-Oxley, PCI DSS and California SB 1386 are driving companies and government agencies to document their incident-response procedures following a security breach or other crime. How volatile data is handled is especially critical.

Stepping in to help organizations tackle this problem are incident-response tools that ease compliance with regulations. Researchers also are making tremendous progress in increasing the level of analysis that can be applied during the investigation process. With new memory-analysis techniques, incident-response teams can track down changed data and threats far more effectively than ever before.

These incident-response systems provide a structured method for gathering and analyzing evidence. Companies can use them to preserve critical data and minimize downtime following an incident, possibly preventing disclosure of sensitive data and protecting their reputation.

  • 1