Survivable Functional Units: Balancing an Enterprise’s Mission and Technology

Enterprises strive for success in fulfilling their mission to their customers. Information and its management are key components of their ability to succeed. Computer systems and network infrastructure components—the technologies that process this information-are playing an increasingly larger role in support of an enterprise;s ability to fulfill its customers' needs. Their role has grown to a point where the slightest disruption-break-ins or even attempted break-ins-can adversely affect the enterprise's ability to manage information and therefore deliver products and services to its customers. Although system administrators often need to focus on the details of computer systems and network infrastructure components to keep them operating smoothly, they must also be able to see the role that these technologies play in support of the enterprise's mission. This technical note describes Survivable Functional Units, a way to think about these enterprise networks. Although Survivable Functional Units have always been a part of networks, they now have a name and a more rigorous definition, and they can be linked to the mission of the enterprise in a more straightforward manner. The intended audience for this technical note is system administrators and their immediate managers, though the concepts have wider applicability

Computer Forensics: Results of Live Response Inquiry vs. Memory Image Analysis

People responsible for computer security incident response and digital forensic examination need to continually update their skills, tools, and knowledge to keep pace with changing technology. No longer able to simply unplug a computer and evaluate it later, examiners must know how to capture an image of the running memory and perform volatile memory analysis using various tools, such as PsList, ListDLLs, Handle, Netstat, FPort, Userdump, Strings, and PSLoggedOn. This paper presents a live response scenario and compares various approaches and tools used to capture and analyze evidence from computer memory