Intriguing, no? The Gordon Washington University School of Medicine has observed that bacteria left on keyboards and computer mice is highly unique to its depositors, and can be collected and identified up to two weeks after it is left on the device. If you would like to see more about this article please visit: www.ere-security.ca , RSS feed, March 29, 2010.
This certainly provides another identification tool with regard to tagging unauthorized access and use of equipment and to tying an individual to an act of accessing electronics.
I’m not sure if it is legal to request a finger swab and if this new type of evidence could even be presented in court, but hey, DNA evidence had to begin its legal career at some point.
It is not that far removed from contact biometrics such as fingerprint readers and palm readers. And these are not far removed from contact with “something you have” such as an identification swipe card. Since we are already on the slippery slope of allowing contact with one’s personal identification device or hand parts, perhaps identification by personal bacteria is not that unreasonable.
Identifying who may have used a mouse or keyboard does not help a forensic investigation relating to remote unauthorized accesses. Users still make the same old mistakes with regard to preservation of forensic evidence when they become suspicious about a potential cyber attack.
Not to demean bacteria in any way, but users should and can implement the following procedures when they would like assistance in verifying that an intrusion has been committed on their system:
- Immediately telephone the IT security department and clearly identify their observations of concern, what they were doing on their workstation at the time, and the exact time / date.
- Do not continue to interact with their workstation and with any other applications / systems with which their workstation is interacting.
- Do not turn off their workstation.
- Do not attempt to run any diagnostics on their workstation.
- Do not send emails from their workstation.
The investigating forensics team should:
- Isolate the workstation and other systems associated with the potential incident.
- Not turn off the power to any of these systems.
- Make an image of the state of each system, make a copy of the disk contents, and especially make a copy of the logs of all relevant systems.
- Then begin their forensic investigation
Of course many forensic situations could have been mitigated at the preventative stage by computer users / bacteria hosts following simple security best practices. But that is an ongoing conversation.
Have a secure week.
Regards, Ron Lepofsky, CISSP
President,
ERE Information Security and Compliance Auditors
Tags: DNA, Forensics, Information Security, IT Security, Personal Identification
[...] This post was mentioned on Twitter by Ron Lepofsky. Ron Lepofsky said: Forensic Identification Using Skin Bacteria: http://bit.ly/btoboA [...]
[...] Forensic Identification Using Skin Bacteria « ERE-Security Blog [...]
[...] Forensic Identification Using Skin Bacteria « ERE-Security Blog [...]
Great information! I’ve been looking for something like this for a while now. Thanks!
Thank you very significantly for your fantastic data. There is definately alot to comprehend and as I look around I retain hearing various factors of see. Some which can be quite sensible and others that are quite unbelievable. I’ll return with some greater feedback and an belief of my very own after I feel assured sufficient to type an opinion value stating.
I have recently started a site, the info you provide on this site has helped me greatly. Thanks for all of your time & work.|