Convergence
At the BasisTech Open Source conference (June, 2010), a LEO told me, "we do CP and fraud cases, you do intrusions and malware."
My response at the time was, well, no, we (meaning analysts/examiners who are not LE) solve problems...and the people who call us have intrusion and malware issues. My point was that much of what we do and the skills we bring to the table are (or could be) very useful to LE. In fact, many of us who are not LE have done work on CP cases, some even resulting in plea agreements.
Looking back over some of the work that I and others have done, it occurs to me that there's an ever greater convergence between LE and analysts in the private sector. Say LE has a CP or fraud case...if the claim of "the Trojan did it" is made, then the case becomes a malware case, even to the point that the claim has to be disproved. If the claim is made that an unauthorized user accessed the system and placed the image files on the system, then the case then becomes an intrusion case.
So I guess my point is that there's a convergence in what each of us does, and we're not quite so separate and in our own silos the way some think, and we don't so much have disparate skill sets. I'm just sayin'...
My response at the time was, well, no, we (meaning analysts/examiners who are not LE) solve problems...and the people who call us have intrusion and malware issues. My point was that much of what we do and the skills we bring to the table are (or could be) very useful to LE. In fact, many of us who are not LE have done work on CP cases, some even resulting in plea agreements.
Looking back over some of the work that I and others have done, it occurs to me that there's an ever greater convergence between LE and analysts in the private sector. Say LE has a CP or fraud case...if the claim of "the Trojan did it" is made, then the case becomes a malware case, even to the point that the claim has to be disproved. If the claim is made that an unauthorized user accessed the system and placed the image files on the system, then the case then becomes an intrusion case.
So I guess my point is that there's a convergence in what each of us does, and we're not quite so separate and in our own silos the way some think, and we don't so much have disparate skill sets. I'm just sayin'...