I was teaching last week when the announcement was made that the laptop was recovered… and then when the announcement was made that the data “appeared” to be untouched.
Since we have been writing and speaking about personal responsiblity and the way situations are sometimes (mis)handled, I intended to write about the basic forenics process and explain how someone *could* have captured the data in a way that it appeared untouched.
Then I found this blog and posting – and realized this says what I was thinking, but better. Enjoy the read.
I never really expected that the data was truly untouched; something there just doesn’t jive for me. That said, I think it made sense to announce that the data was “probably untouched” to calm the masses so this becomes a non-story and then we can move on. I’m okay with that approach, provided that while the media moves on, the professionals continue their work and we collectively look for ways for security to improve.
I’ve also started to review some of the broader knee-jerk reactions taking place. I really hope that we start to take a more pragmatic approach to security. Sure, events like this help shine a bright light on some issues and may even free some budget. The downside is that has the ability to encourage others to consider this a “one-time” event that can be “fixed.”
We have our work cut out for us – but I know we’re up to the challenge.