First, let’s start with the basics. What is IT forensics? Simply put, IT forensics is the practice of gathering intelligence about IT assets (software or hardware.) It’s usually considered an “after the fact” practice.
For example, if your hard drive crashed and you needed to recover the data, you’d send the hard drive to an IT Forensics firm to do the work.
Some other instances when you’d need IT forensics:
- You need to recover data that was deleted years ago
- You need to determine what a file looked like on a certain date
- You need data certified for use in court
IT forensics is a very valuable service but it’s also a very expensive one. The cost to recover files will usually be in the thousands of dollars.
So, what’s the alternative?
Back up those critical files. Gain better, consistent visibility into your enterprise. It costs a lot less in both time and hard dollars.
Having a lightweight agent on all of your endpoints to record—in real time—all the important events that are happening may prevent an incident from occurring in the first place. But if an incident does occur, continuous visibility via always-on recording will make virtually all IT forensics efforts far less expensive and time-consuming. Real-time recording also enables you to keep the information in-house, for fast, easy access.
Many Bit9 + Carbon Black customers use our software largely for the visibility it provides them. While our solution has industry-leading endpoint threat detection and response (ETDR) and prevention capabilities, the power of visibility alone makes the investment in Bit9 + Carbon Black a wise one for any organization, and far more cost-effective than having to call in an IT forensics firm to perform a post-mortem after the damage has been done.