Thursday, December 11, 2014

Back in business: Software testing, information security and computer forensics

The last 2 months I was very busy with a lot of things except blogging on this site:
I founded a new social network about the behaviour of birds and together with SocialQuant, a company founded by my friend Dr. Morten Middelfart, we increased the online social Twitter-traffic for TestingSaaS and BirdBehaviour. Lots of fun and a lot tested and learned.

But, it started to itch again and after following an event organized by Testnet yesterday I was in the blogging mood again.
Why?
Well, the event was about information security and privacy.
Although the things said were not new to me I realized information security (infosec) and computer forensics depend on each other.
With infosec you want to defend information from wrongful behaviour by a third party.
This can be criminal behaviour, for which the evidence can be pertained by computer forenics specialists to use in legal court.
Yesterday, the first speaker from EMCS IT Services was saying government organizations were exploring the internet for criminal cyberbehaviour, but he did not say the evidence found for this has to be secured for forensic investigation. Finding the evidence is one thing, securing it and reporting it is something else.
To learn more about this, just have a look at Eforensics Magazine .
It's the same with software testing, bugs in the code and flaws in the documentation can be found, but this work is not effective without a sound description and report.
That's why I like software testing, information security and computer forensics.
It's all about interdisciplinary (functional, technical and legal) analysis and the way to visualize it in a report.
You can say that you found a bug, breach or forensic proof, but without a good report (with argumentation to back it) do not expect a pat on the back.