Analysis Costs

A breakdown in costs to analyse the binary and produce the required output is as follows:

The investigation team consisted of 2 people, sniph and elliot.

Time spent analysing the software:

Incident Investigator 1 - sniph: 26 hours

Time spent coding custom analysis tools:

Incident Investigator 2 - elliot: 20 hours

Time spent documenting results:

4 hours each

In a typical scenario, the compromised machine would have been taken offline for forensic analysis. As such, it would not have been available for the 26 hours spent analysing the code. In a critical security incident, it can be assumed that the Investigation team works greater than 8 hours per day. This would suggest a total of 2.5 days of outage before the system can be either cleared for production, or rebuilt from a stored backup. Rounding this to 3 days, one can assume that the system downtime in working hours was 24 hours total (3 days * 8 hours per day). If the system was high availability, the costs would increase depending on the resources available for forensic analysis.

An assumption of 50 affected users, at a cost of $12.00 lost per hour per user, was used in calculating cost of damage to individual users.

The total costs can be seen in the following chart:

Title	Hours	Cost/Hr	Total	-15%	+15%
Incident Investigator 1	30	$33.65	$720.00	$612.00	$828.00
Incident Investigator 2	24	$33.65	$807.60	$686.46	$928.62
System Downtime	50 Users * 24 Hours	$12.00	$14,400.00	$12,240.00	$16,560.00

Subtotal			$15927.60	$13538.46	$18316.62

Benefits @28%			$4459.728	$3790.77	$5128.65

Subtotal - Salary + Benefits			$20387.33	$17329.23	$23445.27

Incidental Costs			$1000	$850	$1150

Total Labour Cost			$21387.33	$18179.23	$24595.27

Field Experience

sniph has worked as a network engineer, systems administrator, and coder for the 6 years. The last 2 years have been specifically in a security consulting role.

elliot has worked as a network engineer, coder and security consultant for the last 4 years.

mand