When you discover that your enterprise has been breached or is a victim of any cybercrime. Your initial task is solving the immediate problem but for true that is only the beginning. It is important for cyber security professionals to undergo a through process of identifying, preserving, analyzing and presenting digital evidence. This process is known as digital forensics.
Since 1970s the field of Digital Forensics has evolved to keep up with the widespread adoption of technology and the means for which these technologies are used for criminal activities.
The use of computer for financial crimes in the 1980s helped shape digital forensic methods into what they are today. With the advent of modern computing a new landscape for criminal activity has emerged. They need to gather newforms of evidence termed digital forensics into a vital tool used by law enforcement in conviction of crimes both Computer Based, including Human Exploitation, Cyber stalking, Cyber terrorism, and Computer facilitated such as illegal data breaches that result in theft of information.
To support this new discipline specialized tools have also emerged to assist investigators in the capture, analysis and preservation of evidence that might arise in the course of investigating that activity. Any part of the enterprise system can be vulnerable to criminal activity, data theft or unauthorized penetration.
Forensic analyst must make sure to analyze storage media, hardware and operating systems, networks and applications to locate the point of compromise. The mission criticality of the compromised system application, system or network determines the level of investigation. When conducing a forensic investigation it is important to follow the digital forensic scientific process.
This eight-step process covers the entire evidence gathering procedure from data collection, examination and analysis and reporting.
In Data Collection phase, investigators obtain search authority, document the chain of custody and has a duplicate all the evidence.
In the examination and analysis phase, investigators validate their tool, perform analysis and reproduce those methods and outcomes for assurance.
The reporting phase is when conclusion is made in expert evidence and testimony is presented.
Computer systems, network and mobile devices can all be used in or fall victim to a cyber-attack. Each device type has different intrusion methods and requirements for evidence handling. This led to three distinct branches of digital forensic Computer Forensics, may rely on a need to create a disk image to preserve an evidence or virtual drives may be used. Network Forensics focuses on monitoring and analyzing the computer network traffic. Mobile devices present their own unique challenges like memory volatility as low powered DRAM used in smart phones can lose data when powered off. Thus, proper handling procedure must be followed to protect and preserve such evidence.
Regardless of where an attack occurs the Enterprise Cybersecurity Program should have policies that address all forensics consideration.
As cyber criminals get more sophisticated and data breaches become more threatening to the enterprise, Digital Forensics and Digital Forensics scientific process will continue to provide means to bring cybercrimes to justice in our increasingly complex and fast-moving technological land scape.
No comments:
Post a Comment