H
How important is digital forensics
to global organisations and
businesses and why?
DERRICK
DERRICK DONNELLY,
DONNELLY, CHIEF
CHIEF
SCIENTIST
SCIENTIST AT
AT BLACKBAG
BLACKBAG
TECHNOLOGIES:
TECHNOLOGIES
FEATURE
software like BlackBag’s BlackLight,
investigators can get a complete picture
of an incident.
Although digital forensics is more
commonly associated with law
enforcement, an eDiscovery case or HR
investigation is not that different from a
criminal case. You still need to be able
to secure the chain of evidence and
go through a process that may be the
same, or only a small step down, from
a full forensic analysis. Some of the ‘he
said, she said’ investigations can only
be proven by looking at the data on the
end devices.
In which scenarios would CISOs
require digital forensic support?
GEOFF
GEOFF MACGILLIVRAY,
MACGILLIVRAY, VICE
PRESIDENT
OF PRODUCT
VICE PRESIDENT
OF
MANAGEMENT,
MAGNET
PRODUCT MANAGEMENT,
FORENSICS
MAGNET FORENSICS
Some of the ‘he
said, she said’
investigations can
only be proven by
looking at the data
on the end devices.
Every organisation and
enterprise around the world
is now facing the very real
possibility that they may
become the victim of a data
breach. Intelligent CISO
hears from industry experts
about why businesses need
to consider integrating
digital forensics into their
security policies.
www.intelligentciso.com
|
Issue 04
Firewalls and syslog servers can only do
so much. When you have a fraud, HR,
criminal, or eDiscovery investigation, you
have to look at the endpoints (personal
computers and mobile devices) to get
the whole story.
Artefacts from the activity on these
devices will tell you more of the who,
what, where, how and when of your
investigation and possibly recover data
that has been lost over time or purposely
deleted. Each type of device has key
information such as metadata and
geolocation information you can only get
from the device. With the right forensic
CISOs require digital forensic support
for both insider and external threats.
The insider threats consist of IP theft,
employee misconduct and fraud.
External threats to an organisation
consist of server-side attached
(vulnerable web servers) and client-
side attacks (phishing emails, drive-by
downloads, etc).
Some organisations may require
investigations as part of compliance to
various industries while others value
their IP and need to protect it.
37