FEATURE
Can you outline how digital forensics supports a company facing an external breach and an insider breach ?
HARSH HARSH BEHL BEHL , TECHNICAL , CONSULTANT TECHNICAL , CONSULTANT CREDENCE , SECURITY CREDENCE SECURITY
With the continued increase in the value of intellectual property and business secrets ( which in today ’ s economy regularly surpasses the value of physical corporate assets ), information is the most prized asset for many companies . Confidential processes , financial information , customer lists , business plans , vendor lists , marketing strategies , research data , trade secrets , etc . are vital to the ongoing success of a business . An employee who steals this information to take to the competitor , for which he / she will soon be working , or uses it to start his / her own competing business , could cause devastating consequences for the company he / she is leaving . Yet stealing digitally stored , business-critical information has never been easier ( and most of it is stored digitally these days ).
This is where digital forensics comes into play . When a user accesses the Internet , copies files to the cloud or a memory stick , sends webmails , burns DVDs or prints documents , he / she leaves a forensic trail for the experienced investigator to follow . Even highly computer literate users often have little idea of the digital traces their actions leave behind . This is especially true with smartphones , tablets and even specialised encryption and deletion tools , which are often used by those attempting to cover their tracks .
In what ways do businesses need to integrate forensics into their existing systems and how easy is this to do ?
Derrick Donnelly , Chief Scientist at BlackBag Technologies
Companies need clear policies in place to control things like BYOD and what systems can be used to access company data . Along with proper notification of the company ’ s rights to protect its intellectual property and sensitive data , this foundation gives businesses the ability to monitor and investigate suspected incidents . Digital forensics needs to then be integrated directly into any response plan or investigative process . Having the tools in place before they are needed , along with properly trained individuals , will give a company the ability to respond quickly and stop a breach or HR incident before it gets worse .
Although these incidents can be scary , forensic investigations don ’ t need to be . Tools like ours ( BlackBag Technologies ) are easy to use , intuitive and don ’ t require years of experience to get to critical data . With a small investment in software and training , a company can be prepared to handle most events . When there is a need to bring in outside help , it will be easy to bolster the team because almost all cybersecurity professionals use the same digital forensic tools that they use .
Geoff MacGillivray , Vice President of Product Management , Magnet Forensics
Business need to integrate digital forensics into their existing cybersecurity teams as part of their response procedures . This is easier for some organisations than others . If a forensics team is already in place , it can be expanded to include incident response work . If a team is not in place , then creating a team is the first step . Many organisations will either have one
forensics team or split into two teams — one to handle corporate ( insider / employee ) investigations with the other handling incident response .
Organisations must understand the types of threats that it will likely face when integrating digital forensics teams . This will help the organisation properly staff the team .
Harsh Behl , Technical Consultant , Credence Security
Digital forensics can be made a part of ISO implementations , IT infrastructure developments , cybersecurity teams , audit teams etc . The good news for organisations looking to implement this technology is that digital forensic solutions are very easy to integrate as they have no major dependencies on other IT teams and can run as an individual unit in an organisation .
Best practice for digital forensics
SEBASTIEN SEBASTIEN TALHA TALHA , BUSINESS , DEVELOPMENT BUSINESS DEVELOPMENT
MANAGER , EMEA REGION MANAGER AT , ACCESSDATA EMEA REGION GROUP AT :
ACCESSDATA GROUP
Corporate information security professionals are discovering that emerging digital forensics software technology now features enhanced postbreach analysis capabilities ( including more thorough ‘ memory analysis ’ searches for malware ), targeted data preview and collection of all complex data types directly at the user endpoint
38 Issue 04 | www . intelligentciso . com