There is something about detective work that always captures people’s imagination. Just look at the number of drama series on TV and Netflix. From the re-vamped tech-savvy Sherlock Holmes to the iconic Scandi noir series, we watch with wonder as the detectives observe miniscule detail and draw insight into crimes from information overlooked by others.
Increasingly, we see the use of digital forensics, uncovering the online trail left by suspects. Because virtually everything that occurs in our lives leaves an online trail – despite attempts to conceal it – and it is from here that the examination of minute digital detail builds up a picture of the crime.
Digital forensics in the world of business
In today’s age of connectivity this type of digital investigation is central to the work of the police and other government agencies. In business, digital forensics covers a wide range of scenarios but essentially it is a service used by those requiring a structured investigation which includes the collection, identification and validation of digital information to reconstruct past events.
This can include everything from inappropriate messages sent via the internal network to corporate misdemeanours leading to a legal case. Digital evidence cannot be tampered with and must appear in its original form. It requires skill and experience to do this effectively, especially when dealing with complex and extensive network systems with multiple access controls.
Unlike a “Whodunnit” murder mystery, the story doesn’t end when the truth comes out in a digital forensic investigation. In fact, this is where another stage of crucial work often begins. By following the trail of breadcrumbs and unravelling the complex process that has led to a breach, those involved can then begin to bolster cyber defences, overhaul flawed processes and reduce the likelihood of another breach in future.
For some organisations this will mean bringing in an external resource in the form of business continuity consulting, or at least involve the updating of any existing business continuity plans.
For those businesses lacking any previous form of continuity plan or risk assessment, this can be a particularly challenging period. Typically, those organisations without plans in place find it much harder to bounce back from any breach.
Searching for a positive outcome
At the end of an investigation your business should have a valuable insight into how a breach has occurred, enabling you to take targeted remedial action. For example, it puts your access control policy under the spotlight and may reveal where access is too wide, encompassing those who do not specifically require it for a legitimate business purpose.
Digital forensics provides a fresh set of eyes on your whole cyber defence strategy, enabling you to pick up on previously undetected vulnerabilities or where there are gaps in your test and exercise programme. From this starting point it should be possible to ascertain where time and money should be spent to provide maximum benefit and minimal disruption.
Or, to put it differently, it’s like Mr Holmes and Dr Watson not only deducing how, why and when a villain has forced entry into your home; but also guiding you on improving your locks, positioning surveillance cameras and training your family on the best way to safely store the family jewels.
Interesting related article: “What is Cybersecurity?“