eBook - ePub
Digital Forensics and Investigations
People, Process, and Technologies to Defend the Enterprise
Jason Sachowski
This is a test
Share book
- 348 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Digital Forensics and Investigations
People, Process, and Technologies to Defend the Enterprise
Jason Sachowski
Book details
Book preview
Table of contents
Citations
About This Book
Digital forensics has been a discipline of Information Security for decades now. Its principles, methodologies, and techniques have remained consistent despite the evolution of technology, and, ultimately, it and can be applied to any form of digital data. However, within a corporate environment, digital forensic professionals are particularly challenged. They must maintain the legal admissibility and forensic viability of digital evidence in support of a broad range of different business functions that include incident response, electronic discovery (ediscovery), and ensuring the controls and accountability of such information across networks.
Digital Forensics and Investigations: People, Process, and Technologies to Defend the Enterprise provides the methodologies and strategies necessary for these key business functions to seamlessly integrate digital forensic capabilities to guarantee the admissibility and integrity of digital evidence. In many books, the focus on digital evidence is primarily in the technical, software, and investigative elements, of which there are numerous publications. What tends to get overlooked are the people and process elements within the organization.
Taking a step back, the book outlines the importance of integrating and accounting for the people, process, and technology components of digital forensics. In essence, to establish a holistic paradigmâand best-practice procedure and policy approachâto defending the enterprise. This book serves as a roadmap for professionals to successfully integrate an organization's people, process, and technology with other key business functions in an enterprise's digital forensic capabilities.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Digital Forensics and Investigations an online PDF/ePUB?
Yes, you can access Digital Forensics and Investigations by Jason Sachowski in PDF and/or ePUB format, as well as other popular books in Business & Gestione. We have over one million books available in our catalogue for you to explore.
| ENHANCING DIGITAL FORENSIC CAPABILITIES | II |
With every day that passes, technology makes significant advancements, organizations place even more reliance on technology, and the threat landscape evolves, presenting new risks. Yet, there are still a percentage of organizations that do not have an appreciation for the risks knocking at their door and the potential financial, operational, reputational, or regulatory impact they introduce to business operations. More so, there are still a percentage of organizations that do not have in-house digital forensic capabilities or know how to manage and handle incidents or misconduct when a threat becomes reality.
Naturally, if an organization does not have in-house capabilities, there are managed-service offerings available that can be contracted to have an external digital forensic team brought in to address a specific incident or investigation. But the reality is, not having an in-house digital forensic team is not justification for an organization to underestimate the importance of enabling digital forensic capabilities.
The execution of digital forensics, from the technical perspective, remains consistent in terms of how the fundamental principles, methodologies, and techniques (discussed throughout the first section) are practiced. However, the execution of digital forensics in terms of implementation and making effective use of the fundamental principles, methodologies, and techniques differs from one organization to the next.
Regardless of whether the digital forensics team is supported in-house or through external managed services, the teamâs ability to maximize the collection of credible digital evidence depends on whether the organizations recognize the importance for enabling this capability. In this section, we will discuss different strategies for how organizations can enhance their digital forensic capabilities throughout their systems and infrastructure.
Chapter 6
The Business of Digital Forensics
Organizations exist in many different contexts (i.e., size, geography, industry), and within each there are different and unique requirements when it comes to digital forensic capabilities. There is a percentage of organizations that, given their operating model and corporate profile, leverage external managed services to supply a digital forensic team when required. With the remaining percentage of organizations, they have come to a decision that having a digital forensic team in-house is the best strategy for given their operating model and corporate profile. After making this decision, the organization needs to kick-start their long-term digital forensic program by implementing a series of administrative, technical, and physical strategies.
The Role of Digital Forensics in an Enterprise
From the topics covered in the section of this book titled âEnabling Digital Forensics,â we know that digital forensics is the application of science to law and consists of scientifically proven principles, methodologies, and techniques. While the technical execution of digital forensics within an enterprise environment is similar to the way other organizations and agencies do it, the purpose and roles it serves can be somewhat different. Consider that when law enforcement agencies are performing digital forensics they are doing so in response to criminal activity. True, enterprises also use digital forensics as a reactionary process, but there are many more opportunities to extend the use and application of digital forensics into proactive measures; further discussion about proactive capabilities is found in Chapter 11 titled âDigital Forensic Readiness.â
Having the opportunity to be both proactive and reactive in their digital forensic capabilities, first and foremost organizations must follow a systematic approach so that their digital forensic capabilities are properly aligned to business and organizational needs. Throughout this chapter are methodologies organizations can use when exploring in-house digital forensic capabilities.
Starting a Digital Forensic Program
What drives an organization to decide it needs in-house digital forensic capabilities? Largely, this need is determined by a combination of both and external factors, such as:
- Countries or regions that have specific laws and regulations that require a process for dealing with incidents leveraging forensic analysis or investigation, such as the Sarbanes Oxley Act (SOX) in the United States
- Regulated industries (i.e., financial, healthcare, insurance) that have specific requirements governing the use, transmission, or storage of information, such as Payment Card IndustryâData Security Standards (PCI-DSS)
- Assisting legal and compliance teams with the discovery of electronically stored information (ESI)1 for production as evidence
- Facilitating human resources (HR) or employee relations (ER) with evidence supporting employee misconduct or other disciplinary actions (i.e., termination)
- Analysis and correlation of ESI to determine a root cause or the potential of data breaches
Establishing in-house digital forensic capabilities requires following a systematic approach by which implementation is aligned to the organizationâs needs, with the technical execution aspects following afterward. Below are the steps organizations should follow to answer âwho, where, what, when, why, and howâ in-house digital forensic capabilities will be implemented.
Step 1: Understand Business Risks
Before implementing digital forensics in an enterprise environment, it is important to take a step back and understand the need for investing time, money, and resources. Doing so requires that organizations understand what their business is (i.e., financial, health, etc.) and the risks that can expose the organization to any form of business impact.
The type of risks that can impact a business is subjective to each organization (i.e., size, geography, industry) and should not be managed as universally equivalent. Risks can be described as any threat event, whether internal (can be controlled within the boundaries of the organization) or external (occur outside the organization and cannot be controlled), that occurs in one of the five major groupings:
- Strategic risk is associated with business functions and commonly occur because of:
- â Business interactions where goods and services are purchased and sold, varying supply and demand, adjusting competitive structures, and facilitating the emergence of new and innovative technologies.
- â Transactions resulting in asset relocation from mergers and acquisitions, spin-offs, alliances, or joint ventures.
- â Strategies for investment relations management and communication with stakeholders who have invested in the organization.
- Financial risk is associated with the financial structure, stability, and transactions of the organization.
- Operational risk is associated with the organizationâs business operational and administrative procedures.
- Legal risk is associated with the need to comply with the rules and regulations of the governing bodies.
- Other risks are associated with indirect, nonbusiness factors, such as natural disasters and others as identified based on the subjectivity of the organization.
The approach for how to determine business risk is done by completing a risk assessment as an output of their overall risk management program. Determining the need for investing time, money, and resources into digital forensic capabilities comes from completing both a qualitative and quantitative risk assessment to ensure that a thorough understanding of the potential risks is achieved. Following these assessments, a complete picture of all potential risk can be used to perform a cost-benefit analysis that will ultimately determine whether it is feasible to implement in-house digital forensic capabilities.
At the end of this step, organizations will have answered the question of âwhyâ they need in-house digital forensic capabilities.
Step 2: Outlining Business Scenarios
If a business risk exists and there is a positive return on investment (ROI),2 then implementing appropriate digital forensic capabilities is beneficial. As stated previously, every organization is unique and has different business profiles that present different requirements for in-house digital forensic capabilities. Enhancing digital forensic capabilities within an enterprise must also take into consideration the influences of the businessâs operations so that strategies can be developed to adequately manage risk.
Outlined below are multiple business scenarios where digital forensics can be applied to manage business risk. While the applicability of all scenarios might not fit the profile of every organization, it is important that each is illustrated and understood so that they can be considered for relevancy.
- Reducing the impact of cybercrime: With information technology (IT) playing an integral role in nearly every business operation, the evolving threat landscape continues to increase risks associated with organizational assets. Using a threat modeling methodology, organizations can create a structured representation of the different ways a threat actor can go about executing attacks and how their tactics, te...