Digital Forensics and Investigations
eBook - ePub

Digital Forensics and Investigations

People, Process, and Technologies to Defend the Enterprise

  1. 348 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Digital Forensics and Investigations

People, Process, and Technologies to Defend the Enterprise

About this book

Digital forensics has been a discipline of Information Security for decades now. Its principles, methodologies, and techniques have remained consistent despite the evolution of technology, and, ultimately, it and can be applied to any form of digital data. However, within a corporate environment, digital forensic professionals are particularly challenged. They must maintain the legal admissibility and forensic viability of digital evidence in support of a broad range of different business functions that include incident response, electronic discovery (ediscovery), and ensuring the controls and accountability of such information across networks.

Digital Forensics and Investigations: People, Process, and Technologies to Defend the Enterprise provides the methodologies and strategies necessary for these key business functions to seamlessly integrate digital forensic capabilities to guarantee the admissibility and integrity of digital evidence. In many books, the focus on digital evidence is primarily in the technical, software, and investigative elements, of which there are numerous publications. What tends to get overlooked are the people and process elements within the organization.

Taking a step back, the book outlines the importance of integrating and accounting for the people, process, and technology components of digital forensics. In essence, to establish a holistic paradigmā€”and best-practice procedure and policy approachā€”to defending the enterprise. This book serves as a roadmap for professionals to successfully integrate an organization's people, process, and technology with other key business functions in an enterprise's digital forensic capabilities.

Trusted byĀ 375,005 students

Access to over 1.5 million titles for a fair monthly price.

Study more efficiently using our study tools.

Information

Publisher
CRC Press
Year
2018
Topic
Computer Science
eBook ISBN
9781351762205
Subtopic
Information Management
Index
Computer Science
ENHANCING DIGITAL FORENSIC CAPABILITIES II
With every day that passes, technology makes significant advancements, organizations place even more reliance on technology, and the threat landscape evolves, presenting new risks. Yet, there are still a percentage of organizations that do not have an appreciation for the risks knocking at their door and the potential financial, operational, reputational, or regulatory impact they introduce to business operations. More so, there are still a percentage of organizations that do not have in-house digital forensic capabilities or know how to manage and handle incidents or misconduct when a threat becomes reality.
Naturally, if an organization does not have in-house capabilities, there are managed-service offerings available that can be contracted to have an external digital forensic team brought in to address a specific incident or investigation. But the reality is, not having an in-house digital forensic team is not justification for an organization to underestimate the importance of enabling digital forensic capabilities.
The execution of digital forensics, from the technical perspective, remains consistent in terms of how the fundamental principles, methodologies, and techniques (discussed throughout the first section) are practiced. However, the execution of digital forensics in terms of implementation and making effective use of the fundamental principles, methodologies, and techniques differs from one organization to the next.
Regardless of whether the digital forensics team is supported in-house or through external managed services, the teamā€™s ability to maximize the collection of credible digital evidence depends on whether the organizations recognize the importance for enabling this capability. In this section, we will discuss different strategies for how organizations can enhance their digital forensic capabilities throughout their systems and infrastructure.

Chapter 6

The Business of Digital Forensics

Organizations exist in many different contexts (i.e., size, geography, industry), and within each there are different and unique requirements when it comes to digital forensic capabilities. There is a percentage of organizations that, given their operating model and corporate profile, leverage external managed services to supply a digital forensic team when required. With the remaining percentage of organizations, they have come to a decision that having a digital forensic team in-house is the best strategy for given their operating model and corporate profile. After making this decision, the organization needs to kick-start their long-term digital forensic program by implementing a series of administrative, technical, and physical strategies.

The Role of Digital Forensics in an Enterprise

From the topics covered in the section of this book titled ā€œEnabling Digital Forensics,ā€ we know that digital forensics is the application of science to law and consists of scientifically proven principles, methodologies, and techniques. While the technical execution of digital forensics within an enterprise environment is similar to the way other organizations and agencies do it, the purpose and roles it serves can be somewhat different. Consider that when law enforcement agencies are performing digital forensics they are doing so in response to criminal activity. True, enterprises also use digital forensics as a reactionary process, but there are many more opportunities to extend the use and application of digital forensics into proactive measures; further discussion about proactive capabilities is found in Chapter 11 titled ā€œDigital Forensic Readiness.ā€
Having the opportunity to be both proactive and reactive in their digital forensic capabilities, first and foremost organizations must follow a systematic approach so that their digital forensic capabilities are properly aligned to business and organizational needs. Throughout this chapter are methodologies organizations can use when exploring in-house digital forensic capabilities.

Starting a Digital Forensic Program

What drives an organization to decide it needs in-house digital forensic capabilities? Largely, this need is determined by a combination of both and external factors, such as:
  • Countries or regions that have specific laws and regulations that require a process for dealing with incidents leveraging forensic analysis or investigation, such as the Sarbanes Oxley Act (SOX) in the United States
  • Regulated industries (i.e., financial, healthcare, insurance) that have specific requirements governing the use, transmission, or storage of information, such as Payment Card Industryā€“Data Security Standards (PCI-DSS)
  • Assisting legal and compliance teams with the discovery of electronically stored information (ESI)1 for production as evidence
  • Facilitating human resources (HR) or employee relations (ER) with evidence supporting employee misconduct or other disciplinary actions (i.e., termination)
  • Analysis and correlation of ESI to determine a root cause or the potential of data breaches
Establishing in-house digital forensic capabilities requires following a systematic approach by which implementation is aligned to the organizationā€™s needs, with the technical execution aspects following afterward. Below are the steps organizations should follow to answer ā€œwho, where, what, when, why, and howā€ in-house digital forensic capabilities will be implemented.

Step 1: Understand Business Risks

Before implementing digital forensics in an enterprise environment, it is important to take a step back and understand the need for investing time, money, and resources. Doing so requires that organizations understand what their business is (i.e., financial, health, etc.) and the risks that can expose the organization to any form of business impact.
The type of risks that can impact a business is subjective to each organization (i.e., size, geography, industry) and should not be managed as universally equivalent. Risks can be described as any threat event, whether internal (can be controlled within the boundaries of the organization) or external (occur outside the organization and cannot be controlled), that occurs in one of the five major groupings:
  • Strategic risk is associated with business functions and commonly occur because of:
    • ā€“ Business interactions where goods and services are purchased and sold, varying supply and demand, adjusting competitive structures, and facilitating the emergence of new and innovative technologies.
    • ā€“ Transactions resulting in asset relocation from mergers and acquisitions, spin-offs, alliances, or joint ventures.
    • ā€“ Strategies for investment relations management and communication with stakeholders who have invested in the organization.
  • Financial risk is associated with the financial structure, stability, and transactions of the organization.
  • Operational risk is associated with the organizationā€™s business operational and administrative procedures.
  • Legal risk is associated with the need to comply with the rules and regulations of the governing bodies.
  • Other risks are associated with indirect, nonbusiness factors, such as natural disasters and others as identified based on the subjectivity of the organization.
The approach for how to determine business risk is done by completing a risk assessment as an output of their overall risk management program. Determining the need for investing time, money, and resources into digital forensic capabilities comes from completing both a qualitative and quantitative risk assessment to ensure that a thorough understanding of the potential risks is achieved. Following these assessments, a complete picture of all potential risk can be used to perform a cost-benefit analysis that will ultimately determine whether it is feasible to implement in-house digital forensic capabilities.
At the end of this step, organizations will have answered the question of ā€œwhyā€ they need in-house digital forensic capabilities.

Step 2: Outlining Business Scenarios

If a business risk exists and there is a positive return on investment (ROI),2 then implementing appropriate digital forensic capabilities is beneficial. As stated previously, every organization is unique and has different business profiles that present different requirements for in-house digital forensic capabilities. Enhancing digital forensic capabilities within an enterprise must also take into consideration the influences of the businessā€™s operations so that strategies can be developed to adequately manage risk.
Outlined below are multiple business scenarios where digital forensics can be applied to manage business risk. While the applicability of all scenarios might not fit the profile of every organization, it is important that each is illustrated and understood so that they can be considered for relevancy.
  • Reducing the impact of cybercrime: With information technology (IT) playing an integral role in nearly every business operation, the evolving threat landscape continues to increase risks associated with organizational assets. Using a threat modeling methodology, organizations can create a structured representation of the different ways a threat actor can go about executing attacks and how their tactics, te...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Table of Contents
  6. Preface
  7. Acknowledgments
  8. About the Author
  9. Introduction
  10. Section I Enabling Digital Forensics
  11. Section II Enhancing Digital Forensic Capabilities
  12. Section III Integrating Digital Forensic Capabilities
  13. Section IV Appendixes
  14. Section V Templates
  15. Bibliography
  16. Index

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.5M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1.5 million books across 990+ topics, weā€™ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Digital Forensics and Investigations by Jason Sachowski in PDF and/or ePUB format, as well as other popular books in Computer Science & Information Management. We have over 1.5 million books available in our catalogue for you to explore.