eBook - ePub
Digital Forensics and Investigations
People, Process, and Technologies to Defend the Enterprise
Jason Sachowski
This is a test
Buch teilen
- 348 Seiten
- English
- ePUB (handyfreundlich)
- Über iOS und Android verfügbar
eBook - ePub
Digital Forensics and Investigations
People, Process, and Technologies to Defend the Enterprise
Jason Sachowski
Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben
Über dieses Buch
Digital forensics has been a discipline of Information Security for decades now. Its principles, methodologies, and techniques have remained consistent despite the evolution of technology, and, ultimately, it and can be applied to any form of digital data. However, within a corporate environment, digital forensic professionals are particularly challenged. They must maintain the legal admissibility and forensic viability of digital evidence in support of a broad range of different business functions that include incident response, electronic discovery (ediscovery), and ensuring the controls and accountability of such information across networks.
Digital Forensics and Investigations: People, Process, and Technologies to Defend the Enterprise provides the methodologies and strategies necessary for these key business functions to seamlessly integrate digital forensic capabilities to guarantee the admissibility and integrity of digital evidence. In many books, the focus on digital evidence is primarily in the technical, software, and investigative elements, of which there are numerous publications. What tends to get overlooked are the people and process elements within the organization.
Taking a step back, the book outlines the importance of integrating and accounting for the people, process, and technology components of digital forensics. In essence, to establish a holistic paradigm—and best-practice procedure and policy approach—to defending the enterprise. This book serves as a roadmap for professionals to successfully integrate an organization's people, process, and technology with other key business functions in an enterprise's digital forensic capabilities.
Häufig gestellte Fragen
Wie kann ich mein Abo kündigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kündigen“ – ganz einfach. Nachdem du gekündigt hast, bleibt deine Mitgliedschaft für den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich Bücher herunterladen?
Derzeit stehen all unsere auf Mobilgeräte reagierenden ePub-Bücher zum Download über die App zur Verfügung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die übrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den Aboplänen?
Mit beiden Aboplänen erhältst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst für Lehrbücher, bei dem du für weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhältst. Mit über 1 Million Büchern zu über 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
Unterstützt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nächsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist Digital Forensics and Investigations als Online-PDF/ePub verfügbar?
Ja, du hast Zugang zu Digital Forensics and Investigations von Jason Sachowski im PDF- und/oder ePub-Format sowie zu anderen beliebten Büchern aus Business & Gestione. Aus unserem Katalog stehen dir über 1 Million Bücher zur Verfügung.
| ENHANCING DIGITAL FORENSIC CAPABILITIES | II |
With every day that passes, technology makes significant advancements, organizations place even more reliance on technology, and the threat landscape evolves, presenting new risks. Yet, there are still a percentage of organizations that do not have an appreciation for the risks knocking at their door and the potential financial, operational, reputational, or regulatory impact they introduce to business operations. More so, there are still a percentage of organizations that do not have in-house digital forensic capabilities or know how to manage and handle incidents or misconduct when a threat becomes reality.
Naturally, if an organization does not have in-house capabilities, there are managed-service offerings available that can be contracted to have an external digital forensic team brought in to address a specific incident or investigation. But the reality is, not having an in-house digital forensic team is not justification for an organization to underestimate the importance of enabling digital forensic capabilities.
The execution of digital forensics, from the technical perspective, remains consistent in terms of how the fundamental principles, methodologies, and techniques (discussed throughout the first section) are practiced. However, the execution of digital forensics in terms of implementation and making effective use of the fundamental principles, methodologies, and techniques differs from one organization to the next.
Regardless of whether the digital forensics team is supported in-house or through external managed services, the team’s ability to maximize the collection of credible digital evidence depends on whether the organizations recognize the importance for enabling this capability. In this section, we will discuss different strategies for how organizations can enhance their digital forensic capabilities throughout their systems and infrastructure.
Chapter 6
The Business of Digital Forensics
Organizations exist in many different contexts (i.e., size, geography, industry), and within each there are different and unique requirements when it comes to digital forensic capabilities. There is a percentage of organizations that, given their operating model and corporate profile, leverage external managed services to supply a digital forensic team when required. With the remaining percentage of organizations, they have come to a decision that having a digital forensic team in-house is the best strategy for given their operating model and corporate profile. After making this decision, the organization needs to kick-start their long-term digital forensic program by implementing a series of administrative, technical, and physical strategies.
The Role of Digital Forensics in an Enterprise
From the topics covered in the section of this book titled “Enabling Digital Forensics,” we know that digital forensics is the application of science to law and consists of scientifically proven principles, methodologies, and techniques. While the technical execution of digital forensics within an enterprise environment is similar to the way other organizations and agencies do it, the purpose and roles it serves can be somewhat different. Consider that when law enforcement agencies are performing digital forensics they are doing so in response to criminal activity. True, enterprises also use digital forensics as a reactionary process, but there are many more opportunities to extend the use and application of digital forensics into proactive measures; further discussion about proactive capabilities is found in Chapter 11 titled “Digital Forensic Readiness.”
Having the opportunity to be both proactive and reactive in their digital forensic capabilities, first and foremost organizations must follow a systematic approach so that their digital forensic capabilities are properly aligned to business and organizational needs. Throughout this chapter are methodologies organizations can use when exploring in-house digital forensic capabilities.
Starting a Digital Forensic Program
What drives an organization to decide it needs in-house digital forensic capabilities? Largely, this need is determined by a combination of both and external factors, such as:
- Countries or regions that have specific laws and regulations that require a process for dealing with incidents leveraging forensic analysis or investigation, such as the Sarbanes Oxley Act (SOX) in the United States
- Regulated industries (i.e., financial, healthcare, insurance) that have specific requirements governing the use, transmission, or storage of information, such as Payment Card Industry–Data Security Standards (PCI-DSS)
- Assisting legal and compliance teams with the discovery of electronically stored information (ESI)1 for production as evidence
- Facilitating human resources (HR) or employee relations (ER) with evidence supporting employee misconduct or other disciplinary actions (i.e., termination)
- Analysis and correlation of ESI to determine a root cause or the potential of data breaches
Establishing in-house digital forensic capabilities requires following a systematic approach by which implementation is aligned to the organization’s needs, with the technical execution aspects following afterward. Below are the steps organizations should follow to answer “who, where, what, when, why, and how” in-house digital forensic capabilities will be implemented.
Step 1: Understand Business Risks
Before implementing digital forensics in an enterprise environment, it is important to take a step back and understand the need for investing time, money, and resources. Doing so requires that organizations understand what their business is (i.e., financial, health, etc.) and the risks that can expose the organization to any form of business impact.
The type of risks that can impact a business is subjective to each organization (i.e., size, geography, industry) and should not be managed as universally equivalent. Risks can be described as any threat event, whether internal (can be controlled within the boundaries of the organization) or external (occur outside the organization and cannot be controlled), that occurs in one of the five major groupings:
- Strategic risk is associated with business functions and commonly occur because of:
- – Business interactions where goods and services are purchased and sold, varying supply and demand, adjusting competitive structures, and facilitating the emergence of new and innovative technologies.
- – Transactions resulting in asset relocation from mergers and acquisitions, spin-offs, alliances, or joint ventures.
- – Strategies for investment relations management and communication with stakeholders who have invested in the organization.
- Financial risk is associated with the financial structure, stability, and transactions of the organization.
- Operational risk is associated with the organization’s business operational and administrative procedures.
- Legal risk is associated with the need to comply with the rules and regulations of the governing bodies.
- Other risks are associated with indirect, nonbusiness factors, such as natural disasters and others as identified based on the subjectivity of the organization.
The approach for how to determine business risk is done by completing a risk assessment as an output of their overall risk management program. Determining the need for investing time, money, and resources into digital forensic capabilities comes from completing both a qualitative and quantitative risk assessment to ensure that a thorough understanding of the potential risks is achieved. Following these assessments, a complete picture of all potential risk can be used to perform a cost-benefit analysis that will ultimately determine whether it is feasible to implement in-house digital forensic capabilities.
At the end of this step, organizations will have answered the question of “why” they need in-house digital forensic capabilities.
Step 2: Outlining Business Scenarios
If a business risk exists and there is a positive return on investment (ROI),2 then implementing appropriate digital forensic capabilities is beneficial. As stated previously, every organization is unique and has different business profiles that present different requirements for in-house digital forensic capabilities. Enhancing digital forensic capabilities within an enterprise must also take into consideration the influences of the business’s operations so that strategies can be developed to adequately manage risk.
Outlined below are multiple business scenarios where digital forensics can be applied to manage business risk. While the applicability of all scenarios might not fit the profile of every organization, it is important that each is illustrated and understood so that they can be considered for relevancy.
- Reducing the impact of cybercrime: With information technology (IT) playing an integral role in nearly every business operation, the evolving threat landscape continues to increase risks associated with organizational assets. Using a threat modeling methodology, organizations can create a structured representation of the different ways a threat actor can go about executing attacks and how their tactics, te...