Digital Forensics and Investigations
eBook - ePub

Digital Forensics and Investigations

People, Process, and Technologies to Defend the Enterprise

Jason Sachowski

Partager le livre
  1. 348 pages
  2. English
  3. ePUB (adapté aux mobiles)
  4. Disponible sur iOS et Android
eBook - ePub

Digital Forensics and Investigations

People, Process, and Technologies to Defend the Enterprise

Jason Sachowski

DĂ©tails du livre
Aperçu du livre
Table des matiĂšres
Citations

À propos de ce livre

Digital forensics has been a discipline of Information Security for decades now. Its principles, methodologies, and techniques have remained consistent despite the evolution of technology, and, ultimately, it and can be applied to any form of digital data. However, within a corporate environment, digital forensic professionals are particularly challenged. They must maintain the legal admissibility and forensic viability of digital evidence in support of a broad range of different business functions that include incident response, electronic discovery (ediscovery), and ensuring the controls and accountability of such information across networks.

Digital Forensics and Investigations: People, Process, and Technologies to Defend the Enterprise provides the methodologies and strategies necessary for these key business functions to seamlessly integrate digital forensic capabilities to guarantee the admissibility and integrity of digital evidence. In many books, the focus on digital evidence is primarily in the technical, software, and investigative elements, of which there are numerous publications. What tends to get overlooked are the people and process elements within the organization.

Taking a step back, the book outlines the importance of integrating and accounting for the people, process, and technology components of digital forensics. In essence, to establish a holistic paradigm—and best-practice procedure and policy approach—to defending the enterprise. This book serves as a roadmap for professionals to successfully integrate an organization's people, process, and technology with other key business functions in an enterprise's digital forensic capabilities.

Foire aux questions

Comment puis-je résilier mon abonnement ?
Il vous suffit de vous rendre dans la section compte dans paramĂštres et de cliquer sur « RĂ©silier l’abonnement ». C’est aussi simple que cela ! Une fois que vous aurez rĂ©siliĂ© votre abonnement, il restera actif pour le reste de la pĂ©riode pour laquelle vous avez payĂ©. DĂ©couvrez-en plus ici.
Puis-je / comment puis-je télécharger des livres ?
Pour le moment, tous nos livres en format ePub adaptĂ©s aux mobiles peuvent ĂȘtre tĂ©lĂ©chargĂ©s via l’application. La plupart de nos PDF sont Ă©galement disponibles en tĂ©lĂ©chargement et les autres seront tĂ©lĂ©chargeables trĂšs prochainement. DĂ©couvrez-en plus ici.
Quelle est la différence entre les formules tarifaires ?
Les deux abonnements vous donnent un accĂšs complet Ă  la bibliothĂšque et Ă  toutes les fonctionnalitĂ©s de Perlego. Les seules diffĂ©rences sont les tarifs ainsi que la pĂ©riode d’abonnement : avec l’abonnement annuel, vous Ă©conomiserez environ 30 % par rapport Ă  12 mois d’abonnement mensuel.
Qu’est-ce que Perlego ?
Nous sommes un service d’abonnement Ă  des ouvrages universitaires en ligne, oĂč vous pouvez accĂ©der Ă  toute une bibliothĂšque pour un prix infĂ©rieur Ă  celui d’un seul livre par mois. Avec plus d’un million de livres sur plus de 1 000 sujets, nous avons ce qu’il vous faut ! DĂ©couvrez-en plus ici.
Prenez-vous en charge la synthÚse vocale ?
Recherchez le symbole Écouter sur votre prochain livre pour voir si vous pouvez l’écouter. L’outil Écouter lit le texte Ă  haute voix pour vous, en surlignant le passage qui est en cours de lecture. Vous pouvez le mettre sur pause, l’accĂ©lĂ©rer ou le ralentir. DĂ©couvrez-en plus ici.
Est-ce que Digital Forensics and Investigations est un PDF/ePUB en ligne ?
Oui, vous pouvez accĂ©der Ă  Digital Forensics and Investigations par Jason Sachowski en format PDF et/ou ePUB ainsi qu’à d’autres livres populaires dans Business et Gestione. Nous disposons de plus d’un million d’ouvrages Ă  dĂ©couvrir dans notre catalogue.

Informations

Éditeur
CRC Press
Année
2018
ISBN
9781351762205
Édition
1
Sujet
Business
Sous-sujet
Gestione
ENHANCING DIGITAL FORENSIC CAPABILITIES II
With every day that passes, technology makes significant advancements, organizations place even more reliance on technology, and the threat landscape evolves, presenting new risks. Yet, there are still a percentage of organizations that do not have an appreciation for the risks knocking at their door and the potential financial, operational, reputational, or regulatory impact they introduce to business operations. More so, there are still a percentage of organizations that do not have in-house digital forensic capabilities or know how to manage and handle incidents or misconduct when a threat becomes reality.
Naturally, if an organization does not have in-house capabilities, there are managed-service offerings available that can be contracted to have an external digital forensic team brought in to address a specific incident or investigation. But the reality is, not having an in-house digital forensic team is not justification for an organization to underestimate the importance of enabling digital forensic capabilities.
The execution of digital forensics, from the technical perspective, remains consistent in terms of how the fundamental principles, methodologies, and techniques (discussed throughout the first section) are practiced. However, the execution of digital forensics in terms of implementation and making effective use of the fundamental principles, methodologies, and techniques differs from one organization to the next.
Regardless of whether the digital forensics team is supported in-house or through external managed services, the team’s ability to maximize the collection of credible digital evidence depends on whether the organizations recognize the importance for enabling this capability. In this section, we will discuss different strategies for how organizations can enhance their digital forensic capabilities throughout their systems and infrastructure.

Chapter 6

The Business of Digital Forensics

Organizations exist in many different contexts (i.e., size, geography, industry), and within each there are different and unique requirements when it comes to digital forensic capabilities. There is a percentage of organizations that, given their operating model and corporate profile, leverage external managed services to supply a digital forensic team when required. With the remaining percentage of organizations, they have come to a decision that having a digital forensic team in-house is the best strategy for given their operating model and corporate profile. After making this decision, the organization needs to kick-start their long-term digital forensic program by implementing a series of administrative, technical, and physical strategies.

The Role of Digital Forensics in an Enterprise

From the topics covered in the section of this book titled “Enabling Digital Forensics,” we know that digital forensics is the application of science to law and consists of scientifically proven principles, methodologies, and techniques. While the technical execution of digital forensics within an enterprise environment is similar to the way other organizations and agencies do it, the purpose and roles it serves can be somewhat different. Consider that when law enforcement agencies are performing digital forensics they are doing so in response to criminal activity. True, enterprises also use digital forensics as a reactionary process, but there are many more opportunities to extend the use and application of digital forensics into proactive measures; further discussion about proactive capabilities is found in Chapter 11 titled “Digital Forensic Readiness.”
Having the opportunity to be both proactive and reactive in their digital forensic capabilities, first and foremost organizations must follow a systematic approach so that their digital forensic capabilities are properly aligned to business and organizational needs. Throughout this chapter are methodologies organizations can use when exploring in-house digital forensic capabilities.

Starting a Digital Forensic Program

What drives an organization to decide it needs in-house digital forensic capabilities? Largely, this need is determined by a combination of both and external factors, such as:
  • Countries or regions that have specific laws and regulations that require a process for dealing with incidents leveraging forensic analysis or investigation, such as the Sarbanes Oxley Act (SOX) in the United States
  • Regulated industries (i.e., financial, healthcare, insurance) that have specific requirements governing the use, transmission, or storage of information, such as Payment Card Industry–Data Security Standards (PCI-DSS)
  • Assisting legal and compliance teams with the discovery of electronically stored information (ESI)1 for production as evidence
  • Facilitating human resources (HR) or employee relations (ER) with evidence supporting employee misconduct or other disciplinary actions (i.e., termination)
  • Analysis and correlation of ESI to determine a root cause or the potential of data breaches
Establishing in-house digital forensic capabilities requires following a systematic approach by which implementation is aligned to the organization’s needs, with the technical execution aspects following afterward. Below are the steps organizations should follow to answer “who, where, what, when, why, and how” in-house digital forensic capabilities will be implemented.

Step 1: Understand Business Risks

Before implementing digital forensics in an enterprise environment, it is important to take a step back and understand the need for investing time, money, and resources. Doing so requires that organizations understand what their business is (i.e., financial, health, etc.) and the risks that can expose the organization to any form of business impact.
The type of risks that can impact a business is subjective to each organization (i.e., size, geography, industry) and should not be managed as universally equivalent. Risks can be described as any threat event, whether internal (can be controlled within the boundaries of the organization) or external (occur outside the organization and cannot be controlled), that occurs in one of the five major groupings:
  • Strategic risk is associated with business functions and commonly occur because of:
    • – Business interactions where goods and services are purchased and sold, varying supply and demand, adjusting competitive structures, and facilitating the emergence of new and innovative technologies.
    • – Transactions resulting in asset relocation from mergers and acquisitions, spin-offs, alliances, or joint ventures.
    • – Strategies for investment relations management and communication with stakeholders who have invested in the organization.
  • Financial risk is associated with the financial structure, stability, and transactions of the organization.
  • Operational risk is associated with the organization’s business operational and administrative procedures.
  • Legal risk is associated with the need to comply with the rules and regulations of the governing bodies.
  • Other risks are associated with indirect, nonbusiness factors, such as natural disasters and others as identified based on the subjectivity of the organization.
The approach for how to determine business risk is done by completing a risk assessment as an output of their overall risk management program. Determining the need for investing time, money, and resources into digital forensic capabilities comes from completing both a qualitative and quantitative risk assessment to ensure that a thorough understanding of the potential risks is achieved. Following these assessments, a complete picture of all potential risk can be used to perform a cost-benefit analysis that will ultimately determine whether it is feasible to implement in-house digital forensic capabilities.
At the end of this step, organizations will have answered the question of “why” they need in-house digital forensic capabilities.

Step 2: Outlining Business Scenarios

If a business risk exists and there is a positive return on investment (ROI),2 then implementing appropriate digital forensic capabilities is beneficial. As stated previously, every organization is unique and has different business profiles that present different requirements for in-house digital forensic capabilities. Enhancing digital forensic capabilities within an enterprise must also take into consideration the influences of the business’s operations so that strategies can be developed to adequately manage risk.
Outlined below are multiple business scenarios where digital forensics can be applied to manage business risk. While the applicability of all scenarios might not fit the profile of every organization, it is important that each is illustrated and understood so that they can be considered for relevancy.
  • Reducing the impact of cybercrime: With information technology (IT) playing an integral role in nearly every business operation, the evolving threat landscape continues to increase risks associated with organizational assets. Using a threat modeling methodology, organizations can create a structured representation of the different ways a threat actor can go about executing attacks and how their tactics, te...

Table des matiĂšres