eBook - ePub
Digital Forensics and Investigations
People, Process, and Technologies to Defend the Enterprise
Jason Sachowski
This is a test
Condividi libro
- 348 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Digital Forensics and Investigations
People, Process, and Technologies to Defend the Enterprise
Jason Sachowski
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
Digital forensics has been a discipline of Information Security for decades now. Its principles, methodologies, and techniques have remained consistent despite the evolution of technology, and, ultimately, it and can be applied to any form of digital data. However, within a corporate environment, digital forensic professionals are particularly challenged. They must maintain the legal admissibility and forensic viability of digital evidence in support of a broad range of different business functions that include incident response, electronic discovery (ediscovery), and ensuring the controls and accountability of such information across networks.
Digital Forensics and Investigations: People, Process, and Technologies to Defend the Enterprise provides the methodologies and strategies necessary for these key business functions to seamlessly integrate digital forensic capabilities to guarantee the admissibility and integrity of digital evidence. In many books, the focus on digital evidence is primarily in the technical, software, and investigative elements, of which there are numerous publications. What tends to get overlooked are the people and process elements within the organization.
Taking a step back, the book outlines the importance of integrating and accounting for the people, process, and technology components of digital forensics. In essence, to establish a holistic paradigm—and best-practice procedure and policy approach—to defending the enterprise. This book serves as a roadmap for professionals to successfully integrate an organization's people, process, and technology with other key business functions in an enterprise's digital forensic capabilities.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Digital Forensics and Investigations è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Digital Forensics and Investigations di Jason Sachowski in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Business e Gestione. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
| ENHANCING DIGITAL FORENSIC CAPABILITIES | II |
With every day that passes, technology makes significant advancements, organizations place even more reliance on technology, and the threat landscape evolves, presenting new risks. Yet, there are still a percentage of organizations that do not have an appreciation for the risks knocking at their door and the potential financial, operational, reputational, or regulatory impact they introduce to business operations. More so, there are still a percentage of organizations that do not have in-house digital forensic capabilities or know how to manage and handle incidents or misconduct when a threat becomes reality.
Naturally, if an organization does not have in-house capabilities, there are managed-service offerings available that can be contracted to have an external digital forensic team brought in to address a specific incident or investigation. But the reality is, not having an in-house digital forensic team is not justification for an organization to underestimate the importance of enabling digital forensic capabilities.
The execution of digital forensics, from the technical perspective, remains consistent in terms of how the fundamental principles, methodologies, and techniques (discussed throughout the first section) are practiced. However, the execution of digital forensics in terms of implementation and making effective use of the fundamental principles, methodologies, and techniques differs from one organization to the next.
Regardless of whether the digital forensics team is supported in-house or through external managed services, the team’s ability to maximize the collection of credible digital evidence depends on whether the organizations recognize the importance for enabling this capability. In this section, we will discuss different strategies for how organizations can enhance their digital forensic capabilities throughout their systems and infrastructure.
Chapter 6
The Business of Digital Forensics
Organizations exist in many different contexts (i.e., size, geography, industry), and within each there are different and unique requirements when it comes to digital forensic capabilities. There is a percentage of organizations that, given their operating model and corporate profile, leverage external managed services to supply a digital forensic team when required. With the remaining percentage of organizations, they have come to a decision that having a digital forensic team in-house is the best strategy for given their operating model and corporate profile. After making this decision, the organization needs to kick-start their long-term digital forensic program by implementing a series of administrative, technical, and physical strategies.
The Role of Digital Forensics in an Enterprise
From the topics covered in the section of this book titled “Enabling Digital Forensics,” we know that digital forensics is the application of science to law and consists of scientifically proven principles, methodologies, and techniques. While the technical execution of digital forensics within an enterprise environment is similar to the way other organizations and agencies do it, the purpose and roles it serves can be somewhat different. Consider that when law enforcement agencies are performing digital forensics they are doing so in response to criminal activity. True, enterprises also use digital forensics as a reactionary process, but there are many more opportunities to extend the use and application of digital forensics into proactive measures; further discussion about proactive capabilities is found in Chapter 11 titled “Digital Forensic Readiness.”
Having the opportunity to be both proactive and reactive in their digital forensic capabilities, first and foremost organizations must follow a systematic approach so that their digital forensic capabilities are properly aligned to business and organizational needs. Throughout this chapter are methodologies organizations can use when exploring in-house digital forensic capabilities.
Starting a Digital Forensic Program
What drives an organization to decide it needs in-house digital forensic capabilities? Largely, this need is determined by a combination of both and external factors, such as:
- Countries or regions that have specific laws and regulations that require a process for dealing with incidents leveraging forensic analysis or investigation, such as the Sarbanes Oxley Act (SOX) in the United States
- Regulated industries (i.e., financial, healthcare, insurance) that have specific requirements governing the use, transmission, or storage of information, such as Payment Card Industry–Data Security Standards (PCI-DSS)
- Assisting legal and compliance teams with the discovery of electronically stored information (ESI)1 for production as evidence
- Facilitating human resources (HR) or employee relations (ER) with evidence supporting employee misconduct or other disciplinary actions (i.e., termination)
- Analysis and correlation of ESI to determine a root cause or the potential of data breaches
Establishing in-house digital forensic capabilities requires following a systematic approach by which implementation is aligned to the organization’s needs, with the technical execution aspects following afterward. Below are the steps organizations should follow to answer “who, where, what, when, why, and how” in-house digital forensic capabilities will be implemented.
Step 1: Understand Business Risks
Before implementing digital forensics in an enterprise environment, it is important to take a step back and understand the need for investing time, money, and resources. Doing so requires that organizations understand what their business is (i.e., financial, health, etc.) and the risks that can expose the organization to any form of business impact.
The type of risks that can impact a business is subjective to each organization (i.e., size, geography, industry) and should not be managed as universally equivalent. Risks can be described as any threat event, whether internal (can be controlled within the boundaries of the organization) or external (occur outside the organization and cannot be controlled), that occurs in one of the five major groupings:
- Strategic risk is associated with business functions and commonly occur because of:
- – Business interactions where goods and services are purchased and sold, varying supply and demand, adjusting competitive structures, and facilitating the emergence of new and innovative technologies.
- – Transactions resulting in asset relocation from mergers and acquisitions, spin-offs, alliances, or joint ventures.
- – Strategies for investment relations management and communication with stakeholders who have invested in the organization.
- Financial risk is associated with the financial structure, stability, and transactions of the organization.
- Operational risk is associated with the organization’s business operational and administrative procedures.
- Legal risk is associated with the need to comply with the rules and regulations of the governing bodies.
- Other risks are associated with indirect, nonbusiness factors, such as natural disasters and others as identified based on the subjectivity of the organization.
The approach for how to determine business risk is done by completing a risk assessment as an output of their overall risk management program. Determining the need for investing time, money, and resources into digital forensic capabilities comes from completing both a qualitative and quantitative risk assessment to ensure that a thorough understanding of the potential risks is achieved. Following these assessments, a complete picture of all potential risk can be used to perform a cost-benefit analysis that will ultimately determine whether it is feasible to implement in-house digital forensic capabilities.
At the end of this step, organizations will have answered the question of “why” they need in-house digital forensic capabilities.
Step 2: Outlining Business Scenarios
If a business risk exists and there is a positive return on investment (ROI),2 then implementing appropriate digital forensic capabilities is beneficial. As stated previously, every organization is unique and has different business profiles that present different requirements for in-house digital forensic capabilities. Enhancing digital forensic capabilities within an enterprise must also take into consideration the influences of the business’s operations so that strategies can be developed to adequately manage risk.
Outlined below are multiple business scenarios where digital forensics can be applied to manage business risk. While the applicability of all scenarios might not fit the profile of every organization, it is important that each is illustrated and understood so that they can be considered for relevancy.
- Reducing the impact of cybercrime: With information technology (IT) playing an integral role in nearly every business operation, the evolving threat landscape continues to increase risks associated with organizational assets. Using a threat modeling methodology, organizations can create a structured representation of the different ways a threat actor can go about executing attacks and how their tactics, te...