Digital (cyber) forensics - security awareness module for October
The NoticeBored awareness materials are not
Given the nature of forensics, it is essential to take legal advice
from qualified professionals in this area.
Background and scope
IT systems, devices and networks can be the targets of crime as in hacking, ransomware
and computer fraud. They are also tools that criminal use to research, plan and coordinate their crimes. Furthermore, criminals use technology routinely to manage and conduct their
business, financial and personal affairs, just like the rest of us.
Hence digital devices can contain a wealth of evidence concerning crimes committed and the criminals behind them.
Since most IT systems and devices store security-related information digitally, digital
forensics techniques are also used to investigate other kinds of incidents, figuring out exactly what happened, in what sequence, and what went wrong ... giving clues about
what ought to be fixed in order to prevent them occurring again.
It’s not as simple as you might think for investigators to gain access to digital data, then
analyze it for information relevant to an incident. For a start, there can be a lot of it, distributed among various devices scattered across various locations (some mobile and
others abroad), owned and controlled by various people or organizations. Some of it is volatile and doesn’t exist for long (network traffic, for instance, or the contents of RAM).
Some is unreliable and might even be fake, a smoke-screen deliberately concealing the juicy bits.
A far bigger issue arises, though, if there is any prospect of using digital data for a formal investigation that might culminate in a disciplinary hearing or court case. There are
explicit requirements for all kinds of forensic evidence, including digital evidence, that must be satisfied simply to use it within an investigation or present it in court. Ensuring, and being able to prove, the integrity of forensic evidence implies numerous complications
and controls within and around the associated processes. They are the focus of this month’s awareness materials.
October’s NoticeBored security awareness module:
Describes the structured process of gathering digital forensic evidence and investigating cybercrime and other incidents involving IT;
Addresses information risks associated with the digital forensics process;
Prompts management to prepare or review policies and procedures in this area, training workers or contracting with forensics specialists as appropriate;
Encourages professionals with an interest in this area to seek and share information.
Consider your learning objectives in relation to forensics. Before you get carried away by the topic, fascinating though forensics may be, consider
whether there is a genuine need for awareness in your organization:
How often has your organization actually engaged in digital forensics? Have there been situations where it might usefully have done so if only it had been prepared?
When was the last [potential] court case, and how did it work out?
Is your organization relatively experienced and competent in this area, or inexperienced and na´ve?
Are there particular aspects of concern? Are there any specific changes you or your management would like to see in the organization’s digital
forensics practices, and hence awareness messages you’d like to put across?
As well as taking legal advice and customizing the NoticeBored materials to suit your awareness branding and objectives, feel free to blend-in additional
content. Use the materials in the company newsletters and magazines, your intranet Security Zone, in awareness events and training courses, and for new employee induction or orientation purposes.