Part 1: Transforming Cybersecurity Through Digital Forensics – Aghiath Chbib

Cyber security breaches have become rapidly one of the main concerns among all kinds of organizations. Even though companies are investing in complex new solutions against undesired guests, the task has never been easier. The various backdoors, loose ends and interconnected computer systems, mean that these intrusions are sometimes… inevitable. If unfortunately that happens, companies are left with little options but to quickly spot where the vulnerability was, fix it and learn from it, to prevent future attempts. Once the hysteria has passed and functionality has been restored, it is about time that investigators jump in, to gather all possible evidence to find out who the perpetrators were and what they were after.

To do so, investigators can make good use of an impressive solution: Digital Forensics. This new field can make the tides change completely in an investigation. The shift to the digital world brings many challenges for justice seekers, but it also opens up new opportunities in the shape of traceability and records hidden within the malware software used to break through a system. Everything that is done in an electronic device leaves watermarks, inputs that can be traced down and followed if needed. Digital Forensics, therefore, is the science responsible to crack those marks.

What is Digital Forensics

Academically, according to the US-CERT forensics publication, “Digital forensics is the discipline that combines elements of law and computer science to collect and analyze data from computer systems, networks, wireless communications, and storage devices in a way that is admissible as evidence whether during an investigation inside any organization or in a court of law.”

What Digital Forensics sought after is digital evidence when a crime/security breach is committed. This digital evidence is information stored or transmitted in binary form that may be relied on, in court. It can be found on a computer hard drive, a mobile phone, a personal digital assistant (PDA), a CD, a flash card in a digital camera, and many other places. “Digital evidence is commonly associated with electronic crime, or e-crime, such as child pornography or credit card fraud. However, digital evidence is now used to prosecute all types of crimes, not just e-crime,” as the USA National Institute of Justice described it.

In digital forensics, it is super important not only to trace the data but also to look at the means followed to do so. Not everything is allowed when cracking down other people’s devices, as data can be easily manipulated along the way. That is why there is a really strict procedure that cannot be skipped or omitted, called Chain of Custody. This basically lays down all the steps that an investigator must follow to make sure that the data is genuine and as such can be used in a court of law. It is a must-do procedure to record evidence documentation in chronological events.

What is Chain of Custody

Chain of Custody is a critical step in gathering digital evidence as it holds information about all individuals that participated in the whole digital forensics examination process. The chain of custody process is therefore critical in gathering evidence for Digital Forensics experts.

Although it might be a complex task, there are guidelines that might ease the endeavor greatly. A good investigator needs to follow these guidelines strictly, to preserve the integrity of the final digital evidence and the whole forensic process overall. Those processes are the following:

Preparation of tools and techniquesApproach Strategy. Collect a maximum number of evidencePreservation of physical and digital evidence and isolate them to ensure their integrityCollection and duplication of all digital evidenceExamination. In-depth search of evidenceAnalysis of all evidencePresentation. Explanation and a summary of the whole processReturning Evidence and lessons learned. The final step of the investigation process.

What are the challenges companies face in the dawn of new technological developments and how a Digital Forensics Lab can tackle each one of them?

Today, many organizations rely mainly on information technology to process or handle their services internally and externally, and as such, they have become more exposed to e-crime. New technologies and applications that aid companies in their day-to-day functionality comes with a great risk too. Internet of Things, the use of computing Cloud to store private information, Artificial Intelligence within software or new complex databases are just a few of the whole array of new technologies that companies rely on to run their businesses. However, these techs are by definition relatively new and so are the security they are provided with.

Companies face here important challenges that Digital Forensics can help sort out, by setting up an in-house lab. The huge amount of data roaming across a business’ databases, the implementation of underdeveloped new technologies mentioned above, the need of trace information through multiple devices and the increase of threats and variety of malware software, have made the job of an investigator even tougher. The process of properly extracting digital evidence in case of a security breach is now more complex then ever.

Setting up a Digital Forensics Lab is then key to truly become protected if an unintended trespasser is spotted. The heads of the lab must understand the threats a company face to invest the available resources wisely. That regards quantity and quality of installations and equipment; the level of training for new staff; standard compliance and Lab accreditation according to current law regulations; and budget plans for the mid and long terms.

If properly set up, a Digital Forensics lab can quickly act to seize, preserve, and analyze evidences and it keeps the examiner on track by ensuring a proper and effective presentation of findings.

Part 2 will be posted soon

View all posts by Aghiath Chbib

Published by Aghiath Chbib

Results-oriented, adaptable, established executive equipped with 20 years of success driving global business in large, multimillion-dollar organizations and private start-ups. Extensive experience spearheading operations within complex, technology-driven environments ensuring adherence to organizational strategies and best practices. Expert at building and directing high- performing, cross-functional teams with a focus on leadership, collaboration, and continuous growth.
Business-minded visionary adept at leveraging technologies to achieve marketplace advantage and meet strategic goals and objectives. Dedicated to employing deep knowledge of industry-leading systems and processes while driving business impact, ROI, and performance. Technically-advanced, trusted professional and renowned expert in cybersecurity, AI, Blockchain, and digital forensics, as well Aghiath is an Author in Intelligenthq, bizcatalyst360, Openbusinesscouncil, and Hedgethink.

Published January 16, 2019February 11, 2019

Latest articles

Related articles