Home>Articles>Forensics>The Art and Science of Cyber Security Forensics

The Art and Science of Cyber Security Forensics

Most people relate the term ‘forensics to the television shows that involve investigative authority organizations. Yet in today’s technology driven world we now have additional levels of forensics in the realms of the cyber universe. Unlike physical detection methods such as fingerprints or DNA, cyber security forensics involve delving into the depths of the data and information on the internet and whatever ‘rabbit hole’ direction that it takes.

Techtarget offers an excellent description of this area of investigation: “Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. The goal of computer forensics is to perform a structured investigation while maintaining a documented chain of evidence to find out exactly what happened on a computing device and who was responsible for it.”

Those professional investigators that are involved in cyber forensics are required to have a high level of education as well as certifications. These individuals need to know both standard protocols and procedures and have the abilities to dig into the darker side of the internet, networks and the details of the data itself.

Forensic investigators make use of many different techniques and have access to proprietary forensic software that allows them to examine, locate, and safely segregate the areas and devices in question. They can seek out and find hidden folders and software, make digital copies, lockout and secure the technology so that it can be used as official evidence. The importance of this science is in maintaining the integrity of the research so that the results can be verified for use in preparation for legal proceedings, litigation or depositions. These investigators are also used in searching for various hidden areas that involve cyber hacking, cybercrime and Trojans so that an individual or company can be returned to standard business operations and the authorities can be given the ‘trail of evidence’ to help to locate the criminals.

Data manipulation and/or deletion is a slippery slope in the digital world. It is therefore important to be able to have the high level professionals with the expertise to blend both the art of investigation and the science of the technology to ensure perfection in the reporting process.

As per forensics.nl: “There are essentially three phases for recovering evidence from a computer system or storage medium. Those phases are: (1) acquire, (2) analyse, and (3) report. Often, the results of a forensic investigation are used in criminal proceedings.” They continue to detail: “There are two categories of computer crime. Criminal activity that involves using a computer to commit a crime, and criminal activity that has a computer as a target.”

“Digital forensic analysis should be incorporated as part of every organisation’s process for dealing with incident reporting. Calling in professionals such as Da Vinci Forensics empowers a company to have a shorter time span to locate and resolve the problems, reduces the amount of downtime as well as the potential financial and reputation loss. In the case of a cybercrime incident, time is of the essence and the goal of our team is to find answers quickly and efficiently.”
 Da Vinci Forensics