14 Oct, 2009
B2B in Canberra Magazine (October): Advice Column with Aaron
The term 'digital forensics' in its purest form describes the collection, analysis and presentation of evidence from digital sources including not only computer hard drives, but also Mobile phones, PDA devices, Digital Cameras, Media Players, Network infrastructure and even GPS navigation systems.
Security incidents, while not just counter to the effective running of a business or government enterprise - causing them and their employees' major harm and embarrassment - also bear a significant cost to organisations.
As cited in an Australian Computer Crime and Security Survey: "The greatest sources of financial loss for 2006 was due to theft or breach of proprietary or confidential information (over $2 million on average); computer facilitated financial fraud (over $100,000 on average); and telecommunications fraud (over $60,000 on average)."
An increased awareness about the impact of information security incidents has compelled many organisations to starting thinking and acting proactively about protecting their information assets. However, it is evident that most are still unsure about how to correctly investigate a potential information security breach or incident and what steps they can take to ensure that a forensic examination will progress as smoothly as possible.
As is often the case with matters subject to intense scrutiny (particularly those matters which progress to a courtroom scenario), it is vital that evidence as part of a digital forensic examination is meticulously collected, controlled and presented by trained digital forensic examiners, in such a way as to not affect its admissibility in a court of law. This level of attention to detail is what sets digital forensics apart from regular data recovery and intelligence gathering operations, as usually performed by in-house resources within organisations.
So how should your organisation assess a firm's suitability for providing digital forensic services? Don't be afraid to ask questions about their previous experience and personnel qualifications; ask about the latest tools and techniques used; and definitely ask about their laboratory competency, experience and accreditation.
While they might not always wear the traditional white lab coats and designer eyewear as you see in your lounge-rooms at night, you can be sure that the outcomes delivered by trained, accredited forensics examiners are indeed quality assured and the integrity of the data and the process overall, is always maintained.
Aaron Wooten is the Digital Forensics Technical Manager and consultant at stratsec. For all your information security needs, contact stratsec on T: 6260 8878 E: lab@stratsec.net www.stratsec.net.