Wednesday, May 31 2023

Digital forensics is the process of collecting, storing, and quantifying digital evidence to be used as the result of some action that takes place.

Digital forensics

Most forensics are going to take place from one of two reasons.

For in-house incident, which means somebody has broken an important policy and we need to be able to document that they’ve done this and have to go through a process of forensics.

For outside world incident, which is mostly from a legal hold.

Legal holds are documents that are sent to an organization from another organization. Lets assume organization A and organization B. The intent is to let the other organization B know that the organization A is going to do some exploratory information and that another organization B has to provide that information for them in such a way that they, organization A, can do legal discovery they need to do to.

First concept to be understood from digital forensics is the chain of custody.

The whole idea behind chain of custody is the fact that you or someone underneath your purview is going to be gather evidence against somebody or something. This someone has been looked at as a suspect. And that somebody or something has a chance of losing their job or losing money or losing freedom or even losing honor.

The presenting evidence of the data that has been collected should be of high integrity, means that there should be no claim from the suspect that the name has been changed, the time of the incident gathered has been manipulated, the data collected has been tempered. or the data was gathered days later.

So the whole idea of chain of custody is to show good integrity of the evidence itself.

So the best way to do this is through the chain of custody process.

The cornerstone of chain of custody is a chain of custody form.

Custody forms contain very specific types of information, such as:

1. Defining the evidence, like what are we actually collecting here,

and what does it look like, how does it form? That could be an image of a hard drive. It could be an image from a thumb drive. It could be a video. Whatever it might be, but we define it.

2. Documenting the collection method, one of the big things that we have to worry about is that people will challenge us that we may have changed data.

So there’s a number of collection methods that allow us to grab data from mass storage without affecting it.

3. Date and time collected, It can be very important that we determine exactly when this particular evidence was collected.

4. The people handling the evidence, we need to know the names that includes contact information email that type of information.

Exactly telling who’s handled the evidence and we’re not just talking about the people who collected it, and anybody down the chain as well.

5. The function of the person handling the evidence, that actually means, is this person an in-house I.T. person etc.

In particular we do this to show that these people are qualified to do whatever part of the chain of custody they’re involved in.

6. Locations of the evidence, evidence will move over time from the initial collection to being stored in a storage room to potentially be moved to law enforcement. We need to be able to document all of those steps.

When you approach a computer to begin gathering data, one big concern is the order of volatility. We will cover the volatility and other concepts in the subsequent blogs.

Previous

Deepfake technology! More threat than amusement

Next

Juice Jacking - A new cyber threat!

Check Also

Widget

Don’t Miss

Cloudburst Technologies Raises $3 million in Seed Funding

Julia Bischoff

Cloudburst Technologies, a monitoring and threat intelligence provider, announced that they raised $3 million in their seed investment round. Investments were led by Strategic Cyber Ventures with participation from Coinbase Ventures and Bloccelerate. Cloudburst Technologies specifically provides tools aimed at tracking and combating fraud in the cryptocurrency market. Investigators can do so without relying on […]

Two people collaborating over a computer by Desola Lanre-Ologun

Cyber Deals: Cloudburst, HUB Security, and Soucepass

Julia Bischoff

Cybersecurity venture funding activity and mergers and acquisitions: This week’s most sizable deals included AI powered security service providers and computing platforms. Funding Threat solutions provider for cryptocurrency Cloudburst Technologies raised $3 million in the seed funding round led by Strategic Cyber Ventures in order to help build on their current technology. HUB Security, a […]

Cyber Executive Moves: Vimeo, IntelePeer, National Cybersecurity Center, and More

Julia Bischoff

Former Tesla CISO joins Vimeo, NCC welcomes new board members, and Greenway Health hires new CISO. Video sharing platform Vimeo welcomes Mark Carter as their first chief information security officer. Carter has a variety of experience in the industry including serving as chief information security officer at Tesla.    Greenway Health, a health services software […]

NetBox Labs Raises $20 Million in Series A To Drive Open Source Transformation of Networking Industry

SecureDisruptions

NetBox Labs, an open source network management and automation startup, announced it has raised $20 million in Series A funding. Flybridge Capital is leading the investment with participation from GGV Capital, Grafana Labs CEO Raj Dutt, Mango Capital, Salesforce Ventures, Two Sigma Ventures, IBM, the Founder Collective, and Entrée Capital. As part of the round, […]

Fivecast Completes $20M Series A Raise With New US and Existing Australian Venture Investors

SecureDisruptions

US-based cybersecurity venture capital firm Ten Eleven leads funding, joining existing backers in CSIRO’s Main Sequence and South Australian Venture Capital Fund Australian open-source intelligence software company, Fivecast, has closed its Series A funding round with almost $20 million (AU$30m) raised to fuel its expansion and service contracts in key markets, including Five Eyes nations, […]

Push Security Raises $15M and Launches New Visibility and Employee-Powered Tools to Help Enterprises Scale SaaS Security

SecureDisruptions

LONDON–(BUSINESS WIRE)–Push Security, a SaaS security company, has raised $15M in Series A funding. GV (Google Ventures) led the funding with participation from Decibel and notable angels, including Dug Song, co-founder and former CEO at Duo Security, and Tray.io co-founder and CEO Rich Waldron. GV General Partner Karim Faris and Jon Oberheide, co-founder and former […]