As data breaching of computers becomes more common and vicious in the modern age, so must forensics become more advanced to combat attacks effectively. The large majority of these computer breaches originate from an external source, rather than internally, so loss of information has become a primary concern. As a result of this, it is vital that big companies are more prepared against hackers, with the assistance of highly-trained professionals as well as state-of-the-art technology. Experts should have a solid knowledge of all operating systems and adversary profiling as well as digital forensics in order to be truly effective in this area.
Online Digital Forensics
Security conscious businesses can use their online network to keep track of what’s going on at every console related to the corporation. This can be performed even if the computer in question is in another country, allowing experts to uncover pertinent information from e-mail and other communication programs with ease. The one downside to this form of forensics is it can be tedious if the network is slow.
Utilising the Corporate Network
One of the main trends in computer forensics involves using the corporate network. This allows experts to immediately react and counter any attacks or incidents. With it, additional data can be uncovered, including network sessions, running processes and platform communication with ports and IP addresses.
Benefits of the Corporate Network
The corporate network is advantageous as it allows all relevant information to be seen and scrutinised whilst the event is underway. It’s a big step up from piecing the data together after the incident, relying upon splinters of information scattered across the drive. When a console is switched off, much can be lost, especially the RAM. Before the corporate network, hackers could cover their digital footprints by wiping all internet history off the drive. Whilst the proxy server will still provide you with the URLs visited, most key elements needed for real evidence will be gone.
For example, a user in a company is selling drugs over a third party e-mail separate from the corporation, such as Hotmail. An owner can take an image of their hard drive at the end of the day, and discover that the employee uses Hotmail often on company time, and clear their history on a daily basis. However, no tangible evidence will be found. But by using the corporate network, all written conversations and activities will be tracked and recorded as they happen. It is also particularly helpful if the computer in question happens to be halfway around the globe.
According to Rob Lee, an experienced consultant in Washington DC, many of the tried and tested methods of infiltration still work against many corporations today, rather than newer, more advanced techniques. This type of situation should be insured against, yet solutions are still not perfected enough to slow these cyber criminals down. Rather than attempting to prevent this invasion at its inception, it is advised that hackers are captured during the data extraction stage as it is much easier to identify on the system. From there, you can stop the information exfiltration and collection and make it much more difficult for the adversary to hoodwink the system.
Hope Varnes - Editor