Computer forensics is one of the least talked about niches in cybersecurity. Rather than the other areas of cybersecurity that are all about prevention, computer forensics only takes place after you suspect a data breach has taken place. Simply put computer forensics is a branch of digital forensic science that focuses on finding evidence found on computers and digital storage devices. It is used in both the private sector and public sector as well as in law enforcement for getting evidence during criminal investigations. When is computer forensics used? The purpose of computer forensics is usually one for two things:
1) The company suspects that a system may have been compromised and they want to determine what the hackers may have done on that machine and the larger network. It’s important for companies to know this so that they can figure out what they need to do to correct the mistake.
2) It’s also used if the company suspects misconduct by an employee and wants to gather evidence to either get the person terminated or taken to court.
Tips for effective computer forensics
Don’t power off machines: If you ever have a suspected hack, many people’s first reaction is to power off all of the infected machines to prevent the virus from spreading on the network. However, this is not a good idea because by powering off the machine you will destroy any evidence held in the computer memory. Computer memory is volatile, which means once the computer loses power it’s lost forever. Never work on the original machine: Anytime you are going to do forensic work you want to make sure you are working on a copy of the original computer image, you never want to work on the original copy. This way you have a copy to show the original state of the machine and you don’t run the risk of changing it during your investigation.
Get professional software: While computer forensics software can be expensive, they are essential for doing computer forensics effectively. Investing in commercial software will make the process much quicker and get you better results than you could be using open source tools. It will also make your results be deemed more reliable if you need to take the findings to court.
Autopsy a high quality open source forensic tools - Source @ medium
How to get more free content
If you like this article and would like to read more of our content for cybersecurity insights, tips and tricks feel free to follow us on our social media. If you’re a struggling business owner who needs help in assessing their business’s cybersecurity posture feel free to take advantage of our free introductory assessment and we’ll help you figure out a game plan for keeping your company safe.