How Significant is Computer Forensics to Cybersecurity?
When thinking about forensics, you might think of a CSI detective punctiliously looking for evidence on the crime scene, linking subtle pieces of evidence together, and doing rigorous scientific tests to ascertain the full story of the crime. While probably less dramatic than what you see in movies, forensics is the techniques used in connection with the detection of crime. With the world becoming more and more inseparable from tech (some might argue that it already is), a different branch of forensics has been created to deal with digital crimes and data breaches, computer forensics.
What is Computer Forensic?
Computer forensics focus on evidence found in computers and digital storage media. Computer forensics aims to identify, preserve, recover, analyse and present facts about the digital information on various types of electronic devices. Oftentimes, computer forensics a technique and method for digital crimes. For example, if a person is under interrogation for breaching data, computer forensic experts could recover information from the suspect’s device, and that information can then be used in court as evidence. Just as how we leave traces of ourselves in the physical space, we leave these ‘traces’ in the digital space too.
Computer Forensics and Cybersecurity?
Cybersecurity deals with the protection of data and information of an organization or individual while computer forensics deal with the investigation and aftermath of an incident. How are they related?
Prevention through learning
After the computer forensics team deals with an incident, there are usually reports and trends on how the hacker got in the system or how the data was breached. Lessons can be learnt from these incidents through computer forensics most of today’s cybersecurity practices are created through the failures of previous systems and software. One example would be 2008’s worst cyberattack in US military history. Many classified military data was compromised during that data breach. It was found that the breach was caused by a USB flash drive inserted by their personnel inside the military computer’s network, bypassing all security measures. Upon further investigation, it was found out that the individual who inserted the USB was not a malicious insider, but instead, a naïve employee who thought he had just found a free USB. The cybercriminal scattered hundreds of USB’s with malware in the vicinity, just waiting for an unsuspecting employee to pick it up. With the US military’s experience, many other organizations have taught their employees not to connect any unidentified hardware to their systems.
Another cybersecurity function that relies heavily on computer forensics is anti-virus software. Anti-virus software can learn how viruses infect a system through computer forensics. Anti-virus systems would periodically update their software to patch vulnerabilities. These vulnerabilities are often investigated by computer forensic scientists and then shared with cybersecurity experts and programmers to patch the anti-virus system, preventing other systems from getting infected.
Data recovery is an important function of computer forensics. When under investigation, recovering deleted information can be crucial for the case. However, in cybersecurity, this function is often used when disaster strikes businesses.
Disasters such as a DDoS attack , destruction of a data center, or data sabotage by a malicious insider could cause businesses to lose critical data. That’s when Disaster Recovery is needed. Disaster Recovery, often abbreviated as DR is a structured plan for how an organization should respond to a major catastrophe as mentioned above. Computer forensics can analyse present facts (whether you have backup data, whether data is recoverable etc.) and determine the best path your organization should take, whether it is to upload your backup data to another server, or to salvage recoverable data from the disaster site.
Computer forensics is crucial to cybersecurity, especially at a time when - [www.imcgrupo.com/covid-19-news-fbi-reports-300-increase-in-reported-cybercrimes/“>cybercrimes are rapidly increasing](<cybercrimes are rapidly increasing. >) . Without computer forensics, many of today’s cybersecurity practices and software would not be possible.