CYBER FORENSIC ASSESSMENT
A forensic investigation of digital evidence is commonly employed as a post-incident response to a serious information security incident. There will be many circumstances where an organisation may benefit from an ability to gather and preserve digital evidence before an incident occurs. Forensic readiness is the ability of an organisation to maximize its potential to use digital evidence whilst minimizing the costs of an investigation. Preparation to use digital evidence may involve enhanced system and staff monitoring, technical, physical, and procedural means to secure data to evidential standards of admissibility, processes and procedures to ensure that staff recognize the importance and legal sensitivities of evidence, and appropriate legal advice and interfacing with law enforcement.
Digital evidence is critical for investigation and assessment. Identifying the evidence in a heap of data and logs is challenging. Besides data, it involves all types of digital media such as PCs, tablets, flash drives, digital cameras etc. It entails examining digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information. Digital assessment must be such that it creates a chain of custody leading to the identification or root cause of the incidence. A complete documented digital assessment is important to understand the cause of an incident.
It also proves to the employees & management and regulatory authorities that the company has the capability and resilience to identify, track and take actions on such people, employees & third parties who have caused the security incident.