Once a cyber incident is identified and confirmed, the core motive will be to contain the system, isolate the network, analyze the root cause and respond diligently.
Digital Forensic Analysis helps an organization to identify, collect, examine and analyze the data while preserving the integrity of data and maintaining strict Chain of Custody (CoC) following industry standard guidelines. Forensic techniques are used for retrieving evidence from computers. Forensic analysis refers to a detailed investigation for detecting and documenting the course, reasons, culprits, and consequences of a security incident or violation of rules of the organization or state laws. It involves the use of a wide range of technologies and investigative methods and procedures. Forensic specialists gather different types of information by working with electronic devices and also working in a conventional way with the information on paper.
One of the most critical issues in forensic investigations is the acquisition and preservation of evidence in such a way as to ensure its integrity. As with conventional physical evidence, it is crucial for the first and subsequent responders (defined as “Digital Evidence First Responders” and “Digital Evidence Specialists”) to maintain the chain of custody of all digital forensic evidence, ensuring that it is gathered and protected through structured processes that are acceptable to the courts. More than simply providing integrity, the processes must provide assurance that nothing untoward can have occurred. This requires that a defined baseline level of information security controls is met or exceeded. Digital forensic evidence can come from any electronic storage or communications media such as cellphones, computers, iPod’s, video game consoles etc. By its nature, digital forensic evidence is fragile – it can be easily damaged or altered due to improper handling, whether by accident or on purpose.
Our approach for Digital Forensics and e discovery follows NIST SP 800-86 and ISO 27037 Standards.