Cyber Crime and Forensic Readiness

Cyber Crime and Forensic Readiness

Continually advancing Internet/ Information Technology brings huge benefits to worldwide companies. It does, however, also bring ever increasing threats of computer fraud, security breaches and cyber crimes. In the past, such incidents were dealt with 'after the fact'.

Today, companies need to be ready for potential attacks and subsequent investigations/ responses by implementing measures and installing equipment/ software to continually monitor data processes, detect and prevent potential security breaches and gather/ store relevant information securely. The process of securing potential evidence for digital forensic investigations is known as forensic readiness.

Well organised forensic readiness ties in with existing business readiness/ security and incident/ disaster response/ recovery measures and offers companies varying benefits, including:

Evidence acting in defence of the company in potential lawsuits can be gathered
Comprehensive, continual gathering of evidence may deter insider threats
If major incidents occur, efficient investigations/ responses can be initiated/ conducted rapidly and with minimal business disruption
Systematic evidence storage approaches significantly reduce time/ costs of internal investigations
Structured evidence storage approaches reduce costs of court-ordered, legal or regulatory requirements of data disclosure
Forensic readiness (FR) extends information security targets to include wider cyber crime threats like extortion, fraud or intellectual property protection
FR demonstrates good corporate governance and due diligence concerning information assets
FR demonstrates meeting of regulatory requirements
FR improves/ facilitates interfaces to involved law enforcement
FR improves prospects for successful legal actions
FR provides evidence for resolving commercial disputes
FR supports digital evidence based employee issues (proving acceptable use policy violations, for instance)

Digital forensic evidence is not only useful in computer fraud investigations, but assists in the protection against/ investigation of:

Accidents
Commercial disputes
Content abuse/ theft
Deceptions
Disagreements
Disciplinary employee issues
Economic crimes (fraud, money laundering)
Extortion
Harassment
Identity theft
Malpractice
Negligence
Privacy invasion
Property right infringements
Stalking
Threats

Forensic readiness has the following goals:

Gathering admissible evidence legally, without interfering with employee rights/ business processes
Gathering evidence targeting potential crimes/ disputes adversely impacting organisations
Allowing investigations to proceed at costs in proportion to incidents
Minimising business interruption
Ensuring evidence positively impacts outcomes of legal
actions

Key activities of implementing forensic readiness include:

Defining business scenarios requiring digital evidence
Identifying different types/ available sources of potential evidence
Determining evidence collection requirements
Establishing capability to securely gather legally admissible evidence
Establishing secure evidence handling/ storage policies
Monitoring to detect/ deter major incidents
Specifying circumstances requiring full formal investigations
Training staff in incident awareness, ensuring those involved understand legal evidence sensitivities/ their roles in digital evidence processes
Documenting evidence-based cases describing incidents/ their impact
Ensuring legal reviews facilitate actions in response to incidents

Detailed information on these activities can be found in the International Journal of Digital Evidence (Issue 3; Volume 2; Winter 2004).

14

We've Moved!

UK Web Hosting are now HostPresto! Same company, same great products, same amazing support - just a new name!

Go to hostpresto.com