It’s been said that man’s greatest enemy is himself. Nothing could be truer when it comes to protecting our digital data, be it personal information or company secrets. While we rely heavily on anti-virus programs, firewalls, and cybersecurity professionals to keep us safe, the human factor is ever present in the defense of our systems. No matter how strong our security policies are, they will never be able to stop someone from clicking on a bad link and opening the doors for all sorts of nasty things to come pouring in. It’s an unfortunate pitfall of cybersecurity that isn’t going to go away in the foreseeable future.
So how do we stop it from happening? The short answer is simply that we can’t. However, what we can do is learn from our mistakes. That’s where digital forensics comes in.
If cybersecurity is the proactive aspect of protecting electronic data, digital forensics is the reactive aspect. They are two sides of the same coin: one aims to build the wall, the other is dedicated to figuring out where and how the wall broke. They share a push-and-pull relationship and are permanently intertwined.
Digital forensics is the practice of collecting evidence from electronic devices, such as computers and mobile phones, to be used in a variety of ways. This could be as simple as retrieving deleted emails or as complicated as pinpointing the exact date someone accessed a malicious website. While the most obvious application would be law enforcement and legal affairs, it has its place in businesses as well. Want to know where that virus got onto the network? Digital forensics. Suspect someone is misusing company resources? Digital forensics. Have an embezzlement case on your hands? Digital forensics. Just like a criminal leaves fingerprints, fibers, and trace evidence at a crime scene, everything we do on our phones and computers leaves evidence. This ‘digital footprint’ can then be analyzed for a wealth of information.
Take, for instance, the unthinkable happens: there is a huge discrepancy when you attempt to reconcile company finances with your account books. A large amount of money that should be available is missing. The records that should indicate where these funds went are inexplicably nowhere to be found. A digital forensics examiner would be able to dig into the computers of those with access to the accounts to find out if/when those records were deleted from the system. They could follow a trail of emails the perpetrator thought they deleted, read the text messages that they thought had been erased, or even see what websites had been accessed and what information had been entered into those websites. The amount of information available, if you know where to look, is massive.
No one wants to think that all their carefully constructed defenses can fail, but it happens. We use digital forensics to figure out how. We can then plan and implement new cybersecurity strategies to ensure it doesn’t happen again. And when the next problem inevitably arises, we can use the two practices in conjunction with one another to patch that hole, too. In this way, the cycle of digital forensics and cyber security continues.