On Evidence
The murder of Garrett MacNamara – who is responsible?
In her book “Chain of Evidence” Cora Harrison described that a dead body of Garrett MacNamara, a local leader, was found on the road after a herd of cows has escaped, what was initially assumed to be a tragic case of Garrett being squashed to a pulp by livestock became more sinister when some local people claimed they saw a chain attached to the mutilated body – which has now disappeared. Who was the murderer?
Sony Hack … who is responsible?
In the last several weeks, more details of the infamous Sony Hack have filled the news pages – both on and offline – making it seem to be one of the worst corporate breaches ever to be seen. But while the Sony hack ranks 33 out of 35 for greatest number of records breached. Refer to http://www.idigitaltimes.com/10-largest-data-breaches-2014-sony-hack-not-one-them-403219
Evidence, Evidence and Evidence
Like physical crimes calling for authentic, reliable and court admissible evidence, cyber crimes need digital evidence in a similar manner.
Digital Evidence Collection: where and how to start
No – not to wait after an incident occurs …
No – not to collect digital evidence by non-forensic personnel, if done so it will almost certainly result in rendering any evidence inadmissible in court
Yes - before an incident we need forensic readiness and digital evidence is to be collected, analyzed and reported by forensic personnel
Conclusion
Forensic Readiness is the key. It refers to the ability of an organisation to maximize its potential to use digital evidence whilst minimizing the costs of an investigation.
The organization should analyse key scenario of cyber attacks and data breaches done by potential insiders and outsiders. It will implement ongoing evidence collection mechanism, network & server logging ahead of incidents. How an organisation’s staff initially reacts when discovering a security breach is of paramount importance. Without a formal forensics readiness plan, digital forensic evidence could be tampered with, changed, mismanaged or lost completely causing any post incident investigation to stumble or fail. Opinions will then prevail and not facts.