Digital Forensics
Plan, Prepare and React to Security Breaches.
springcrestsolution can help your organization prepare for, and
quickly respond to, information security events. Our experience
has taught us that with cyber breaches an ounce of prevention
is worth a pound of cure when it comes to Digital Forensics
incidence
- Digital Forensics & Incident Response (Ad-Hoc)Have general
questions about incident response? Need help with something
custom? If the worst happens and you are breached call us
and we will help. Digital Forensics and incidence
response
- Incident Response Readiness – An ounce of prevention is worth
a pound of cure. Don’t wait for something to happen. Prepare
now!
- Incident Response Planning – Get organized. Stay compliant. Documenting
and regularly updating your incident response plan is important.
- Mock Incident Response – Does your incident response plan work?
When was the last time you tested it? Have springcrestsolution
run you through a real-life scenario today!
- Executive Management Consulting – Having trouble getting buy-in
from you executive management team? springcrestsolution will
help you develop and deliver an executive-friendly message.The
Distinction Between E-Discovery And Computer Forensics (Digital
Forensics and incidence response)For many but the most well-versed
in the world of computer based evidence, the terms ‘electronic
discovery’ and ‘computer forensics’ may seem synonymous but
in fact, they fulfill very different roles, and involve a
very different level of expertise.Electronic discovery, usually
shortened to e-discovery, is a term rooted in the American
civil legal system and refers to the stage prior to a trial
when a request is made by one party that the other hand over
any and all archived electronic material that they hold in
relation to the case. This will include emails, word processing
documents, spreadsheets and other data.Once handover has
occurred, e-discovery involves the process of sifting through
huge amounts of ‘raw’ data to remove duplicates (called ‘de-duping’)
and useless information, in order to bring it together at
a single location so that it can be searched electronically
with ease by investigators or the lawyers representing that
party.
Sometimes, e-discovery is used to recover data from a damaged
computer, but often it is used to investigate whether a company
is compliant with the law in the way that it stores and handles
data. For example, in 2006, Morgan Stanley was fined 15 million
USD because it was found to have email archiving that was
not in line with that required by law.In criminal cases,
however, or indeed civil cases in which computer use or misuse
is at the core of the activity in question, e-discovery may
not be considered a satisfactory approach to evidence recovery,
since it does not attempt to recover deleted or hidden data.Computer
forensics, also known as digital forensics, on the other
hand is a much more specific discipline, which involves the
analysis of computers and other electronic devices in order
to produce legal evidence of a crime or unauthorized action.
As such, computer forensic investigations often deal with
the recovery of deliberately deleted or hidden evidence,
or evidence of activity that leaves no obvious trace, such
as the connection of a USB storage device to a PC.As such,
while e-discovery is essentially a process of organizing
data, computer forensics is a considerably more complex process
which involves highly technical procedures such as ‘data
carving’: the act of looking for flags in un-indexed, raw
data which suggest the start and end of a block of data so
that a single deleted file can be reassembled.Because computer
forensics is concerned with producing court admissible evidence,
all investigations must follow a strict path that is fully
audit-able in line with the guidelines of the Association
for Chief Police Officers for the handling of computer based
evidence. If these guidelines are not properly adhered to,
evidence could be thrown out of court. For this reason, computer
forensics experts are often called to the stand to testify
as to their findings and defend their methods under cross-examination.It
is clear then, that the differences between e-discovery and
computer forensics are considerable, not only in terms of
remit, but also in terms of the level of technical knowledge
and skill required to successfully carry out an investigation.
There is, of course, a place for both disciplines, but it
is clear that e-discovery is rarely an appropriate tool for
use in criminal rather than civil or legislative matters.