Digital investigations are becoming a key component of incident response plans, especially for the government, reports Angela Moscaritolo.
Sit down with a forensic investigator for an hour and you're sure to hear some interesting stories.
Like the time a digital investigation was initiated after a university student in Western Canada, who was using his school's internet connection to distribute child pornography, left a thumb drive containing illicit material in a public computer. The perpetrator was, incidentally, nabbed by police after stopping by the school's IT department asking if anyone had turned in the missing device.
Or, there was the time a forensicator – what digital investigators often call themselves – had to dig into a deceased employee's computer to determine if anything work related caused the person to take their own life.
The field of computer forensics is still a relatively new discipline, and is constantly evolving. A combination of law and computer science, the field is defined as the practice of gathering and examining data from computer systems, networks and wireless devices in a way that, if necessary, will hold up as evidence in a court, according to the U.S. Computer Emergency Readiness Team (US-CERT), the operational arm of the National Cybersecurity Division at the U.S. Department of Homeland Security.
Historically driven by human relations and legal issues, in cases like the examples above, digital investigations are now increasingly being launched following data breaches and suspected computer intrusions, experts say. With the frequency and sophistication of today's cyberattacks, computer forensics has become an integral aspect of information security incident response plans, especially for those in government and the technology and defense industries.