São Paulo/SP – December 02, 2022. Computational Forensics or Computational Forensic Analysis can be defined as the science that works with the discovery and investigation of digital evidence found in electronic devices.
*By Nathalia Soares
The constant increase in the number of cyber threats has also led to an increase in the number of information security incidents and cases of data leakage and hijacking in companies of different sizes and markets. Given this scenario, it becomes increasingly important for companies to establish practices and procedures to manage these incidents, as well as to adopt Computational Forensic Analysis practices, so that aspects where security can be reinforced are identified.
What is Forensic Analysis and what are the most common types?
A security incident can be understood as a security-relevant system event in which the System Security Policy is infringed or violated.
Faced with the increase in the occurrence of cyber crimes, it was necessary to implement own means to investigate them, since these crimes occur in the logical environment. This investigation was called Computational Forensics or Computational Forensic Analysis.
Computational Forensics can be defined as the science that works with the discovery and investigation of digital evidence found in electronic devices.
Thus, when there is an incident involving data leakage, invasion of servers and logical environments, kidnapping of databases and information, among other cyber crimes, it is necessary to carry out an investigation at the place of the event, which in this case is the virtual environment.
To learn how to act in order to preserve the crime scene and its evidence, we will discuss the types of forensic analysis and the importance of preserving evidence and chain of custody.
- Forensic expertise in “in vivo” systems
Given the volatility of some data, the "in vivo" analysis has become a resource widely used by professionals. Information contained in RAM memory or data not stored is lost when the system under investigation is turned off. When considering that a significant part of the data transferred in this environment will not be recorded on disk, the analysis of RAM memory can offer valuable evidence.
In addition, there is a way to preserve this information through specific tools and procedures.
Therefore, it is important to investigate, collect and preserve evidence of the environment before turning it off.
- Forensic expertise "post mortem"
The analysis of media and storage devices, which aims to analyze the stored data, is known as “post mortem”, since it does not need to be done in the environment before turning it off.
For this analysis, specific procedures and tools are also used.
- Chain of Custody
The extraction of evidence must be done by a specialist professional and following strict procedures, in order to guarantee the confidentiality, integrity, availability, authenticity and non-repudiation of this evidence.
The Chain of Custody consists of the process of methodical, chronological, careful and detailed recording of the search and seizure, including the handling, custody and path of the traces collected in the crime environment. These traces, after being analyzed, will be presented in the form of an Expert Report. The Chain of Custody is important to guarantee the integrity of the evidence, preserving its reliability and transparency.
Benefits:
Computer Forensic Analysis is important both to mitigate the damage caused by cyber incidents and to understand which vulnerabilities were exploited and thus learn and prevent similar incidents in the future. Other benefits that can be obtained by establishing this practice are: collecting evidence for legal or administrative processes, verifying the integrity of information and data, and searching for hidden information in image files.
— Nathalia Soares is a GRC Consultant at [SAFEWAY]
How can we help?
THE SAFEWAY is an Information Security consulting company recognized by its clients for offering high value-added solutions through projects that fully meet the needs of the business. In 14 years of experience, we have accumulated several successful projects that have earned us credibility and prominence with our clients, who largely make up the 100 largest companies in Brazil.
today through 25 strategic partnerships with global manufacturers and our SOC, SAFEWAY is considered a one stop shopping with the best solutions in technology, processes and people. We have both the technical skills and the experience necessary to assist your company in the process of structuring controls and preparing the environment for the implementation of an ISMS, SGS or SGCN and, consequently, certification of operations, services or companies to the ISO27001, ISO20000 or ISO22301 standards.
In order to support companies in this process of evaluation and adaptation to the requirements of the LGPD, [SAFEWAY] has in its portfolio of services, the Cybersecurity Health Check whose objective is to carry out a diagnosis of the CyberSecurity, Information Security and Data Privacy implemented in your company, contemplating the pillars of Law Suit, People and Technology.
through the Cybersecurity Health Check, risks associated with information security and privacy of internal processes and activities are identified, existing controls and new controls evaluated according to the size of your organization to increase the level of maturity and compliance, in accordance with good information security practices. If you would like more information, contact one of our experts!
