Digital Forensic Analysis: The Key Component in the Post-Attack Process
Earlier this week, the UK based telecommunications company TalkTalk was the target of a devastating cyber-attack that will potentially affect all of the company’s four million customers. A sustained attack on the firm’s infrastructure made customer account information such as names, e-mail addresses, home addresses, telephone numbers, credit card numbers, and bank details available to hackers due to a lack of encryption of sensitive customer data.
The US Internal Revenue Service has also been the target of multiple large-scale cyber-attacks in the last year. An attack on the IRS in late May allowed tax information of around 114,000 US citizens to be accessed and exploited by cyber criminals. For the IRS, this was one success out of 111,000 unsuccessful hacking attempts made this year alone.
The sad reality of the situation is that attacks like those on TalkTalk and the IRS occur every day and affect the lives of millions. In order to make any headway on identifying the parties responsible for these attacks, it is essential that digital forensic analysis be conducted on the company’s network, data, and devices. Various devices have the capacity to be analyzed, from computers, cell phones, and tablets to laser printers and scanners.
Digital forensic services are commonly used in criminal and private investigations. They involve the identification, preservation, analysis, and presentation of digital evidence. In order to gain access to digital evidence, a digital forensic analyst might take a look at a device’s hard drive in order to gan access to all data that has been access on that particular device (even deleted files), or they might also analyze the system as a whole, taking the network and its structure into account.
LMG’s Director of Forensics, Geoff Curtis, explained the role of digital forensics in many cyber-attack cases as “a process of figuring out what exactly was accessed by hackers as quickly as possible, which serves to answer two main questions: ‘Were clients actually affected?’ and ‘Do we still have a threat?'”
The two main questions that Geoff addressed are essential in assessing risk involved with the attack. Immediately after the attack, the goal is to determine if the hackers still hold any control over the website and its information, which makes it possible to determine if the hacker still presents a threat to the company.
In many cases, no sensitive information has actually been taken, but hackers will scare their targeted firms into paying a ransom so that the information that the firm believes to have been taken will not be exploited. In cases where information has actually been taken, on the other hand, stakes are extremely high. The hackers know that they hold a lot of power over the firms, and will go to extreme lengths to exploit the firm’s information and details about the network that they have breached.
Luckily, there are many firms that specialize in digital forensic services, which exist to aid companies in assessing risk following breaches in security. Here at LMG we offer a variety of digital forensic services, including digital forensic case strategy, cell phone, computer and network forensics, e-discovery, and expert witness testimony.
Digital forensic analysis is a key component involved in finding the source of cyber-attacks and identifying the individuals involved. If you would like to learn more about digital forensics and the services offered by LMG, send an e-mail to [email protected].
