Larry Brandolph

I think ethics plays a role in digital forensics because as investigators it’s our job to tell what we can prove to be the true story as it happened with a piece of computer technology. In some cases we might be the only ones who truly understand the evidence and the artifacts which puts us in a position of incredible influence. We can not allow ourselves to let a story venture into guesses and assumptions because it could really cause significant damage. On the other side of that we might be in a situation where we are investigating an incident involving a friend or a powerful individual. It’s still our duty to do an ethical investigation, even if the facts lead us to difficult conclusions about those individuals.

In digital forensics, contact with sensitive data is the norm, so proper ethical standards are important. Examiners are given privileged access to information systems and data, and may be exposed to trade secrets, threats to national security, or information that is highly valuable to private parties. Since examiners require a high skill-set and often work with those who are not tech savvy, it is important for examiners to have good-moral character so they do not take advantage of their victims and clients. Although laws and contracts are drawn to create boundaries and obligations to protect intellectual property rights, privacy rights and public welfare, it is still up to the examiner to uphold these laws, and use their best judgment when confronted with an unethical situation that is not addressed by law or policy. Since technology is constantly evolving, examiners should follow a code of ethics which represents a standard of acceptable conduct for all possible procedures within the profession.

Digital Forensics is very growing field and plays critical role in investigations, but still there is no code of ethics that would protect confidentiality of data and evidence, investigation integrity, human behavior and honest investigation principles.

Given enormous number of technologies, there are certain technical trends affecting ethics of forensics, which complicates investigation given the possibility for a potential evidence to be exposed to various media, thus causing disclosure, and also causing issues with company policies that have weaknesses, for example:

– Social Media (Forums, Facebook, Twitter, etc.).
What information can/can’t be shared to prevent company’s data leak in public media? Even if there is policy, how to make employees be honest and comply with policy

– Mobile Devices (BYOD). The use of personal devices policies.

– Cloud Computing. Issues with transferring data from company device to a personal cloud storage

Ethics of Forensics affect attitude of people at workplace. Division between home and work raise certain issues such as keeping Confidential documents undisclosed. Massive information from different sources complicates investigation, especially when people might have company data not only on company device but also stored on personal computer. So, having so many technologies create problems such as sourcing all secured/non-secured locations of documents/evidence.

Healthcare has strong ethical standards that are being enforced by the government, whereas there are no comparable professional norms and moral ethics in Forensics. Without standard ethics, Forensics has many weaknesses that can be exploited and used in positive or negative ways. Forensics is growing at a fast pace and professional ethics must exist to ensure integrity of investigation and compliance with law and professional moralities.

Professionals in forensics recover, analyze, process, and testify about digital evidence in court. Additionally, examiners are given access to information systems and data to be able to investigate. Throughout their investigations, it is possible they are exposed to trade secrets, threats to national security, personal information, etc. Due to the strong influence examiners have in court and the exposure of data and information, they need to abide by ethical standards, which plays a major role in their daily activities. The examiners need to be familiar with the law and professional norms of cyber forensics, which will allow them to point out any unethical issues/events that arise. Also, the digital forensics field requires its examiners to act with honesty and truthfulness. Good moral character is required because forensic professionals cannot allow outside elements impacting their investigations. This could be that they see an opportunity to take advantage of a situation resulting in some type benefit for them or if the investigation involves a family member, friend, or an influential/powerful individual. Overall, it is important for them to complete their job with no outside influence or assumptions and just follow what the evidence shows them. The issue with ethics in digital forensics is the lack of professional and ethical standards governing professionals in the field. Universally accepted standards do not exist. For example, some states require digital forensic examiners to be licensed as private investigators. Another example is the Texas Private Security Bureau requires annual fees, fingerprint cards, criminal background check, evidence of training and experience, and proof of liability of insurance.

I think we need to define three things when answering this question. These come courtesy of Google or Wikipedia.

1. Ethics: moral principles that govern a person’s behavior or the conducting of an activity

2. Justice: understandings of justice differ in every culture, as cultures are usually dependent upon a shared history, mythology and/or religion. Each culture’s ethics create values which influence the notion of justice. Although there can be found some justice principles that are one and the same in all or most of the cultures, these are insufficient to create a unitary justice apprehension.

3. Forensic science is the application of science to criminal and civil laws, mainly—on the criminal side—during criminal investigation, as governed by the legal standards of admissible evidence and criminal procedure.

Ethics plays a fundamental role in the way we define acceptable behavior. When society deems certain behaviors unacceptable (this is going to vary hugely from society to society at times) and demands “justice” to rectify a violation of ethics, our society looks to the judiciary. Forensics is a method of providing evidence to that judicial process. Without ethics we wouldn’t have the field of digital forensics.

There’s a lot more too this, though and people have been philosophizing around definitions for justice for millenia.

The Code of Ethics plays undeniably a very important role in the profession of digital forensic because of the result of the outcome, the kind of information that can be access and the influence of how pieces of evidence are investigated and presented. From what it is already said and posted here:
– the importance of good moral character, appropriate training and just judgment of examiners,
– the lack of professional and ethical standards in the field,
– the obvious need and imperative from professional for codes of acceptable conducts

I think the idea of a two-days workshop on professional ethics is good, where people can share their experiences, the cases that they have to deal with, the associations that they need to contact or just the most updated information in the field that needs to know.
It should make it mandatory to participate in these workshop/ seminar to keep their current certifications.

I think ethics play a huge role in a lot of things that we do in digital forensics. However, before we can talk about how ethics I thought it would be good to define what ethics actually are. I looked on to the internet and tried to find a good definition for ethics however after some googling I was not able to find a definition that I liked, and deiced that piecing together a definition of my own with the information that I found would make a lot more sense. I found out that ethics have a lot to do with context and when you look at it in the realm of digital forensics it is a lot like morals. I think we look at ethics every day when preforming our job duties as a digital forensic analyst. You have to decide if pulling certain information is ethical. If withholding certain information from people like coworkers, family member, or the law is ethical. When you are preforming a wiretap you need to see how the ethics of the situation come into play and if it is OK and morale to be in that person’s life tracking them. I think if you understand the ethics that surround digital forensics you will have a lot better of a time preforming your job duties because it will keep you how of the sketchy gray areas.

The need of ethics in digital forensics become more important as investigation relates to collection of evidences to be produced in court and it can lead to the matter of life and death ,where a person can be charged free of all allegations or can be charged with prison or heavy fines

Explain where you think ethics plays a role in how we deal with digital forensics.

I think ethics plays important role in how we deal with digital forensics because forensics team has the privilege access to information systems and data in a company. Examiners will be exposed to trade secrets, data, confidential information. Some private parties may be willing to pay an attractive price to buy them. In addition, when examiners are investing a company, the company is willing to pay a lot to cover the evidence if they committed a crime. Examiners should be prepared to solve these dilemmas. Laws and regulations need to be placed in companies for examiners, however, they will not be enough to help examiners to make ethical decisions all the time. So, ethics trainings for the professions is necessary to perform in place. Examiners need to remind themselves at any time that they need to recognize, classify and manage ethical dilemmas and also respect boundaries and honor obligations.

Andres,

Interesting take on answering the question. I was able to follow your thought process and it made sense. Definitely gave me a new perspective on relating ethics to digital forensics. I agree, without ethics, we would not have digital forensics. However, after the readings and research it is clear that there is a lack of ethical standards in this field. Even though ethics defines what is and what is not “acceptable behavior,” which demands justice for the violation of ethics, there needs to be strong ethics within digital forensics in order to properly provide evidence in court that is suppose to support the justice.

Andres, very interesting approach to define key points for Ethics. It is obviously very important for criminal justice system to have ethical forensics to influence appropriate behavior and actions. An Examiner should keep very close attention to details when gathering evidence and finding an evidence. Any manipulations or misleadings would destroy case or even affect lives of people involved in the entire case.
So, in order to be ethical, forensics personnel not only have to be appropriately trained and educated, but they also must be naturally ethical, be of good moral and character.

Joseph, training is really important to keep up with proper forensics ethics. Certification is great way of validating skills and knowledge it the field of forensics. Also, I think it is critical for an examiner to have an amazing personality to apply rule of ethics; otherwise, if person is no kind and honest of him/herself then I believe there is no point of having any rules of ethics and standards. I think part of personnel assessment and training should include a certain level of psychological and behavioral testing to ensure that person who wants to become a truly ethical examiner is indeed capable of being ethical.

I think that ethics and digital forensics work hand in hand. As an individual on a forensics team you are allowed privileged access to the company’s data and systems. The goal of digital forensics is to collect, analyze, preserve, and present the findings to the company. If something is done unethically trust and possible laws could have been broken. Most companies have policies and guidelines in place when it comes to digital forensics that teams can use to better understand the environment. Finally, training could be used as a preventative measure for examiners when faced with ethical dilemmas in the field.

Joseph,

I think that the workshop is an excellent idea for digital forensics professionals. It gives guidelines as to what is expected and the most recent ethical standards in the field. It would also be a good idea if there was multiple workshop opportunities and if they were mandatory each year or every other quarter as a refresher on ethical procedures.

Ethics are at the core of digital forensics because if those conducting digital forensic investigations do not act in an ethical manner than none of the results they find can be trusted. The results of investigations can affect people’s lives and if the investigation is not done in an ethical way, and the wrong person is found guilty, it could ruin their lives. Digital forensics is not always used in such extreme circumstances but digital forensics professionals must still act in an ethical manner in everything they do. We won’t always like what we find while conducting an investigation, but we must present the facts as they are, even if we’d like them to be different, no matter what, or there was no point in the investigation in the first place.

Hello Larry/class- as we discussed in week 1, we have a fiduciary obligation to the costumer or client we are working for, and a binding contract that will keep us in line and out of trouble.

Ethics start from home habits, and most of them are reflected in many things we do daily. In my humble opinion, when a person or a company show symptoms of ethical slack, then bad things could happen. A good example to think about is that if you get in trouble and you would need a law firm to defend you, would you allow your attorney to be unethical? I know I wouldn’t.

Andres

I like how you broke down the definition of ethics into 3 key points and expanded on it. It is how the society perceives the action with will define if it is ethical or not. Someone from the Middle East or Asia might do something that we do not find ethical in our culture or business model however in their eyes it is total normal and fine to be able to do. I really think it is all about the environment around you and what the community perceives as ethical.

Digital forensic professionals, like Roberto state, has a judiciary duty to uphold the law in the way the collect, preserve, and analyze the evidence. Evidence collected may contain highly personal information, sensitive data, trade secrets, proprietary information, or things of national security, among others. All can have devastating affects if given to the wrong or even malicious actors. Along with their highly specialized skill set, digital forensics professional most also be ethical. Meaning that they should not tamper with the evidence, sell the evidence, or provide information about the evidence to an unauthorized party. Their actions must be within their boundaries and obligations, and should be carried out in good faith.

Great Post Andres,

As the other have stated, your approach is refreshing. I would like to extend your breakdown with the addition of moral, concerned with principles of right and wrong behavior and the goodness and badness of human character. We can probably agree that good ethics is good moral character. Believing that the actions that you’re taking is in good faith and is the right thing to do. The problem with that, like you already stated, is not everybody can agree on what is “good” and what is “bad.” It varies, from smallest element of society, the home, to a nation society. That is why every good organization will have a Code of Ethics or Ethical Business Practices, as a guideline to acceptable behavior. But isn’t it a little hypocritical to think that if a person follow the Code of Ethics, the are good morally even if they betray their own belief?

Ethics are required to adhere to in order to work in digital forensics. There is an inherent trust that investigators are collecting accurate evidence. A company is also entrusting you with access to multiple areas that usually require a separation of duties to be able to see more than one. If you violate ethics, your credibility in digital forensics is null. Part of your duty requires being able to submit truthful statements to law enforcement or courts. If you don’t have credibility you cannot do these aspects of the job.

Ethics in simple words defines as honesty, truthfulness but when we cover the field of business ethics according to which it is the honesty and truthfulness to comply with the law and professional norms .The ethics play a vital role in field of digital forensics as it maintains the credibility of organization and the profession both.
The forensic expert has to deal with lot of confidential information on day to day basis in investigations as a result the expert should only reveal such information as defined by the boundaries of information sharing
in the charter and legal document signed by him.The document may have a clause to identify all important information,document it and present it to the legal counsel or higher management.Then comes the role of ethics where forensic expert should not reveal any information apart from the identified persons .

Ruslan, as always, great stuff. I liked your mention of social media. It’s something that I didn’t even think of. I would take it a step further and say that as investigators we need our own set of rules involving social media. Someone investigating a case can’t go home and post “I can’t believe what ______ did on their work computer!” and then post details.

Andres, I like how you broke this question down into 3 definitions first. That’s a good approach to the question and it seems sort of in line with the approach of someone responding to an incident. Breaking down all the pieces of information before coming up with a full solution. I like it!

I think the most significant ethical dilemma involved with digital forensics is balancing the pursuit of justice with respect for people’s privacy. Many times, an investigation might accidentally involve innocent people. If this were the case, then investigating their data–some of which could be sensitive–could negatively impact data’s owner. In other cases, such as the situation from last year with Apple, exposing one person’s data might jeopardize the privacy of millions of others. In these cases, security professionals have to balance the pursuit of justice with the individual right to privacy.

There is a ransomware attack that is encrypting victims machines after tricking them by offering free access to Netflix on the website. In order to rid yourself of the attack you need to pay $100 worth of bitcoin.

I thought this was interesting because usually, at least in my reading, you see a story of ransomware targeting a machine that has more financial incentive for a successful attack. A device being used by a banker, a server at a hospital. They then charge a huge sum to get the data back (well over $100 like in this case). This is the first time I’ve read of ransomware specifically targeting small consumers like those watching Netflix who are probably doing so from their home PC which probably has valuable data to the person, but it’s not the kind of data that can get 6 figures in ransom.

http://www.darkreading.com/attacks-breaches/netflix-scam-spreads-ransomware/d/d-id/1328012?

Nice post, Darin! I agree with your point about interesting shift for attacking small less valuable targets versus chasing a “big fish” for more ransom. My input on this thought would be….what if attacking larger number of less secured targets would get more profits to malicious hackers rather than trying to attack more profitable highly secured targets with less chance to actually exploit them!? Maybe this is one of reasons malicious hackers are making a paradigm shift.

St. Jude Medical Patches Cardiac Machine’s Cybersecurity Flaw

St. Jude Medical recently started deploying software to help protect its remote monitoring system for implantable pacemaker and defibrillator devices. It came out that its product, Merlin@home transmitter, contained vulnerabilities. The product collects data and sends it to the physician over the Merlin.Net Patient Care Network via a landline, cellular, or Internet connection. The article explained that the healthcare industry is a target for hackers, but the risk of anyone tampering with the devices is low. However, if the device is vulnerable, the risk of an attack is high and results can be fatal. There is potential for a hacker to use these devices (like a pacemaker) as leverage against someone to get access to their financials.

This article was quite intriguing and created another perspective on cybersecurity for me. My first thought on cyber-attack targets are banks, large department stores (Target), healthcare companies (customer information), the government, so the “norm” for hackers. To look at it from a healthcare industry perspective, but their products specifically is something new to me. It makes sense that if “body-interfacing IoT devices” are vulnerable, they can easily be hacked. However, I believe this is quite extreme though because getting access into a body-interfacing device can have fatal consequences. There may have to be something severely wrong with someone to use these devices as leverage to access another’s financials.

http://www.technewsworld.com/story/84219.html

Elizabeth, great article! The fact that tampering with Bio-IoT devices pose life threatening situation is really serious concern. It is one thing when hackers get advantage of financial landmark and gain money, but if hackers can potentially exploit vulnerability in IoT devices, and I am sure they will at some point, then it really bring a huge concern on how to protect human lives from such danger. I guess, Bio-IoT device must at least transmit data in encrypted format with strong authentication and non-repudiation mechanism.

As mentioned by you its difficult to prosecute and collect evidences in the case of international cyber crimes.
As of now there is still no strong international charter available which defines procedures,support for investigation in such cyber crimes. A russian backed treaty in UN was rejected in 2010 due to differences between developing and developed countries on law.There do exits charters of G8 and UN which define dealing with cyber crime but they are not substantial to tackle growing interstate cyber crime.As you mention in the above case the Russia will keep asking for legitimate evidence and the farthest step US can take is to take the case to international court and get some sanctions imposed of Russia which although Russia is still facing.

Its very important for healthcare industry to revamp their security considerations.In present times any medical device on the network could be a probable target of hackers.When we hear about healthcare industry most of the security policies deal with protecting the patients PHI .But series of attack on iOT devices clearly proves that if healthcare devices are attacked they could probably risk the life of patients which is more dangerous than hacking of cameras and internet-TV.

There can be a cheaper solution .Most of the home PC users should probably keep some of their sensitive data backed in the cloud .Most of the cloud service providers provide some GB space as free of cost .In case the home PC is compromised users have their data backed up as most of the cases of ransomware you dont have 100% surety to get back the data even the hacker is being paid off .

The University of Geneva has a system that I found good to share and can prevent a problem that Temple faced with the hacking in the article. PCs for students have a blank new OS image at each reboot!

Relate to the article, I read in the database legislation of the United States under section 1030, (Fraud and related activity in connection with computers) that describes the Crimes and Criminal Procedure against the government computers, which can be passable of imprisonment up to 20 years (subparagraphs E) or life (subparagraph F).

Ruslan, very interesting posting about Russian hackers and Vaihab about international cyber crimes.

I wonder how often and under what circumstances violations of the laws you quoted are prosecuted. I’ve worked around government computers for more than half a decade and was unaware of those laws!

5 Cybersecurity Lessons Learned from the Super Bowl

Rag Harnish, a contributor for Security Magazine.com talks about the security around 3rd party vendors and the risks imposed when they are not secured on their end, making you vulnerable and easy to be attacked.

In my short experience with 3rd party vendors I have learned that new vendors push their way in to do business with you or your company, but often forget to assess their company and the security levels to avoid a disaster.

For new vendors, I suggest you and your organization have a robust process on on-boarding vendors. It starts with procurement to begin a relationship with the vendor. Some of the tools that will make things easy for both parties is a network request, a legal agreement, a cyber security assessment, and an enforcing team that will keep things in place.

For existing vendors, it’s safe to say that they do need a reassessment at least once a year, just to give you visibility in risk and how things can get better from the security perspective.

Also, if your organization is big, work with your legal, network, perimeter defense, network architecture, compliance and local IT to better understand the situation and provide a better customer experience.

http://www.securitymagazine.com/articles/87777-cybersecurity-lessons-learned-from-the-super-bowl

“Hacker Dumps iOS Cracking Tools Allegedly Stolen from Cellebrite”

Cellebrite is an Israeli firm that focuses on aided law enforcement in extracting information from phones they obtain. They specialize in creating an all-in-one solution device that law enforcement can physically attach to a phone no matter what model. It is capable of exploiting flaws in older versions of android, blackberry and iOS. Recently they were the victims of a hacker who took over 900GB of data which has now begun to leak onto the internet. He was able to get into a remote server that had a lot of files and backup images of the cracking software they sell. The hacker has been vocal with news sites when asked questions. In his opinion, he sees society moving to more authoritarian regimes and that when backdoors are created they eventually will get released no matter the intention. This appears to be referencing the debate over whether Apple should crack their own software for the San Bernadino terrorist. The argument is that even when a tool is created to stop crime that it will end up in the wrong hands eventually and may cause more damage than the good it does.
Cellebrite’s initial response to the hack was claiming that only basic customer contact information was taken but which no longer seems to be what happened. Cellebrite says that their software has helped law enforcement in multiple cases with crimes such as drugs, murder, and child trafficking.
The tools released show that Cellebrite was also modifying some public phone solutions for their forensic purposes. Some code looks similar to that of the famous iPhone jailbreaker, GeoHot. Cellebrite does create their own cracks for the latest versions of iPhone software and these methods are supposed to never leave the company unlike the code the hacker was able to get into.

https://motherboard.vice.com/en_us/article/hacker-dumps-ios-cracking-tools-allegedly-stolen-from-cellebrite

Email Is Forever – and It’s Not Private

A very interesting article that I found talking about how safe your private emails really are. I thought it was interesting because we have been talking about discovery in class and emails maybe one of the things we are going to have to collect for someone for a some reason. They discuss how insecure of a way to communicate it is. They also explain that people become exposed cause they open themselves up to short cuts and could cause a major leak of information because of this.

Source: http://www.securityweek.com/email-forever-and-its-not-private

Really Interesting article! I think of it this way. They could make more money if they attack the random Joe Shmoe because if they attack 1000 of them vs 100 high value targets the changes are might greater in their favor. A lot of higher value targets have solution in place to counter act this where a random end user does not. So it can collect $100 over and over again fairly easily

I could not agree with both of you more. This article definitely made me scratch my head and take some time to think about it. The life of a patient is definitely more dangerous than hacking other systems. Like Roberto said, the health industry definitely needs to take some courses on cyber security and ensure the information is safe, but most importantly, so are the patients.

Good article pick due to how much people utilize email these days and the risks it can bring. In the article, it mentioned about the lack of cyber awareness from people, which I could not agree more with. It reminded me that at work before an employee sends an email, a message comes up and you have to click if the email should be labeled as containing international information, company proprietary information, etc. This message pop up I think can be beneficial because it might make a person double think what they are sending and if it is okay to send over email. It also informs the receiver what type of information they are receiving and email message contains a warning about disclosing any company data.

A hospital in Virginia had over 5000 patient records stolen in a data breach. Vascular and thoracic patients from 2012 to 2015 had their records stolen from a third party vendor. The information includes patient names, social security numbers, and procedure information. The breach was discovered in November 2016 and the hospital has now sent out written notice to affective patients. The vendor says they are enhancing their security after the breach and the hospital says they are working with law enforcement and a cyber security firm to investigate. This incident highlights the importance of vendor management and the risks organizations open themselves up to when allowing third parties access to their systems and data.

5,000+ Sentara Healthcare patient records involved in security breach

Really appreciate all the comments everyone. I am new to cyber so it helps reading your thoughts related to international cyber crime, which I am not very knowledgeable in. With the constant increase in cyber attacks and I am sure it will continue to increase since we live in a technical world, I am wondering when a strong, reliable international charter regarding cyber crimes will be addressed and put in place. There is always discussions about Russia and China cyber attacking the US and I am sure other countries are being hit as well. The problem will only continue to get worse, then again, I am not that familiar to know how difficult it might be to develop a strong charter and implement it.

This is a really interesting article I think everyone needs to be aware of. Tim Cook said last year when the the FBI was trying to get into the iPhone 5C that he would not make this software because he was scared of what would happen if this was released into the world. Now that it is released into the world, i am curious to see what happens. If this does get into the wrong hands I could not even imagine what people would be capable of.

A lot of school use software like deepfreeze, where upon reboot it will re image the computer. It makes it annoying if you saved something locally then forgot but from a security standpoint if anything goes wrong you can just reboot the machine and it should fix the problem.

I was a freshman when the grade hacking incident happened here at Temple. I remember several professors, including my intro to MIS professor, giving lectures about academic dishonesty and how the hack took so much more effort than just actually doing the course work. My MIS professor was particularly disappointed because with that kind of skill the student could have had a bright future as an IT or security professional and instead decided to use his knowledge for evil.

The situation at Temple is apparently also not that uncommon of an occurrence. I can’t say I’m surprised, since students have always come up with new and inventive ways to cheat. I found a few more incidents that occurred around the same time as the Temple incident, many of which used the same key logger hack that the Temple student utilized. The key to remember here is that all of these students go caught. Some of the students changed Bs to As, so it isn’t just the fact that Fs get scrutinized more that lead to the Temple student getting caught.

http://www.usatoday.com/story/tech/2013/06/14/purdue-university-grade-hacking/2423863/

This is part of why the San Bernardino iPhone case was so terrifying to me and why I think it is important for tech companies to not build in back doors for law enforcement. I want people who do bad things to get caught and justice to be served, but I think that the risk of these back doors being exploited by the people who do bad things far outweighs the benefit to law enforcement. I think it is more of a when than an if that the back doors would be exploited. I think that these back doors will be found in multiple ways, including that criminals constantly looking for back doors to exploit, so it is possible they will find the built in back door for law enforcement in their normal search for vulnerabilities. Also, as we have seen multiple times over the last few years, the US government has terrible cyber security. If they have knowledge of these back doors, the hackers will find where that knowledge is stored and take it. I honestly don’t think it would even be that hard for an attacker to find the back doors once they know one exists for law enforcement and where to look.

The security risks that come from engaging third parties are, in my opinion, ones that companies routinely handle badly, but managing them should be one of the companies highest priorities. Organizations tend to think when they outsource a function, they are also outsourcing the risks associated with that function, when it is actually the opposite of this. There are now more risks associated with that function and they have now become harder to manage. Some of the most high profile breaches we’ve seen over the last few years have occurred partially as a result of the organization’s failure to manage vendor risk. The Target breach is a classic example of this. The hacker didn’t go right for Target’s systems. They attacked Target’s HVAC vendor, and then used the legitimate access that the HVAC vendor had to Target’s systems to perpetrate the attack. Organizations need to have robust vendor risk management programs to understand and manage the risks that come with engaging third parties. They need to know all third parties they engage, what access each third party has to the organization’s systems or data, and what security is in place for each of these vendors.

Its really a great article and even I had less knowledge on 3rd party vendors security procedures.I think 2 things can play an important role as per your suggestions-
1)A charter or SLA should be signed by the 3rd party vendor before going into the business and the charter should cover all security boundaries where the vendor accepts to follow them along with periodic assessment In case of a security breach the organization has the right to sue the company to recover damages.
2)Minimize the level of exposure of your systems to vendor only share the data and systems which is required by the vendor

I think this highlights a massive issue that we’re going to have to face as a connected world and on a smaller level we need to figure this out as a county. Much like our lack of charter among countries, we also have a maze of different laws and regulations from state to state in the United States which complicates things. It’s going to start to become an economic burden for multi national and multi state organizations who are forced to comply with such a wide range of regulations.

Very interesting article Darin,

The major problem, as other have mentioned, is the users. They want free stuff, like who really wants to pay $10 month, to watch TV shows and movies. And most times, they will simply do a google search to see if they can find it for free online, but it is not without risk. Downloading and using anything from illegitimate sources has risks and really shouldn’t be done. Most virus protection will warn you of key generators and the such, but people will just turn it off to try to use it anyway. The creator of this faux Netflix knows this and is exploiting it.

Supposed to be a separate article.

Makes sense. This is a good example of the “path of least resistance”. Small fish are much more likely to have much less resiliency than a larger corporation and the extortion prices are “affordable’ if something is at risk of losing all their media.

I can hear the cries of “Free market! free market! free market!” but I agree. There needs to be some teeth in the consequences on not taking quick action to address vulnerabilities such as the one Elizabeth highlights.

How Hackable Is In-Flight Wi-Fi? We’re About to Find Out

Public Wi-Fi is always a vulnerability that exposes to hackers. Free Wi-Fi at airports, restaurants, coffee shops are available for everyone. If you connect with a fake Wi-Fi that was created by hacker, your information will leak immediately.
In the news, they did an experiment. The cybersecurity experts set up an unauthorized insecure Wi-Fi at the airport, and called airport Wi-Fi. Within a minute, 15 travelers logged on without noticing it’s an unsecure Wi-Fi. Also, charging stations are also targets of hackers. It called juick jacking. When you plug in a USB port, a pop-up prompt will ask if you trust the device. Most people will simply choose trust, if the port was controlled by a hacker, you will lose your data on the phone.
Here are some advices to protect yourself:
1. Don’t charge in a USB port, use a plug
2. Be wary of pop-up prompts
3. Be skeptical of generic network names
4. Use a virtual private network

Link: http://www.nbcnews.com/tech/security/how-hackable-flight-wi-fi-we-re-about-find-out-n699251

I’ve heard it said by more than a few people that many c-suite and board members in certain businesses simply no longer use email for anything other than rote clerical and scheduling function. The fact is that anything sensitive or incriminating written in a email can be reconstructed/leaked or stolen. When this risk is catastrophic to an individual or business, meeting face-to-face or calling with a burner phone is harder to prove.

“How to make 60,000 printers print whatever you want”

This is a cool article on how to exploit a lesser-known and often unsecured port that allows you to own networked printers.

How to make 60,000 printers print whatever you want

Nice comment on the news, Amanda,

I didn’t remember the incident, but I think every professior talks about academic dishonesty at the beginning of classes. But still students can come up with different ways to cheat. I felt cheating was useless because one day you have to work in the society, there is no chance to cheat. Also, even if you have a 4.0 GPA, you don’t know any skills, you still can not find a decent job in the future.

I read an article that summarized an interview with a hacker who was responsible for hacking Freedom Hosting II, a hosting provider that drives about 20% of sites on the dark web. The article touches on the hacker’s process for this attack, but doesn’t actually list the twenty-some steps he took. Originally the hacker intended to just look around, but after discovering a bunch of child pornography, he decided to shut the sites hosted by Freedom Hosting down. The hacker intends to hand over the process and records of the files to a professional so that justice can be served.

Article: https://motherboard.vice.com/en_us/article/talking-to-the-hacker-who-took-down-a-fifth-of-the-dark-web

I think part of why the students get caught is because its so easy to connect the dots that if one student’s grades are changing, the perpetrator is probably that student. It’s kind of comical to think about. Another thing that these hackers should keep in mind is that the digital records of their grades are very rarely the only copy of the grades which makes identifying disparities a simple matter. Overall, I think the risk to reward ratio for changing the grades seems a little off and I have to agree that just doing the work in the first place would have been much easier.

Anthony, nice article! This is great example as proof of consequences when company does not have appropriate security access controls, services and protocols monitoring and alerting. However, in this case, given inappropriate site’s content, hacker did a great job revealing the truth and having court of law to apply all required prosecutions.
Besides, in case if anyone was watching, there is also a TV show called “Mr. Robot”, where Elliot hacked one caffe shop where owner was involved in child pornography abuse. Hacker called police and had man arrested for further prosecution to the full extent of law. So, this is just similar example of “good-will” hackers.

I think that government regulation would serve as a temporary solution, but I think it fails to address the underlying issue; the need for ubiquitous cyber security awareness. Regulating the problem away keeps consumers in the dark regarding the importance of cyber security and postpones awareness. Once awareness develops, then the market will recognize the importance of secure internet of things devices and demand them which in turn will require manufactures to develop more secure devices. However, I could see the legitimacy of legislation for specific industries, such as healthcare, due to the high risk nature of the application of IoT devices.

I found an article that discusses the Super Bowl from a cyber security perspective. It focuses on how the NFL uses risk management to protect 73,000 ticket holders from a cyber attack using tools of mitigation. The article looks at preparing for the worst by looking at the threat horizon that make sure that the staff is skilled in security incident and event management. Secondly, implementing pre-emptive planning which involves identifying risks and ways to monitor and prioritize threats. Finally, understanding the human factor that the staff can be targets. Having policies in place that help with bring your own devices and treating people to identify phishing threats.

Reference:
http://www.forbes.com/sites/centurylink/2017/01/26/4-tips-for-securely-accepting-payments/#7a33963b1c68

Mengxue,

I enjoyed your analysis on the article. I think it is important for the public should be aware of the increasing threat to private information from technology. It makes sense that hackers would use different wifi connections to take personal information. Knowing that there is a threat makes it easier to protect yourself against it.

Jonathan,

I found your article very interesting. Normally when I hit the delete button I just assume that the content is gone and I no longer have to think about the information that the email contained. I think that it makes more sense that it is an insecure way to communicate since it would be easy for hackers to learn a ton information about a person based on the content of the emails.

It is good when industries recognize that they need to increase their security overall. The super bowl attracks many people and with that would be attackers as well. Respecting the human element of possible breaches is one of the most important rules.

Very good article which explains what is in my opinion the main method that malicious hackers attack the public. I also thought it was interesting that Gogo is inviting hackers to test their network and report vulnerabilities for reward. I believe this will be an effective way to improve the security of public wifi – this method would be similar to the hardening of open source software through community involvement. I feel that this new attitude towards network security which allows feedback from hackers to improve security will prove beneficial in the long run.

I actually looked at an article last year which talked about No More Ransom and it’s attempt to provide tools to the public to defend themselves against ransomware attacks. It’s good to see that the project has progressed and there are now several tools available. It is important for every cyber security professional to be aware of these tools and how they work as ransomware attacks become more prevalent in the industry.

Joseph great comment. I wonder if this is something that Temple is starting to do on select PCs. I’ve noticed that Windows 10 machines in Alter common areas always give me the “setting up this PC” prompt as soon as I log in.

If they’re giving a fresh image on every reboot what sort of challenges would a forensics expert face if they need to recover information from a machine used in a malicious act?

What’s also interesting about this article is the statement on how the Fed usually handles these types of dark web sites. In the article it states that the hackers good intentions may make it harder for the Fed to track down individual users since they normally infiltrate the site and inject malware on user’s systems while the site is still active. This being said I still applaud the actions of this hacker and the fact that he chose to make the methods he used to infiltrate the site available to the public.

Roberto,

I really like the advice you give to hover over links and read the destination and do a Google search of the destination. Following this step will mitigate against a large portion of malicious links and downloads. The most important step is being aware that one click is all it takes for a system to become infected.

Roberto I thought this was a great article and a fun take on cyber security. I thought the most important one to remember is that it’s a people game. At the root of every cyber attack or vulnerability is a human element. A computer doesn’t decide to do evil things, a person tells it to act that way. A system is vulnerable because a person can find a way to exploit it. I think the human element is so huge.

Great post Jonathan. Generally the rule of thumb I’ve operated under is that if I don’t want to see it on the front page of Philly.com I shouldn’t hit send in the first place. I wonder if we will ever go back to physical paper communication for incredibly sensitive communication without an urgency of delivery time. We as professionals entering the cyber world don’t want that to happen, but I wonder if we will ever reverse direction in some cases.

This is great, Andres. One more example of how important it is to block ports that aren’t being used or aren’t necessary. It looks like the port in question is only used for administrative purposes and could probably be closed without any major impact on end user functionality.

Great post Samantha. I think one of the most telling things about this was that 30% of businesses survey either aren’t in compliance or are unsure of the compliance with PCI standards. That’s incredibly scary.

Organizational forensics is the application of forensics (most typically digital forensics) to the intersection of an organization’s information systems, ethical policies and legal compliance.

I spent a fair amount of time coming to grips with the fact that a lot of “stuff” can fall under the label of “organizational forensics”. I broke it down in the following ways.

1. Definition of organization’s ethics via policies and standards

Ideally, an organization “stands for something” and has a defined set of ethics. For example, check out this Starbuck’s page: https://www.starbucks.com/about-us/company-information/business-ethics-and-compliance

2. Identification of applicable laws (compliance) governing business practices

HIPAA (Health Insurance Portability and Accountability Act of 1996) is a good example of law that applies industry-wide. In this case, any organization that has business in the field of Health must comply with HIPAA requirements.

3. Establishment of metrics and artifacts that support the above two requirements

Once an organization has defined its ethical worldview and identified legal/regulatory requirements, it must be able to measure and prove their adherence and compliance. I work for the federal government, so I am required to receive training about sexual harassment. This is dictated by the Department of Defense (and no doubt higher, such as Title VII of the Civil Rights Act)

4. Definition of procedures to handle violations of ethics and compliance requirements

Say that I violate Espionage Act of 1917 by leaking classified information to another country. What is supposed to happen to me? What punitive measures am I facing? How long is it going to take?

5. Identification of the people responsible in carrying out the previously defined procedures

Who is responsible for taking action against me if I violate a policy and/or law?

I’m going to agree with Andres and his high level definition of organizational forensics. I think where organizational and digital forensics differ is that the organizational side is more the policies and procedures that need to be followed and the regulations that the business is placed under. Digital forensics is the evidence gathering to support a claim made about compliance with one of those policies or regulations. I think that they go hand in hand.
Through the entire process the forensics investigators need to apply a strict adherence to the chain of custody and all guidance involving how to collect, analyze, and store evidence in a way that it can still be submitted in court. Without compliance, an investigator could end up with a great case against a criminal, but be unable to prove it in a court of law.

Forensics is the process of using scientific knowledge for collecting,analyzing, and presenting evidence to the courts.Forensics deal with more of the post crime scene.When we add word digital to it then digital forensic analysts follow crime footprints to investigate incidents and track activities in the electronic and cyber domain.Digital forensics also deal with creating an infrastructure and environment where it preserves the integrity of the evidence collected so it can be used effectively in a legal case.
An example for such case is that forensics not only deal with collection of audit logs after the crime but also deals with analyzing whether the logs are not being altered by hacker to destroy the evidence so that the integrity of evidence is maintained in the court
The legal aspects of digital forensics are very important and every country has its own laws and regulation and when we work for clients from different countries we need to have legal counsel who can give an insight on the legal rules and regulation we have to face. The United States Constitution has The Fourth Amendment which allows for protection against unreasonable search and seizure, and the Fifth Amendment
allows for protection against self-incrimination.Violation of any of them during the practice of computer forensics could be a crime.We also need to have a written permission or agreement from the owners who are demanding for use of forensic practices which has implicit clauses of the boundaries around which investigation can be carried .

https://www.us-cert.gov/sites/default/files/publications/forensics.pdf

If I was slated with the task to write a Wikipedia page for Organizational Forensics, like most Wikipedia pages I would start with a brief overview of the topic that way users can know what it is about. I would take the definition about forensics and then the definition of organization and mold them together into a definition that would explain what I mean when I say organizational forensics. I think it would say something along the lines of:
Organization forensics is using tests and techniques to gather information from within an organization to piece together and solve a crime that may have transpired. When people think forensics, they think of dusting for finger prints and looking at ballistic data from a gun however within an organization there are many other things that could be captured and/or documented and used as evidence within the company. Organizational Forensics will look at computers, networks, cameras, mobile devices, email and cloud repositories to name a few things that could be captured, analyzed and used against someone in litigation. A lot of the log files that are created on a day to day basis that most people don’t even know about are a treasure trove of information for an investigator. The Organizational forensic encompasses multiple different resources, departments, talents and abilities in order to complete a single task, to solve a puzzle of if a person is innocent or guilty and then finding the information/data or confirm or deny that claim.

Andres,

I like how you broke down everything into 5 different groups. And I do agree with you that a lot of “stuff” can fall under Organizational Forensic. It is a very broad term that encompasses multiple different things

Darin,

I agree that organizational forensics is more political because encompasses the whole organization. You need to know proper procedure and how to deal with the different departments properly to gather the information you need in a timely manner. I also agree that chain of custody is important. If the chain of custody of evidence is lost then a case could be thrown out over something silly.

Darin, I definitely agree about critical importance of chain-of-custody. I remember dealing with a Subpoena issued by Department of Justice for one of companies I worked for in the past, and that is where I was fully responsible for identifying and preserving requested evidence and making sure a chain-of-custody is kept consistent. For this purpose I was using FTK tools to collect data into an encrypted hard drive with Write-Blocker mode to ensure entire data and all time-stamps are kept intact as that is the only way to be sure that collected evidence is accepted at a court of law.

This is kind of tangentially related to this topic, but it is the first thing I thought of when I read the question, I tried to find a case where someone used digital forensics on wikipedia. I could not find such a case, but I will explain where this thought came from. Anyone can edit wikipedia, and there are many pages on there for people, and sometimes those pages get edited in a way that is not true and unfavorable. (See: The invertebrate page was edited yesterday to include a picture of Paul Ryan, implying he has no spine for not standing up to Trump http://nymag.com/selectall/2017/01/wikipedia-invertebrate-page-edited-to-include-paul-ryan.html) My thought here is if something like this, but probably a bit more extreme than the Paul Ryan example, would be covered under libel laws. Say someone edited a page to say a famous actor was something terrible, and the actor could prove that that page edit led to them suffering damages, would the actor be able to sue the person who edited the page? My thought is yes, because things journalists write can be used to sue them, so I don’t see why editing a wikipedia page would be different. But, since wikipedia can be edited by anyone, it may not be the easiest to figure out who made the edit. They would have to get wikipedia to investigate it. If the person didn’t use their real name when setting up the account, they may need to look into the IP address that made the post. All of this would need to be done using sound digital forensic techniques so it could be admissible in court.

Ruslan,
I agree with all points you have made, but I think it is important to add that not all forensics investigations have to involve law enforcement. Knowing when to involve law enforcement is important, and that companies should have a policy for this. However, some investigations involve things that are against company policy, but not necessarily illegal. The investigation should be similar, in that preserving integrity of the evidence is important is still important even if the act found wasn’t illegal. An employee could attempt to sue the organization for wrongful termination, which could then land the evidence found in a court of law after the investigation is over, without the organization involving law enforcement. Thus, if the integrity of the evidence is not compromised, the organization could present it as proof, and show that it was against policy and directly resulted in the termination, and therefore the termination was not wrongful.

Hello Jonathan- you actually broke down an easy way for other to understand what organizational forensics is and does. As a Wiki page developer I think you have the correct idea on what should be posted, in order to provide other users the proper information on what they are looking for.

Many Wiki pages, wither internal or external to an organization have all the tools and application available to users, so the page is a one-stop shop deal.

Forensics is the practice of applying science to investigations. Organizational forensics is applying this scientific investigation style within an organization such as a company or government agency. In modern times, digital forensics is heavily involved in organizational forensics. This is because much of what organizations do is now heavily tied to technology. Digital forensics is using scientific investigation to examine technology, such as computers.
Organizational forensics starts with development of policies and rules for how investigations will be carried out. Investigations should require authorization from someone at an appropriately high level prior to beginning their investigation. There should also be policies for how to preserve evidence so that, if required, it would be admissible in court. There should also be a determination of when the authorities need to be called to join the investigation. Finally, there should be policies on how to report findings, and who to report findings to.

The internet’s definition of organizational forensics is “the investigation of a business structures or components that are not functioning as intended, causing negative impact to business results”, however to define forensics, we need to understating that is a collection , preservation, analysis, and presentation of digital evidence which is admissible in a court of law. Forensics is also usable for internal disciplinary hearings, and data is to support internal incident reports as to assist or furthering other investigations.

My Wiki page will have this definition, along with links where to find information about the organization, whether an internal or external use, I would point users to the right direction for a more efficient result.

Last, I would provide a list of hierarchical individuals in an organization, or a chain of command chart for a better understanding of different areas, departments and senior leadership involve in a legal and technical situation for forensic purposes.

If you were tasked to write the Wikipedia page for Organizational Forensics what would it say?

Forensic Science is defined as the scientific method of gathering and examining for the purpose of presenting in court. Organizational Forensics is the use of forensics, mainly digital forensics, within companies to help preserve the company’s information and protect its data (information systems) while adhering to the organization’s policies and standards of compliance.

Digital Forensics is the collection, examination, analysis, and reporting of digital evidence (computer crime date) that is admissible in a court of law. There are different areas of digital forensics an organization can apply: network forensics, computer forensics, forensic animation, forensic watermark, software, forensics, etc. Sources of digital evidence could be hard disks, email, server content, audit log files, etc.

If an organization is in the situation to present digital evidence in the court of law, it is important that the company adheres to its policies, procedures, and guidelines that address the use of the forensic process. Depending on the situation of the company, there are country/region specific laws, international standards, guidelines for ensuring corporate forensic readiness, compliance with local laws and regulations, or industry specific requirements the company must comply with. It is very critical for the organization to adhere to all policies, standards, and guidelines for collecting, preserving, analyzing, and presenting the digital evidence. Otherwise, the evidence will be dismissed in court.

Andres,

I really like your approach to answering this question. You took the route on explaining more about the polices, procedures, and laws, which was quite different than some of our other classmates. The examples to each piece was very helpful in understanding in your definition. The ethical policies and legal compliance definitely plays a major role in organizational forensics.

Amanda,

I like how you indirectly pointed out how forensics has changed over time. Today, digital forensics is heavily used because we live in a “digital” world and technology is involved in our everyday lives, including organizations that strongly rely on technology to be successful.

Jonathan,

I completely agree with Roberto’s reply. I believe you broke down the use of forensics by an organization very well and understandable for someone who may not be familiar with the term. The only thing I would briefly mention are the policies, procedures, requirements, etc. that an organization has to strictly adhere to, especially if they are to present the evidence in court.

Joseph,

Interesting approach in answering the wiki question by stating all the organizations that are strongly associated with digital forensics. I have to agree with Ruslan about how it is quite fascinating how forensics is applied by many organizations throughout the country, but also internationally. It also makes sense because we are surrounded by technology everyday and companies or organizations are experiencing some type of cyber attack by the second.

Andres, great explanation of organizational forensics from ethics and policies stand point. It looks like the logic of this example is somewhat similar to a concept of Audit process. So, I believe Forensics in this context would be going beyond the audit in a sense that it involves searching for evidence that might be used in a court of law. Do you think Forensics and Audit could be compared to a certain extent?

Great point, Amanda! Thanks for bringing this up. I agree that some investigations don’t need to involve law enforcement into the process. I believe it would make sense to bring law enforcement in case of criminal investigations and computer crimes; however, certain policy violations could be resolved internally by the organizations assuming procedures and policies are followed.

Ruslan thanks for mentioning several tools that are helpful with forensics. I’m hoping we can learn a few of these in class.

Roberto I like your idea about the leadership chart/chain of command. I think sometimes it’s easy for us to get lost in the policies and the investigative tools and forget the fact that there are humans behind all of this who need to be communicated with and considered.

Roberto, your statement about negative impact to business results is great example of necessity for organization to have sounds computer forensics practices to ensure information systems integrity and defense-in-depth security strategy. Of course, this level of integrity can be achieved by thorough understanding not only technical, but legal aspects as well. This way, should there be a prosecution, an organization will be able to provide adequate evidence and solve the case.

Roberto,

I like your idea of the org chart for an organization. Since every organization will of course be different it can be a generalized chart to show the flow of power through a company. This could help a user if they need a specific piece of data, by knowing how to ask

Darin,

I don’t know if I remember correctly, but the Professor mentioned that not all “evidence” will require the same amount of control when we talk about chain of custody. Not all evidence is the “murder weapon.” For example, for a murder case recovering the murder weapon and having strict chain of custody is of more importance then recovering an email that shows intent. The email did not murder the person, but the knife did. Showing intent is great, but having DNA with it being altered or compromised is of greater concern.

Bilaal,
My definition of organization forensics is very different than yours, but I tend to agree with you more. In today’s business environment, every organization needs to anticipate and be prepared to respond to breach, or provide digital evidence if requested. Whether it’s to prosecute or defend, having a forensics policy, process, and structure in place will make them more effective in delivering the required evidence, saving time, money and resources.

According to US-Cert.gov, “Forensics is the process of using scientific knowledge for collecting, analyzing, and presenting evidence to the courts.” It is the act of recovering and analyzing latent evidence; fingerprints at a crime scene, files on a hard drive, or evidence in digital formats. Organizational Forensics is collecting and analyzing business structures or components that are not functioning as intended (Transitions for Business, 2017). Organizational forensics is not limited to presenting the findings in a court of law, although preserving its integrity is a must, it is used to draw upon deeper seeded problems within the organization. It examines the organization culture, values, strategy, goals, processes, systems, and resources to find each area contributes to the problem.

In my opinion, when data is compromised by a breach, it’s not just the security controls or lack of that is the problem. It looks of the culture of the organization; how do they perceive cyber threats, how does their strategy and goals align with the security efforts and vice versa. Computer forensic, to identify, collect, preserve, and analyze data is a way that preserves integrity to present in a court of law, is just a subcategory or organizational forensics.

Transitions For Business. (2017, January 29). Discover powerful business solutions from within using Organizational Forensics. Retrieved from Transitions for Business: http://www.transitionsforbusiness.com/organizational-forensics-is-the-investigation-of-business-structures-or-components-that-are-not-functioning-as-intended-causing-negative-impact-to-business-results.html

Amanda,

I like the structure that you laid out on how organizational forensics should be conducted. Without structure, policies, and rules it would prove difficult to recover the required evidence. Things such as log monitoring or backups could be inadvertently mishandled; people deleting log files, backups are not performed periodically. Having policies in place provides for a means of consequences.

Loi,

I agree that the culture of an organization plays a significant role in how cyber threats are handled. Organizations who include cyber security in their business culture will be more likely to create policies and procedures that will allow for effective reaponse should a threat or attack arise. These organizations will more more likely to have IDS/IPS in place, adequate logs available, amd policies that will allow the use of digital forensic investigation without being hindered by privacy laws.

Great post, Amanda!
I totally agree that digital forensics is heavily used in organization forensics because of technologies. It should be easier to find criminals than science forensics since computer footprints are easier to track than physical footprints. Also, there are policies and regulations in a company and the country.

I really like your answer! Jonathan.
It is very easy to understand and short to read. I would recommend to emphasis the use of laws. But other than the legal use, I think you did a very good job on describing organization forensics.

Anyone can sue anyone for anything if they have enough money and lawyers. If you are editing something that is used as a source for people, you cannot use personal opinion as a defense. You also probably cannot use the truth as the defense as you have nothing sourcing your claim. I think this is why wikipedians revert even small changes because the edits need to have sources to last. I think it is still very hard to get someone in court over just their IP address as there have been some cases where the judge has said that it is not unique information to identify a defendant with.

I think this was an interesting way to answer the question. It shows that there is a lot of support even internationally for digital forensics. It is also important to note that the groups are able to talk with each other and share their techniques and information to keep improving in the field. Sometimes they will consult with another on big issues or hold a conference to enable free flowing ideas.

Roberto,

I like the outline for your wikipedia article. I agree with Jonathan that the org chart for an organization makes sense when employees would need to figure out who to talk to about specific forensic matters. In addition, I think it would help those investigating an instance so they would know who to contact to get information.

Andres,

Your article was very easy to follow and to understand on the way you broke down organizational forensics into different subsets. I agree with you that the lines are blurred when it come down to understanding who is in charge of mandating organizational policy. In my opinion all organizations should have a standardized method that employees should follow when it comes down to digital forensics.

I like the analog metaphor used for digital forensics in your explanation. I am just not certain on whether or not forensics determine innocence. It seems more that it determines exactly what happened and it is up for a court to determine the other half of the information. Intent is a hard thing to find in digital forensics as people sometimes press a key by accident or on purpose. There are times where it can be clear when a user is in a system that they certainly know they shouldn’t.

Organizational forensics makes use of the scientific method of gathering and understanding information as well as data about a company which helps to identify what is working properly for the company and what is not. Much like traditional forensics, organizational forensics uses information from the past to understand an incident that needs to be investigated.

Digital forensics works hand in hand with organizational forensic science to aid the evidence collection process. This science works to preserve, collect, validate, and document digital evidence that so that it can in turn be used in the court of law to prove or anticipate criminal or unsanctioned activity. Digital Forensics can be classified into different subsets: traditional digital forensics, network forensics, and mobile, handheld, and embedded forensics. Since the digital landscape is always changing it is difficult to have best practices when there could be a standard but the technology evolves. When a company is looking for a plan of action when it comes to digital forensics it is important to have a standardized means of testing the data, having it reviewed, looking for errors, and looking at privacy as well as compliance matters.

For a company to be successful it will need to have a standardized way across the organization of handling forensics matters. By putting proper protocols and policies in place that are in line with industry standards information and data collected will be analyzed and tested the same way to be used for forensic measures.

References:
https://www.radford.edu/content/dam/colleges/csat/forensics/nij-chapters/brunty1.pdf

Great examples, Bilaal.
Thank you for providing examples of digital forensic tools and forensics considerations. I am still confused by the differences between organization forensics and digital forensics. Can I understand it as digital forensics readiness is the process of collecting digital evidences and organization forensics is the result of digital forensics and applying to laws and regulations?

good answer, Vaibhav!

I saw the word “digital forensics” many times in your post. I agree that organization forensics is digital forensics, but I am still wondering if organization forensics=digital forensics. If so, we just need to give definition to digital forensics then. Is organization forensics different from digital forensics?

Amanda,

I like how you were able to define the different instances of forensics and how they are used. What also was helpful is how you mentioned to introduce the policies for how investigations should be handled. I also agree with Loi on how evidence could be mishandled so policies are necessary,

I like that you brought up the issue of thinking globally. Even if you only build your website in the US it is still out there for the world to look at and use. Each country may have its own data protection laws or issue reporting laws which if disobeyed can result in penalties.

I feel like point 5 is very important since without clearly defined roles, organizational forensics may fall apart. If no one is assigned a specific task, it would require an employee to seek out a task that isn’t required of them. This will still let plenty of issues slip through the cracks. Not to mention how passing the blame for a missed issue will cause chaos.

Joseph,

I thought it was extremely helpful how you broke down your piece pertaining to different organizations that are the foundations for forensics. I found it interesting that some of these organizations have been operating since 1996 and have evolved to handle other types of cybercrime.

I separated the word forensics with digital forensics as the forensics is something related to the evidence admissible in the court.So it can be also a fingerprint collected after a crime for investigating criminals so when we jump to digital forensics its collection of evidence in the digital world

Yeah you have used an excellent example to define this but I feel tracking IP address may not be enough to sue a person in court.There are cases when people hack into somebody network and use his network to hack and bring damage to other systems.The method do deals with tracking the user with IP address and then depositing his personal computer with any of the internet history or log files.

I really like the point of mentioning the proper protocols and policies are in place.The work of forensic expert will be easier if he can find the log files.Most of the auditor do recommend using log files but the organizations ignore them.Many organization have a retention policy but the data may not be available for the particular date when being asked by an forensic investigator due non compliance to policy

Elizabeth,

Your explanation of digital forensics was thorough and I liked that you identified the various disciplines of organizational forensics and the assortment of regulations and policies that need to be considered during the organizational forensics process. I noticed that your definition, while not explicitly limiting digital forensics to legal applications, didn’t mention its admissibility towards settling internal incidents. While the arguably more important aspect of digital forensics is its applications for handling criminal offenses, it can also be handy for settling simpler issues such as violation of the company’s computer policy, etc.

Thanks Menqxue,
What I gathered from the research is that forensic readiness is how prepared an organization is to handle forensic investigation.. So this would include an organizations ability to process and collect digital evidence should an incident arise. And yes, organizational forensics is the application of digital forensics within an organization which should support company policy, laws and regulations.