No company is immune to crime. Whether it's internal theft, external hacking or even attempts to damage property, every organization faces the challenge of illegal activity. While it's critical to develop a response plan that outlines who takes action, what your recovery timeline is and what damage control looks like, it's just as important to collect solid evidence. Historically this took the form of physical evidence, such as fingerprints or eyewitness accounts. However, the emerging discipline of cyber forensics offers new ways to track down criminals. Here's what you need to know about the rise of digital Sherlocks.
What Is Cyber Forensics?
While the technology behind cyber forensics — also called computer forensics, IT forensics or digital forensics — may be complex, the underlying principle is straightforward. Tech Target puts it simply: "Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law." In other words, this isn't about grabbing reams of data to see what sticks, but methodically analyzing sources such as search results, emails, text messages and even keystroke patterns to create a solid criminal case.
Tools of the Trade
So how do cyber Sherlocks work their magic? Most rely on tools similar to those used by black-hat hackers, for example keyloggers, which allow investigators to record anything typed by a user. These are often used in malware banking scams, and in early 2016 a number of keylogger devices were found on library terminals at Concordia University, reports SC Magazine. It's worth noting that in some cases sleuths don't even need to capture every keystroke; according to The Telegraph, keystroke recognition technology now makes it possible to identify users — and their inputs — based on the unique cadence of their typing.
Digital experts may also use custom-built spyware, which tracks online activity such as emails sent, text messages received, and searches performed. Even if privacy or civil laws prohibit this type of monitoring, it's often possible for forensics experts to obtain this information by intercepting unencrypted data streams rather than tapping devices directly.
While many tools are now available for purchase from both legitimate companies and their less-than-reputable counterparts, companies looking to leverage digital forensics should seek out potential hires who display a drive to understand underlying causes, an attention to detail and multiple certifications such as CCE (Certified Computer Examiner), CFHI v8 (Computer Hacking Forensic Investigator) or CFCE (Certified Forensic Computer Examiner).
Beyond the Network
While there's great value in tapping digital experts to solve IT crimes, this is only the tip of the cyber forensics iceberg. The applications of digital forensics extend well beyond the IT universe.
Consider the case of murdered teen Kim Proctor. As Forbes reports, digital investigators unearthed an incriminating trail of evidence, including the suspects' Wikipedia searches, instant messages, a confession made in an online game chat and GPS data related to an "alibi" text actually sent from the scene of the crime. And in North Carolina, a string of robberies committed using the digital trading site Craigslist was solved by tracing an email address to a specific modem and then to the home of one of the suspects.
In 2015, New Jersey's Division of Criminal Justice opened a new Cyber Forensics Lab. Here, the 20-member police team is able to conduct a full review of suspect computers and recover any deleted files. The results speak for themselves: Charges have been laid in multiple cases dealing with identity theft, exploitation and financial fraud.
Virtually all crime now includes a digital element. This could be a damning Google search, strange text message or hastily written email. The evolving discipline of cyber forensics gives businesses and law enforcement agencies the ability to uncover this key evidence and ensure culpable criminals are ultimately held responsible.