Fighting Cybercrime: Cybersecurity and Digital Forensics Are the New A-Team
Cybersecurity and digital forensics are instrumental in creating effective defense, analysis and investigation of cybercrime. While both focus on the protection of digital assets, they come at it from two different angles.
Digital forensics deals with the aftermath of the incident in an investigatory role, whereas, cybersecurity is more focused on the prevention and detection of attacks and the design of secure systems.
Think of the cybersecurity expert as the frontline police officer and the SWAT response team all in one. The digital forensics expert is the specialist investigator that hunts the perpetrator and seeks to understand their motivations.
Let’s see how the two practices complement each other to stop malicious attacks and track down the criminals involved.
What Does a Digital Forensics Professional Do?
The practice of digital forensics includes the collection, examination, analysis and reporting of incidents involving, computer, network and mobile devices. Digital forensics professionals work across both the public and private sectors, and their role usually involves:
- Conducting data and security breach investigations;
- Recovering and examining data from computers and electronic storage devices;
- Dismantling and rebuilding damaged systems to retrieve lost data;
- Identifying additional systems compromised by cyberattacks and compiling evidence for legal cases.
The end goal of a digital-forensics investigator is to identify the perpetrator of a cybercrime, obtain hard evidence against the perpetrator, and for that evidence to be admissible in a court of law.
Case Study: Digital Forensics Helps Solve Cyber Espionage
In 2008, the worst cyberattack in US military history saw an unprecedented amount of classified military data to fall into foreign hands. Unprepared for an attack that originated inside their own network, the Pentagon deployed digital forensics investigators to determine the source of the attack and how the breach occurred.
Their investigative work pinpointed the breach to a US military base in the Middle East. The cause was a USB flash drive inserted by one of their own personnel inside the military’s computer network — thus bypassing all of the security countermeasures their cybersecurity team had built (e.g. firewalls).
Further investigation found that the individual was not a double agent working within the US Military, but a naive staffer who thought they had found a free flash drive. They had unsuspectingly picked it up in a car park outside the military base, where hundreds of flash drives containing the malware had been scattered. The cybercriminal who planted them only needed one unsuspecting person to pick one up and use it on their computer.
Cyber-forensic professionals — working with cybersecurity experts — played a crucial role in determining the source of the breach and in-turn, putting measures in place to ensure such a breach doesn’t occur again.
The work of a cyber-forensic professional can lead to people and places outside of the digital realm. This attack changed the entire course of the US military strategy towards cybersecurity and cyberwarfare, resulting in a new department of cybersecurity professionals and forensic investigators being created to defend, attack and hunt cybercriminals.
Digital Forensics and Cybersecurity in Action
In the wake of the drone scare at Gatwick airport in the UK, cybersecurity students at Edith Cowan University have been developing a system that automatically tracks and disables rogue drones, while also tracking down their owners. The internship program, named Spectrum Watch, can isolate data traffic being sent to the drone. This means cybersecurity agents can take control of the drone, lowering its descent and minimising the threat it presents. By preserving the drone — as opposed to simply destroying it — digital forensics investigators can analyze it and extract information about the drone’s origin, flight path and access any images or video recorded by the drone.
If you are interested in a challenging career in cybersecurity, you can study online and gain your Masters in Cyber Security from Edith Cowan University, studying digital forensics as a core unit of your degree.