DIGITAL FORENSICS AND INCIDENT RESPONSE
Digital forensics and incident response is a part of cyber security that mainly focuses on the Identification and investigation of cyber attacks. Digital forensics and incident response consist of two parts:
– Digital forensics
– Incident response
Digital forensics is part of forensic science that generally focuses on Identifying, processing, and analyzing data. It helps in examining user activity, and system data which helps in identifying the ongoing attack and also lets you know who is behind the attack.
Incident response is an activity to identify the attack, minimize the loss of attack and find the loss of data during attack. Every organization follows the steps in order to prepare,detect and recover from data loss.
Due to the increasing amount of cyber attacks in today’s world ,the digital forensic and incident response have become a major practice to stay safe from these attacks . Every organization nowadays stores the information on the cloud due to its increased protection and services . The DFIR helps in ensuring protection from various threads that are connected to the network .
The DFIR uses different tools and advanced technology, such as AI and ML which help in building preservative measures.
The Digital Forensic process is a method that Investigators follow to find evidence. The digital forensic process consists of three steps :
Acquisition :
In this step, the exact duplicate media is created using a Hard drive duplicator or different tools. In this way, the original media is kept safe from tampering.
Analysis :
After the acquisition process is over the Digital forensic specialist analyses the duplicate data. The analysis is conducted on an ongoing Incident and finds out how the attacker entered the system and what is the area of loss.
Reporting :
Once the investigation is completed an incident is covered the report is then sent to the authorized authority for Law enforcement.
Use of Digital Forensics in Incident Response plan
Digital Forensics helps in incident response planning by providing necessary information and evidence to the computer emergency response team . Digital Forensics includes:
– File system Forensics :
Analysis of file system is done within endpoint
– Memory Forensics :
Analyzing of memory is also done to find signs of attack that were not found in the file system forensics.
– Network Forensics :
The ongoing network activities are monitored such as browsing activities , emails , messaging to identify the attack .Through this the technique used by the attacker can be identified .
– Log Analysis :
The login activity or login record is monitored to find the unwanted activity or event .
The digital forensics help in responding to attack , Moreover also help in finding vulnerability in systems that are prone to attacks . The data that is provided from Digital forensics helps in strengthening security measures . This overall helps in reducing the risk in organization .
Advantages of Digital Forensic and Incident response(DFIR)
The Digital forensics and Incident response are two different things but are co-related to each other in some ways . There are several advantages of Digital forensic and Incident response some of them are listed below :
– Responding to incidents with speed and accuracy .
– Must follow the same process when investigation and evaluation of an incident is done .
– Minimize data loss and data theft so no harm is done to the reputation of the company or organization .
– Working on strengthening security and existing risks .
– Recover from threads quickly .
– Assist in finding out the person who is behind the attack through evidence and documentation .
