Forensic Investigat...
 
Notifications
Clear all

Forensic Investigation

3 Posts
3 Users
0 Likes
558 Views
(@sakinah)
Posts: 1
New Member
Topic starter
 

My bigboss talk about having capability on forensic investigation between staff in agency and planning for implementation of it.Can someone explain the impact (positive as well as the negative side) of having forensic investigation capability in organisation?

 
Posted : 31/05/2018 1:38 am
BraindeadVirtually
(@braindeadvirtually)
Posts: 115
Estimable Member
 

impact (positive as well as the negative side) of having forensic investigation capability in organisation?

Positive responsiveness

Negative cost

Bonus negative partiality/bias

 
Posted : 31/05/2018 6:37 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

I would say that all depends on the actual quality of the internal resources and - partially - on the actual budget.

If the idea of an internal forensic investigation team amounts to "hire at entry level pay an IT graduate with a couple courses and/or certificates in forensics, and buy him/her a couple softwares, and since he/she has nothing to do normally let's put it in the IT maintenance team" it is even possible that the actual responsiveness (that redcat above correctly classified as Positive) may become a negative, i.e. a prompt intervention by a not qualified internal team may make things harder when/if a professional independent investigator is required.

On the other hand I doubt that *any* organization can afford an internal team of digital forensic investigators or allow them to "do nothing" when (hopefully) there is nothing to investigate (i.e. likely 99,99% of the time.

If I were (and I am not, mind you) at decision making level in an organization that can even think of having a dedicated team, I would suggest to forget about it and rather spend some money hiring professional consultants to establish a definite protocol to be used by all personnel in case of incident and train all personnel about its implementation, besides a proper implementation of preventive measures (verifying the computing layout and protocols in use, pentesting, etc.) or if there is really the need for an internal resource, I would personally spend my money on security professionals well before investigators.

When (if) an actual incident happens (again given that the organization is big enough to contemplate having a dedicated team) it is likely that it will be an incident with some "heavy" impact, so anyway you would need to call some external professionals to avoid the partiality/bias redcat mentioned, but also to give to the proprietors/shareholders a "authoritative" opinion/report.

I mean, even if "Joe from the IT team" is perfectly correct in his "post mortem", his report will be anyway looked with suspect, whilst one from an external professional will be likely given more weight.

jaclaz

 
Posted : 31/05/2018 2:27 pm
Share: