±Forensic Focus Partners

Become an advertising partner

±Your Account


Forgotten password/username?

Site Members:

New Today: 0 Overall: 35734
New Yesterday: 1 Visitors: 108

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Forensic Investigation

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts


Forensic Investigation

Post Posted: May 31, 18 01:38

My bigboss talk about having capability on forensic investigation between staff in agency and planning for implementation of it.Can someone explain the impact (positive as well as the negative side) of having forensic investigation capability in organisation?  

Senior Member

Re: Forensic Investigation

Post Posted: May 31, 18 06:37

- Sakinah
impact (positive as well as the negative side) of having forensic investigation capability in organisation?

Positive: responsiveness

Negative: cost

Bonus negative: partiality/bias  

Senior Member

Re: Forensic Investigation

Post Posted: May 31, 18 14:27

I would say that all depends on the actual quality of the internal resources and - partially - on the actual budget.

If the idea of an internal forensic investigation team amounts to "hire at entry level pay an IT graduate with a couple courses and/or certificates in forensics, and buy him/her a couple softwares, and since he/she has nothing to do normally let's put it in the IT maintenance team" it is even possible that the actual responsiveness (that redcat above correctly classified as Positive) may become a negative, i.e. a prompt intervention by a not qualified internal team may make things harder when/if a professional independent investigator is required.

On the other hand I doubt that *any* organization can afford an internal team of digital forensic investigators or allow them to "do nothing" when (hopefully) there is nothing to investigate (i.e. likely 99,99% of the time.

If I were (and I am not, mind you) at decision making level in an organization that can even think of having a dedicated team, I would suggest to forget about it and rather spend some money hiring professional consultants to establish a definite protocol to be used by all personnel in case of incident and train all personnel about its implementation, besides a proper implementation of preventive measures (verifying the computing layout and protocols in use, pentesting, etc.) or if there is really the need for an internal resource, I would personally spend my money on security professionals well before investigators.

When (if) an actual incident happens (again given that the organization is big enough to contemplate having a dedicated team) it is likely that it will be an incident with some "heavy" impact, so anyway you would need to call some external professionals to avoid the partiality/bias redcat mentioned, but also to give to the proprietors/shareholders a "authoritative" opinion/report.

I mean, even if "Joe from the IT team" is perfectly correct in his "post mortem", his report will be anyway looked with suspect, whilst one from an external professional will be likely given more weight.

- In theory there is no difference between theory and practice, but in practice there is. - 

Page 1 of 1