It’s a process made up of things you already know – and things you may already be doing.
Get your ISO 27001 Roadmap – Downloaded over 4,000 times
Last Updated on January 18, 2024
If you don’t know what data forensics is, you’re lucky… so far.
Chances are good that almost every business will need data forensics services at some point, in connection with a data breach, lawsuit or fraud investigation.
To uncover in nontechnical terms what data forensics is, how it can be used and when you need it most, we invited Brian Dykstra CISSP, CCFP and President and CEO of Atlantic Data Forensics to join us on The Virtual CISO Podcast. Hosting the episode as always is John Verry, Pivot Point Security’s CISO and Managing Partner. “If you’re in business for any period of time there’s just no way of avoiding [litigation], right?” Brian observes. “Sooner or later it’s going to happen. The other 50% of the time it’s going to be some sort of data breach or third-party data breach or whatever that ends up affecting you.”
Brian sums up data forensics beautifully as, “The story of what happened on a device,” be it a laptop, cell phone or virtual server.
“What happened, when did it happen, how did it happen? Tell me the story of what went on, on this computer. Who took the files? Were the files on here? Did they send the files to somebody? Did they run this? Did they delete that? That sort of thing,” Brian explains.
Another aspect of data forensics concerns eDiscovery in legal proceedings. These efforts tend to be larger in scale, and focus more on finding all the data that aligns with a set of search terms and making that available to attorneys in a usable form.
“Usually with forensics, we’re looking at a few systems, maybe a dozen at the outside. Whereas eDiscovery could involve forensics on 400 mailboxes all at once. [With eDiscovery] you’re doing a lot of keyword searching and deduplication of files and things like that,” Brian shares.
When it comes to data breaches, a big part of data forensics is looking at logs from firewalls, SIEM systems, network devices, etc. It also involves identifying what data needs to be looked at in detail from endpoints, cloud instances, physical servers and other devices.
How do you know when you need a data forensics expert? Brian stresses that the time to connect with a reputable provider to discuss how data forensics can help address your business risk is before you need one. Because sooner or later you’re going to need one, and it’s unlikely you’ll have the needed skills in-house.
To hear the complete podcast episode featuring Brian Dykstra, plus many others on the hottest cybersecurity topics, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
“If you’re in business for any period of time there’s just no way of avoiding [litigation], right?” Brian observes. “Sooner or later it’s going to happen. The other 50% of the time it’s going to be some sort of data breach or third-party data breach or whatever that ends up affecting you.”