The information provided on this website does not, and is not intended to, act as legal, financial or credit advice; instead, it is for general informational purposes only. Information on this website may not be current. This website may contain links to other third-party websites. Such links are only for the convenience of the reader, user or browser; we do not recommend or endorse the contents of any third-party sites. Readers of this website should contact their attorney, accountant or credit counselor to obtain advice with respect to their particular situation. No reader, user, or browser of this site should act or not act on the basis of information on this site. Always seek personal legal, financial or credit advice for your relevant jurisdiction. Only your individual attorney or advisor can provide assurances that the information contained herein – and your interpretation of it – is applicable or appropriate to your particular situation. Use of, and access to, this website or any of the links or resources contained within the site do not create an attorney-client or fiduciary relationship between the reader, user, or browser and website owner, authors, contributors, contributing firms, or their respective employers.
Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them. Compensation is not a factor in the substantive evaluation of any product.
My phone rings whenever a client is hacked, suffers a data breach, or is a victim of identity theft via digital means. My job as chief information security officer is to look at all the digital evidence.
When possible, I reconstruct the cyber attack. It’s C.S.I. work. By reconstructing the attack, often I can tell where it came from, how it unfolded and—most importantly—who did it. It’s a way of finding and preserving digital evidence. There’s a reason it’s called forensics.
Digital forensics can be divided into four categories. If you, as a consumer, know what these are and how to handle them in the event of an attack, you can help me do my job and restore your company’s daily operations.
1. Static media. This is your computer or smartphone’s hard drive. It’s the storage media that’s fixed, unmoving, and often the first thing we look at in an investigation.
2. Volatile information. This is a little more complex. It’s the information in your system’s memory, or ram, and the computer processes, or CPU. This can tell us what processes were running at the time of the attack.
3. Network forensics. This is a top down traffic analysis. Was your computer on a network? Or on the Internet? What types of calls were being made into your machine? Was it making outgoing calls?
4. Binary and malware analysis. If and when we find malicious software on your computer, this is where and how we deconstruct it. We look for when the program was made, and if the author left any traces that could aid identification.
These are the four areas you want to try to preserve if your system is compromised. How you react depends on what’s happening. If you notice a digital crime in progress, it might be tempting to shut the machine down to stop it, but this could erase volatile information. If you have reason to believe the malware or hacker will spend some time inside your machine—without causing devastating personal damage—keep the system running and contact a professional.
It’s safe to shut down the computer before you seek help if the hack happened months ago and files were affected. It may also prevent a follow-up attack.
If your computer is on a network, ask the administrator or owner if network traffic is recorded. Many businesses and government networks have banks of static drives that record network traffic (network forensics) in the event of an attack. This is a silver bullet in a forensic investigation because you can literally “watch” the hack unfold as if it were recorded on surveillance camera.
Most importantly, if you’re hacked, breached or the victim of digital identity theft, you’ll need an information security specialist and digital forensic specialist to get to the bottom of the case. Knowing how cybercrime is investigated, I hope, will make you a more informed victim, which ultimately can help catch the bad guy.
Image: James Halliday, via Flickr
This article was originally published on Identity Theft 911 blog.
April 11, 2023
Uncategorized
September 13, 2021
Uncategorized
August 4, 2021
Uncategorized