In-depth investigation

Computer forensics has helped bust scams across the country – but could this re-emerging discipline help your organisation? Ambrose McNevin takes a look at the evidence.


Despite new security threats, such as smarter malware, compliance and proof of best endeavour requirements, the desire for a holistic security strategy that covers everything from policy to prevention is currently not being met by the security industry.

Computer forensics – a definition

Digital forensics is the process of using the scientific method to examine digital media in order to establish facts for legal purposes, especially judicial review. It involves the systematic inspection of IT systems, especially data-storage devices, for evidence of a civil wrongdoing or criminal act. Because of its focus on facts and scientific method, computer forensics processes must adhere to courtroom standards of admissible evidence, which severely complicates some of the otherwise simple data analysis tasks such as looking at logs to determine who connected to the system.

Source: Dr Anton Chuvakin, security expert and author of Security Warrior

What someone who sells IT security products can offer in terms of a comprehensive computer security strategy is a list of reasons their feature-rich products are better than those of their rivals.

Whether secure sockets layer (SSL), virtual private network (VPN) appliances; the latest audio-visual software or intelligent networks, point solutions are the only things available in the marketplace. If you ask about computer forensics, the usual answer is “we don’t do that”.

The reason is that forensics is not yet a mainstream field and descriptions and definitions vary. Yet how do organisations integrate incident response, breach handling and forensic examination into a security strategy? That security strategy should be defined by policies and procedures to minimise security risk at the lowest cost and least disruption. It is a major challenge facing many CIOs.

The response strategy could increasingly dictate the success or failure of the entire security approach. Examples are diverse. Recent cases where computer forensics have played a major part have included breaking a fake pharmaceuticals ring in which the UK’s Medicines and Healthcare products Regulatory Agency (MHRA) used computer forensics to prove that individuals had set up an entire manufacturing and distribution business for fake Viagra, Cialis and baldness cure Propecia.

Another case led to the discovery and successful prosecution of an NHS manager who paid himself over £600,000 through phantom employees. Similar scams could be happening in your organisation.

The big sleep

So has the industry been sleeping on the job? Have the security firms had it their own way for too long? The House of Lords science and technology select committee slammed the IT security industry last year for having failed in its duty to protect businesses by putting the burden of blame onto the user. In a damning report it declared that: “a lack of vendor liability for security breaches has created a commercial environment in which software providers have no incentive to produce high quality, robust products.” Those in the security product game were quick to point out that users are often complicit in the shortcomings of the products bought as they are happy to think in the short term.

"Recommended For You"

Researchers: forensic software can be hacked Google traffic robbed by click fraud botnet