Email Forensic

Digital Forensics: The What, Why, and How

Author: Abhinav Sethi | Updated on November 6, 2020 | Email Forensic | Email Forensics | 7 min read

Although digitization has today revolutionized the commercial landscape, it has also given rise to threats like online frauds, phishing attacks, and data breaches. Statista records inform that data breaches are an upward trend, as we saw around 446 million records exposed in 2018 compared to 19 million in 2006. But what does this mean for businesses that are growing on the back of technological advancements? Well, it can mean different things, but one of them is certainly that they need to embrace the digital forensics technology.

What is Digital Forensics?

Digital forensics is a branch of forensic science that involves identifying, collecting, analyzing and documenting information found on digital devices that can be used as evidence in a court of law in relation to a cyber crime.

Digital forensics specialists are usually consulted to investigate crimes that involve the Internet and digital devices such as computers and mobile phones. These professionals use digital forensics techniques to extract data from devices and emails, access encrypted or hidden data, organize evidence files for references, and prevent data tampering.

Digital forensics can be divided into the following subcategories:

  • Computer Forensics: A branch of forensic science that deals with identification, analysis, collection, and reporting of evidence found in laptops, computers, and storage devices for investigation.
  • Mobile Devices Forensics: It is a branch of digital forensics that is related to extraction of digital evidence from mobile devices viz. smartphones, gaming devices, GPS devices, tablets, etc.
  • Memory Forensics: It's an analysis of computer memory (RAM) to identify and investigate advanced attacks.
  • Network Forensics: It is a sub-branch of digital forensics that is related to monitoring, identification, and analysis of network activities/events for locating the origin of a security attack.
  • Digital Image Forensics: It is a new field of research that is aimed at analyzing and authenticating the validity of digital images (typically using metadata).
  • Video/Audio Forensics: It's related to investigation of digital sound and video recordings with the purpose of establishing their authenticity.
  • Email Forensics: Email forensics is the practice of analyzing email content for evidence collection. It's used in the investigation of email-related crimes such as phishing attacks, data leaks, etc.

Why is Digital Forensics Important?

"Technology touches just about everything already and computer forensics is rapidly becoming a daily part of the investigative process. From a law enforcement perspective, it is difficult to find a case today that does not have a nexus to computer technology."

- Brian Scavotto (computer forensics expert and instructor at NU, California)

Data breaches and other kinds of cyber attacks have grown rapidly over the past few years not just in the number of instances but also in terms of costs involved (often in millions of dollars). So, it's only sensible for forward-thinking companies to take necessary steps to mitigate these risks. Investing in digital forensics can help them investigate potential frauds that are underway and nab culprits in cases where the damage has already occurred. The following are some of the main reasons why organizations need to use digital forensics:

It Facilitates Legal Proceedings

If and when a data breach occurs in a company, whether by an outsider or an insider, the 'story' of how it happened is of little significance in court. The legal process accepts only facts and data, which can only be produced with the help of a professional and trusted digital forensics procedure. Forensics investigators use specialized procedures and digital forensics tools for collecting evidence in its original untampered form. This evidence can be used to solve the cases decisively.

It Makes Financial Sense

Digital forensics can help an organization save money. For instance, a data breach in a company can compromise sensitive business records worth considerable strategic or financial value. With certified and tested forensics tools, the company can assess the root cause and exact impact of the attack. It can segregate the affected records along with the forensic evidence and line them up for legal proceeding to claim the damages. Further, organizations can do a more precise estimation of the financial losses with the help of certified forensics solutions.

It Can Reduce Legal Costs and Ease Litigation Procedures

The 2019 Cost of Data Breach report by IBM informs that global average cost of data breach is USD 3.92 million. And, average cost of breach in the US is USD 8 million which is the highest worldwide!

There can be diverse root causes and threat actors for data breach, however, they mostly obligate the organization to compensate for the damages. Having a solution that can do a systematic analysis of the root cause of breach and collect evidences can help an organization keep off legal actions and hefty penalties imposed by regulatory bodies. Forensically preserving the data can help it prove innocence in the court or reduce the extent of damages.

How is Digital Forensics Conducted?

Digital forensics investigators use a variety of techniques to acquire and process the digital evidence at hand. For instance, they may use a specialized software to scan the data for specific keywords, document the correct dates and times of important files, location details like IP addresses, MAC addresses of remote servers and/or computers that are involved in the crimes, etc. They also work closely with the legal department so that investigation is conducted in compliance with the law.

Real-World Cases in Which Digital Forensics Was Used in Legal Investigations

Digital forensics has helped solve countless big and small cases across the globe. A few of them are as follows:

Ross Comptown (Ohio, US) - Pacemaker Data Leads to Conviction

Ross Compton, a 59-year-old man from Middletown, Ohio, was charged with insurance fraud and aggravated arson (Fox News). He claimed that when he saw a fire broke out in his house, he packed some of his belongings and ran out.

Compton mentioned that he had a cardiac pacemaker. So, the police took him into custody for investigation. Applying the techniques of digital forensics, they were able to collect the data of Compton's heart rate and cardiac rhythms before and after the fire from the pacemaker. Later, a cardiologist asserted that based on the data and Compton's medical condition, it was highly unlikely that he was able to collect, pack and carry the items from his house in a short period of time. With this critical information, the police were able to prove Compton guilty of insurance fraud.

Xiaolang Zhang (US) - Apple Employee Steals Trade Secrets, Nabbed Just in Time

Xiaolang Zhang, an employee of Apple's autonomous car division (electrical engineering), was arrested by the FBI in 2019 for stealing trade secrets of the company (The Verge).

After 2.5 years with Apple, Zhang suddenly resigned, citing that he wants to go back to China, his native country, to take care of his aging mother. He also mentioned that he will join an electric vehicle manufacturer in China. The sudden announcement, coupled with the thought of him joining a rival company, made the manager suspicious. As a result, the company's security team initiated an investigation and found suspicious online activities during his last few days in the company. He had downloaded tons of information from the company's databases, mainly over 2,000 files that included the company's proprietary schematics, manuals, diagrams, etc. The matter was immediately handed over to the FBI which arrested him just one day before he was about to leave for China.

Krenar Lusha (Derbyshire, England) - Terrorist Put Behind Bars, Thanks to His Online Activities

Krenar Lusha, a 30-year old asylum seeker who worked illegally in a factory in Derby, was convicted in five of 10 terrorism-related charges (BBC). His laptop, when scanned by UK computer forensics experts, was found to have tell-tale documents called The Bomb Book and Ragar's Detonators, etc. The investigators also found downloaded instructions on building suicide belts and other kinds of explosives. Interestingly, Lusha was arrested by the police while he was downloading Hezbollah videos relating to bombs.

Robust Data Security and Familiarity with Digital Forensics is the Need of the Hour

We are becoming more and more data-dependent with each passing day. For organizations, the change is even greater in scale. This means that those who fail to establish protective mechanisms for their databases and networks stand to lose critical business information and may even face insurmountable losses both in terms of capital and credibility. To adapt with the changing times and to be future-ready, leading companies need to get familiar with the latest trends in data security and digital forensics. They also need to upgrade their company security to be prepared for the worst of disasters. That's the least they can do in the interest of company's growth and to sustain market viability.

82% of people found this article helpful