Use of digital investigation tools and services is on the rise as organizations struggle with regulatory compliance and litigation requirements, according to a recent paper published by Forrester Research Inc.
Rising incidents of Internet fraud and the lack of consumer confidence around financial institutions’ handling of personal information are also driving the need for organizations to have digital investigative capabilities, said Michael Gavin, Forrester analyst and author of a research paper titled, CSI: Cyberspace.
Gavin defined digital investigation as the “entire investigative process, from a triggering event that starts the investigation through the final presentation and use of the evidence gathered during investigation.” Digital forensics, on the other hand, is the acquisition, analysis and presentation of digital evidence, he said.
The market for such products was previously focused mainly on digital forensics, said Gavin, such as data acquisition and data analysis leading to evidence.
“Those were all primarily based on incident response-type of things. But there are actually a number of different types of investigation that companies need to support and I think it is driving part of the growth in (the digital investigation) area,” said Gavin.
The so-called e-discovery (electronic discovery), for instance, or the use of stored electronic documents as part of the discovery process in civil litigation, is driving the need to have digital investigation tools and expertise in many organizations, especially those without proper document management systems in place, Gavin said.
Digital investigation also allows organizations to document the steps taken during an investigation and the evidence that is found. This would aid companies in setting up “sanitized” case studies and best practices to help improve the capabilities of the digital investigation team, he said.
Despite a growing recognition of the need for digital investigation tools and services, certain barriers could impede their continued growth, and most of them have to do with the general attitude of companies towards handling security.
In 2005, the CSI/FBI Computer Crime and Security Survey found that only 20 per cent of respondents that suffered security breaches reported them to law enforcement.
Firms also don’t see a compelling reason to invest in digital forensics and investigative capabilities. While they view losses associated with breaches as a “cost of doing business,” they tend to look at maintaining digital investigative capability as “extra cost that provides little or no benefit,” said Gavin.
While digital forensics and investigation tools have now become more affordable, getting enough expertise to enable widespread adoption remains a challenge as well. “You don’t want to have someone who deals with these investigations once a year. You want somebody who does it all the time,” Gavin said.
The Forrester research paper also predicted demand for digital investigation expertise and personnel certification will increase, making it easier for firms to evaluate prospective digital investigation partners and job candidates even without having the expertise themselves.
Financial institutions, government agencies and technology companies are ideally the ones that need to have digital investigation capabilities, whether in-house or outsourced to a third-party agency, said Gavin. But firms need to learn the capabilities of digital investigation before deciding on what approach is best for their respective organizations, he added.
There are five types of digital investigations, according to the research paper: incident response, which investigates attacks on computers and networks; internal investigations, which probe employees for inappropriate conduct violating company or regulatory policies; criminal investigations that searches for evidence in relation to a crime involving the use of computers or other electronic devices; e-discovery, a court-ordered search for relevant documents including e-mail, instant messaging transcripts and text messages from mobile phones; and data recovery, a search for lost data from equipment failure to malicious erasures, often using digital forensic tools.