Hidden Dangers of Evidence Contamination Post-CyberattackCIOs and CISOs Must Integrate Digital Forensics With Incident Response Strategy
In both cyberattack defense and post-attack investigation, humans are often considered the weakest link. Mishandling the scene of a digital crime by workers after detection is a leading cause of evidence contamination or invalidation in court. Mistakes can impede efforts to trace the cause and origins of the attack - key intelligence for determining an action plan, minimizing damage and strengthening future cyber defense.
Gaurav Gupta, Scientist "E" at the cyber law group of the Ministry of Electronics and Information Technology for the government of India, asserted that CIOs and CISOs should make their organizations digital forensics-ready.
"Digital data is fragile, mutable and easily replicable," Gupta said. "Enterprises must have logging and data recovery tools in place to aid investigations and train their first responder employees on SOPs to avoid evidence contamination."
In this video interview with Information Security Media Group at ISMG's Dynamic CISO Excellence Awards and Conference, Gupta discusses:
- Integrating digital forensics with the overall cyber incident response strategy;
- Guidelines to avoid contamination of the digital crime scene;
- Do's and don'ts for organizations to be digital forensics-ready.
With more than 20 years of experience, Gupta holds the distinction of being the first Indian to earn a doctorate in digital forensics. His research is focused on digital forensics to detect computer fraud and cybercrimes. He is also keen on developing scalable, efficient, portable and low-cost digital forensic solutions.