Digital Forensics Dispatch

Digital Forensics Blog
by Sensei Enterprises, Inc.

Digital Forensics, Cybersecurity, and Insider Threats, Oh My!

October 11, 2022

With it being October and Cybersecurity Awareness Month, it would be remiss not to discuss the impact of digital forensics on cybersecurity. Often, after a security incident happens, an assessment of the incident occurs, usually including a forensic investigation to determine what data was accessed and how the incident happened.

A recent article by Sead Fadilpašić of Techradar, highlights insider threats, one of many cyber incidents. The article discusses the recent Microsoft Insider Risk Report. An insider threat can be a huge security risk for a business and is something that should be taken seriously. Fadilpašić writes that insider threats “cost businesses an average of $7.5 million a year.”

The Cybersecurity & Infrastructure Security Agency (CISA) defines an insider threat as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization.” Insider threats can encompass a lot of different areas and we encourage you to check out CISA’s articles on insider threats to learn more.

With an insider threat investigation, there are plenty of artifacts of interest that can be discovered. One of the first items of interest is determining file access and what data was taken. A forensic analysis may reveal such artifacts. Often there are file access records that will show what files and folders were accessed on a system. There are also forensic artifacts that show if external storage media such as a USB flash drive or hard drive were connected to a system.

Additionally, there may be evidence of file uploads to websites or cloud storage, such as Google Drive, Box, or Dropbox. There is also a potential to reveal browser history such as searches made and websites visited. Another common artifact of interest in these types of forensic investigations is email. Sometimes, an insider will email files or forward sensitive information to a personal email account. A forensic review of their work email may reveal that emails were forwarded and attachments sent.

There are, of course, more artifacts that can be found on all sorts of electronic devices involved in security incidents, but the ones listed above are some of the most common requests. An insider threat, like all potential security incidents, in not something to take lightly. If you are looking for a quick resource on how to mitigate them, check this link for more information from CISA.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com/services/digital-forensic

Sensei Enterprises

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Digital Forensics Dispatch

Digital Forensics, Cybersecurity, and Insider Threats, Oh My!

Ride the Lightning

Your IT Consultant

Disclaimer