Digital Forensics Dispatch
Digital Forensics Blog
by Sensei Enterprises, Inc.
Digital Forensics, Cybersecurity, and Insider Threats, Oh My!
October 11, 2022
With it being October and Cybersecurity Awareness Month, it would be remiss not to discuss the impact of digital forensics on cybersecurity. Often, after a security incident happens, an assessment of the incident occurs, usually including a forensic investigation to determine what data was accessed and how the incident happened.
A recent article by Sead Fadilpašić of Techradar, highlights insider threats, one of many cyber incidents. The article discusses the recent Microsoft Insider Risk Report. An insider threat can be a huge security risk for a business and is something that should be taken seriously. Fadilpašić writes that insider threats “cost businesses an average of $7.5 million a year.”
The Cybersecurity & Infrastructure Security Agency (CISA) defines an insider threat as “the potential for an insider to use their authorized access or understanding of an organization to harm that organization.” Insider threats can encompass a lot of different areas and we encourage you to check out CISA’s articles on insider threats to learn more.
With an insider threat investigation, there are plenty of artifacts of interest that can be discovered. One of the first items of interest is determining file access and what data was taken. A forensic analysis may reveal such artifacts. Often there are file access records that will show what files and folders were accessed on a system. There are also forensic artifacts that show if external storage media such as a USB flash drive or hard drive were connected to a system.
Additionally, there may be evidence of file uploads to websites or cloud storage, such as Google Drive, Box, or Dropbox. There is also a potential to reveal browser history such as searches made and websites visited. Another common artifact of interest in these types of forensic investigations is email. Sometimes, an insider will email files or forward sensitive information to a personal email account. A forensic review of their work email may reveal that emails were forwarded and attachments sent.
There are, of course, more artifacts that can be found on all sorts of electronic devices involved in security incidents, but the ones listed above are some of the most common requests. An insider threat, like all potential security incidents, in not something to take lightly. If you are looking for a quick resource on how to mitigate them, check this link for more information from CISA.
Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology