What is Digital Forensics?

The basics

Digital forensics is the art of examining digital evidence, gathered from different kinds of IT-systems, and it also includes recovery and investigation of cybercrimes, by looking through materials found in digital devices and IT-environments. When a cyber security incident has occurred, it is necessary to determine the root cause of the incident. Digital forensics includes for example file-system analysis, log-event examination, and network forensics. Digital forensics is also used in intellectual property theft, industrial espionage, employment disputes and fraud investigations.

The ultimate goal is to create an easy-to-understand timeline and classification of events. For our Incident Response Customers, the outcome is an extensive report, underlining the root cause of the incident, the threat-actors motivation, and end goal. With digital forensics you get an extraction and documentation of all computer evidence which can be used in the court of law.

What steps are included in the forensic investigation?

The NetNordic Cyber Forensic Team has created their own tools, to enhance the investigation. The work process includes the collection of evidence, identification, classification and analysis. Remediative actions are done during the incident response process, and further recommendations are presented to the customer to harden their cyber security posture. Lastly, we document and report everything that we have found and review it together with the customer.

Read more about: Security Experts & Incident Response Team