Mueller III, former director of the Federal Bureau of Investigation (FBI) once said “there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.” This is the new reality of today’s cyber world. With the ever increasing popularity of using virtual environments for businesses both large and small, using traditional method is no longer sufficient at combating cyber-attacks like the WannaCry virus. Digital forensic investigations techniques need to be altered to combat this new style of cyber-attacks. However, there are several challenges to the digital forensic investigative process that make the investigation process susceptible to incongruities, particularly during the legal process. There are several proposals that are considered to improve the digital forensic investigation process but essentially, to avoid massive attacks such as the ones these companies have faced, companies to need be proactive in their attempts to combat malicious activity in their digital environments.
Background
In 2001, the Digital Forensics Research Workshop (DFRWS) established a formal definition of digital forensics. This definition is noted in the conference report drafted by Gary Palmer as:
The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to operations.