Introduction In 2017, there have been several high profile cyber-attacks that have affected various systems across the country and the world. Among these cyber-criminals is the group known as the Shadow Brokers who debuted in August 2016 after claiming to have breached the spy tools of the Equation Group, an elite NSA-linked operation. In April 2017, the Shadow Brokers released what is said to be significant NSA tools which individuals have used to infect computer systems with ransomware. As a result of the Shadow Brokers’ breach, one strain of ransomware, WannaCry, spread worldwide in May 2017 hitting several targets that included public utilities and large corporations. It even attacked National Health Service facilities in Great Britain,
…show more content…
Mueller III, former director of the Federal Bureau of Investigation (FBI) once said “there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.” This is the new reality of today’s cyber world. With the ever increasing popularity of using virtual environments for businesses both large and small, using traditional method is no longer sufficient at combating cyber-attacks like the WannaCry virus. Digital forensic investigations techniques need to be altered to combat this new style of cyber-attacks. However, there are several challenges to the digital forensic investigative process that make the investigation process susceptible to incongruities, particularly during the legal process. There are several proposals that are considered to improve the digital forensic investigation process but essentially, to avoid massive attacks such as the ones these companies have faced, companies to need be proactive in their attempts to combat malicious activity in their digital environments.
Background
In 2001, the Digital Forensics Research Workshop (DFRWS) established a formal definition of digital forensics. This definition is noted in the conference report drafted by Gary Palmer as:
The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to operations.
Mueller III, former director of the Federal Bureau of Investigation (FBI) once said “there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again.” This is the new reality of today’s cyber world. With the ever increasing popularity of using virtual environments for businesses both large and small, using traditional method is no longer sufficient at combating cyber-attacks like the WannaCry virus. Digital forensic investigations techniques need to be altered to combat this new style of cyber-attacks. However, there are several challenges to the digital forensic investigative process that make the investigation process susceptible to incongruities, particularly during the legal process. There are several proposals that are considered to improve the digital forensic investigation process but essentially, to avoid massive attacks such as the ones these companies have faced, companies to need be proactive in their attempts to combat malicious activity in their digital environments.
Background
In 2001, the Digital Forensics Research Workshop (DFRWS) established a formal definition of digital forensics. This definition is noted in the conference report drafted by Gary Palmer as:
The use of scientifically derived and proven methods toward the preservation, collection, validation, identification, analysis, interpretation, documentation, and presentation of digital evidence derived from digital sources for the purpose of facilitating or furthering the reconstruction of events found to be criminal, or helping to anticipate unauthorized actions shown to be disruptive to operations.