Three Business Use Cases for Digital Forensics

oday, businesses are turning to digital forensics experts for scenarios that require tech-savvy sleuthing: employee mishandling of sensitive information, data recovery, and the aftermath of cyberattacks, for instance.

By Stephanie Walden, Contributor

The term “forensics” often brings to mind CSI-style gadgetry, but in recent years the field of digital forensics has little to do with trenchcoat-clad investigators dusting for fingerprints. Today, businesses are turning to digital forensics experts for scenarios that require tech-savvy sleuthing: employee mishandling of sensitive information, data recovery, and the aftermath of cyberattacks, for instance.

Chad Gough, owner of Chicago-based computer forensics firm 4Discovery, has worked in the field for more than 20 years. He has collaborated with Fortune 500 companies and led hundreds of investigations related to electronic discovery.

“Digital forensics is a forensic science, just like toxicology,” he explained. “Computer-related artifacts can be identified, examined, tested, repeated, and peer reviewed.”

Companies often struggle to keep in-house digital forensics teams adequately trained in a quickly-evolving technological landscape. So, businesses experiencing a need for digital forensics expertise often turn to third-party firms such as Gough’s.

Below are a few instances in which businesses may consider employing a digital forensics specialist.

1. IP and Internal Investigations

Probably the most typical corporate use case for digital forensics, Gough said, is investigating internal policy violations, such as intellectual property (IP) theft. For example, if an employee leaves an organization to work for a competitor — and takes proprietary files related to revenue model, customer databases, or trade secrets along with them.

In instances of industrial espionage or IP misconduct, there are often significant dollar amounts at stake. In high-profile cases, for which Gough has testified as a digital forensics expert, he’s seen payouts of close to $100 million to compensate for lost revenue.

Digital forensics can also bolster cases against employees in instances of fraud, wrongful death or personal injury, or even sexual harassment. Laptops, social media applications, and mobile phones can provide evidence in the form of conversation histories, as well as geolocation data. In the case of a work-related accident, investigators may look into whether the injured party was using a mobile device at the time.

Patent disputes, too, sometimes rely upon digital forensics for clarification in court. “Just because my technology does something similar to yours, doesn’t necessarily mean that I’m violating your patent because it may be a very specific implementation,” Gough said. “So, [digital forensics] may play a role in that determination as well.”

2. Data Recovery

In this digital age, everybody from high-ranking executives to your grandmother understands the importance of backing up valuable files — whether they’re corporate secrets or family photos. But human error happens, and storage devices malfunction unexpectedly. In these cases, digital forensics experts may be called in to extract lost or hidden files.

Data recovery is often viewed as a subset of digital forensics, separate from the services performed for criminal investigations. However, many firms offer both types of investigative resources. Gillware Digital Forensics, for example, is a company that provides data recovery and digital forensics lab services to clients in need. Their data recovery operation attempts to salvage data from failed drives, reformatted operating systems, or crashed servers.

Chris Bogen, an adjunct professor of cybersecurity at Tulane University, explained that even if data has seemingly “disappeared,” it typically persists somewhere in a storage device until it is overwritten by another file. He also explained that, surprisingly, the analysis of volatile memory systems like RAM and network traffic is often equally or more important than that of hard drives or USB drives.

3. Damage Control in the Wake of Cybercrime

In the case of malicious cyberattacks — an increasingly common area of corporate risk — digital forensics firms can help perform a post-mortem analysis.

Cindy Murphy, president of Gillware Digital Forensics, said the most frequent corporate cases she’s worked on involve ransomware. She noted that financial and healthcare organizations are particularly vulnerable to such attacks — and often the most highly motivated to address matters promptly, since they are legally obligated to report to the government any breach that exposes customer information.

Solving these mysteries, however, is as time-consuming as it is nuanced. Gough explained that one of the most common misconceptions about digital forensics is that it’s a quick process. Business leaders often underestimate the amount of time it can take to recover information or locate a digital smoking gun.

“Everything that people see regarding forensics [on television] is kind of a condensed ‘CSI effect’ — everything is instantaneous,” he said. “But in reality, we have to dig through all kinds of digital artifacts and piece them back together to build and tell a story.”

Murphy concurred that investigations are often more complicated than they initially seem: “Forensic clues and artifacts are often found in very unassuming places; a sophisticated attacker covers their tracks.” She said there is no “secret way” to identify the source or extent of a security breach. As such, leaving no stone unturned can be a matter of weeks or months.

The Future of Digital Discovery

Emerging technologies will continue to shape digital forensics. For experts like Gough, Bogen, and Murphy, it’s crucial to stay abreast of overarching technology trends — such as newer and more secure mobile devices, Internet of Things (IoT)-connected platforms, and artificially intelligent systems.

“AI and IoT devices will add to the already massive pile of data available for investigation,” Murphy said. “We are constantly developing new tools and manipulating existing tools to effectively sift through the data. This is where AI can [help] — it can enable our tools to recognize certain characteristics or anomalies within the data, which can provide a starting point in a new investigation.”

She warned, however, that although technology can be a useful aid, it shouldn’t replace old-fashioned human intuition.

“More powerful tools are always good to have, but it is possible to grow overly reliant on them and neglect the greatest tool we have at our disposal: Our brain. Critical thinking will continue to evolve and become more a sophisticated component of AI, but until then, it’s a tight-rope that will demand balance to walk in the years to come.”