Digital Forensic science, commonly referred to as digital or computer forensics, is the branch of forensic science that deals with the collection, analysis, and preservation of digital data — evidence of something that has occurred. It involves the investigative use of specialized tools and techniques to defensibly extract and analyze data from a ubiquitous and continually growing array of computers, tablets, servers, smartphones, smartwatches, network devices, Internet of Things (IOT), etc. If it powers on and stores data, it can be analyzed. In the context of cybersecurity, Digital Forensics is often used to investigate incidents such as ransomware events, network Intrusions, insider threats, malware, intellectual property theft, cyber espionage, and cyber terrorism. By analyzing the digital evidence left behind, investigators can determine causes of incidents and gather evidence for legal action.
Incident Response is essentially the steps taken to address, contain, and minimize the impact of a cyberattack and prevent further damage. This process involves a range of activities, including identifying the scope of the incident, containing the attack, collecting evidence, analyzing the reach of the incident, and restoring affected systems and data. It requires a coordinated effort by a team of experts, including IT professionals, cybersecurity and digital forensics experts, and legal professionals.
This book covers the State of Modern Investigative Digital Forensics, Challenges & Considerations of the modern practitioners, Principles & Artifacts that every examiner should know, every executive, attorney, and claims manager should have a baseline knowledge of, and the principles that surround Causality & Ethics in modern Incident Response. In addition, the author covers such concepts as The Kroll Intrusion Lifecycle (TM), The Trickle Down Effect, Internet Identity Fusing (IIF) and The Castle Doctrine. The author interweaves these concepts both in principle, but also to form the baseline of Criminal Groups & Their Methods, how to approach Incident Response Planning and Tabletop Exercise Planning, and three categories of Insider Threats (Malicious Insiders, Negligent Insiders, and Accidental Insiders). Finally, the author covers Malware as a Service, Violence as a Service, Swatting as a Service, and Voice Cloning as a Service which are various new territories where threat actors continue to expand and evolve. The final two chapters cover Data Governance, Risk and Compliance and how it merges with modern Digital Forensics and Incident Response, in addition to a breakdown comparison of EDR, MDR, and XDR as industry terms and comparisons.
Devon is a rare breed. He has honed his skills chasing criminals and nation state actors compromising systems, components, and people. Few in the DIFR field can truly say “been there, done that, have the T-shirt”. Devon has used his decades of experience in digital forensics to provide the reader a one-stop learning experience on what motivates threat actors and how they think and act. Everyone will learn something in this book. So go “Dive in”!
John F. Bennett, Assistant Director in Charge, FBI LA (ret.)