Hey everyone, my name is Harshpreet Singh and I’m a Support Specialist at Nucleus Networks working out of the Vancouver office. I am also a full-time student in my third-year pursing a Bachelor of Technology degree with a specialization in Networking and Security at Kwantlen Polytechnic University. In case you didn’t know, it’s Cybersecurity Awareness Month!

I thought today I would share some of the exciting things I have learned both at work and school in relation to Cybersecurity. Nowadays, digital and cyber crimes are on a steady rise all throughout the world. In fact, according to Accenture’s global survey, over the past five years, security breaches have increased by 67%.

Digital forensics is a subsection of forensic science which deals with both investigation and recovery of material found in digital devices. I wanted to share a few things a computer forensics analyst keeps in mind while approaching a cybercrime scene:

1. The state the machine is found in has to be preserved: If the machine was on, then leave it on! Turning the machine off might signal a command set up by the owner of the machine and could delete any data. The same applies if the machine was off – keep it off.

2. Always make a copy of the hard drive, so that the original evidence is conserved: Testing should always be done on exact copies, never on the original evidence.

3. Special care should be taken while handling the digital data: This evidence is presented as the truth or falsehood of an allegation so it must not be tampered with.

4. The three A’s of Digital Evidence Discovery Process must always be followed:

- Acquire the Evidence
- Authenticate the evidence (should be same as the original data)
- Analyze the evidence without modification

5. Chain of custody should be maintained: This helps protect the integrity of the evidence and helps to keep a record of what investigation was done, by whom, and why.

6. Proper tools must be used when analyzing the recovered evidence. As cybercrime grows, so does the toolkit of a forensic analyst.

7. Victimology is the process for building profiles of victims: As with any crime, cyber or not, a profile helps in the investigation by giving answers as to why a particular victim was chosen. This can help prevent future attacks.

8. Both the characteristics of the crime scene and the offender should be updated and reviewed as much as possible: These are crucial points in a digital investigation. The old material can be refuted or disproved as new material comes to light.

9. The last process is reporting: A proper report must be generated, both while working on the case and after the case is closed. This helps steer the case in the right investigative direction, and also offers as a standalone reference point for similar cases in the future.

Thank you so much for reading and I hope you found these points as interesting as I did. If you are interested in learning more about how we can help you and your business, reach out today.

Harshpreet Singh| Support Specialist