Blog‎ > ‎

Why Your IT Gal/Guy Shouldn't Do Forensics For You - Part 1

posted May 12, 2015, 11:56 AM by David Schippers   [ updated May 12, 2015, 9:58 PM ]
There are a lot of organizations that feel their in-house information technology staff can handle their digital forensics' needs.  On the surface, this decision seems like a great way to save money and control the release of key information.  However, there are some key things that should be included in your decision to outsource or in-house your digital forensics needs. 

If our tech geek gets in over their head, we can call in the professionals
This is a major problem for incident response and digital forensics.  Organizational leaders assume they can start a major response in house and outsource it when things get to complex or deep.  The major issue with this assumption is that any evidence will never be destroyed, deleted or manipulated by their in house staff.  In essence, this is comparable to having your friend start open heart surgery and call in a surgeon when things start to go bad.  Sometimes, actions cause irreparable damage to your response and evidence.  Even if a professional forensics investigator can recover from the problems created by untrained/unskilled responders, it will cost the organization a considerable amount of money in the form of billable hours by a skilled responder.    

Do you need to comply with standards such as PCI-DSS or ISO standards?
These standards bodies require timely and consistent responses to security incidents.  Consistent is the key term.  Policies, procedures, tools and knowledge should be in place to provide the response.  The vast majority of people assume digital forensics is a technical field that any geek can handle.  This assumption is a major mistake.  Pulling your resident tech geek without proper training or certification in evidentiary and legal procedures can put your response in a bad position.  The other big hurdle your organization may face is the ability for their work to hold up in a court of a law. 

But we don't need to worry about a lawsuit
These are common words in most circles.  Many security responses start off with simple assumptions.  As things escalate, it can become clear that the situation will end up in court, which can be for various reasons.  If you've utilized an untrained and uncertified responder, your chances of defending your legal argument can be placed in jeopardy.  

As always, if you ever need advice or help with a digital forensics response, please feel free to contact us.  We're here to help you with your difficult situations.