Manchester: 0161 797 8123

London: 0207 438 2045


The latest industry news, articles and events

Digital Forensics as Part of a Risk Management Policy

Risk Management Policy

It is well publicised that companies are now having to tackle threats to their confidential information. Not only externally, but also internally. 

‘Bad leavers’ and those considering starting up their own rival business, at all levels of seniority, are costing organisations large sums of money. Often there is no proactive legislation in place to combat or deter these actions.

Digital Forensic Investigations

Instructing a digital forensic investigator is often seen as a reactive measure, following suspected or observed unauthorised activity within an organisation. It is often seen as a covert action, and for the uninitiated, can come across as intrusive and speculative. In reality, the skillset of a digital forensic investigator can uncover a hidden audit trail of actions on a digital device, whether it be a mobile phone or computer. Skilled investigators can piece information together to understand:

  • what files have been moved;
  • what methods have been used (such as USB transfer, emails, cloud storage);
  • when this occurred;
  • as well as further information on file access and file deletion.

There is also huge scope for digital forensics to form the cornerstone of any prudent employment contract, data protection policy or risk management policy.

Forensic Imaging

The key step to any forensically-sound investigation is the ‘Forensic Image’. This is essentially the creation of a digital copy of all the information held by a digital device, such as a computer or mobile phone. Devices are powered-off to preserve all metadata (such as time and file creation date) and the forensic image is then created. This ‘image’ is then uploaded onto a dedicated computer and booted up through specialist forensic software for all analysis and investigation to be undertaken.

Why a proactive not reactive risk management policy?

Often, companies will seek to pursue a digital forensic investigation, months after the unauthorised access has occurred. Whether it’s a salesman announcing his new position at a rival company, or clients calling to voice their confusion over being approached by an ex-Director, who has started his own company in the same line of business. Companies are predominantly reactive in their nature.

During this time span, computers are likely to be re-allocated and used daily by other employees, and any deleted evidence that was once retrievable is no longer retained by the device.

What if, as part of a risk management policy, there was a proactive mandate in employment contracts or data protection/preservation policies? This could specify that upon being made aware of an employee exiting the company, any work-designated digital device is to be collected by a digital forensics expert and a digital forensic image created. The device is then returned to the office and can be re-purposed for a new user – all in under 48 hours.

This essentially creates a holistic overview of the device at the earliest possible opportunity, and allows a greater level of control, while minimising business disruption. The forensic image can then be stored in a secure evidence room on a physical storage device, freely available for continued investigation, at any point in the future, at immediate notice.

Conclusive points

  • Digital forensics is a key aspect of internal investigations and can piece together a ‘hidden’ audit trail that can provide crucial evidence.
  • A forensic image preserves all data (including retained history and deleted files) within a computer at the time it is taken.
  • The quicker you forensically image a digital device, the more chance you have of capturing the data required for an investigator to piece together the evidence for you.
  • Digital forensics can be implemented into a proactive risk management policy. Stating this in legislation that is visible company-wide, can act as a large deterrent to those considering unauthorised activity.
  • Having these provisions in place can satisfy a number of compliance requirements contained within standards and accreditations – ‘compliance by design’.
Back to all Posts

Call us today and speak with a Forensic Specialist

London: 0207 438 2045

Manchester: 0161 797 8123

Send an enquiry to our experts

  • This field is for validation purposes and should be left unchanged.

After submitting an enquiry, a member of our team will be in touch with you as soon as possible

Your information will only be used to contact you, and is lawfully in accordance with the General Data Protection Regulation (GDPR) act, 2018.