In recent years, the considerable overlap in the fields of cyber security and cyber forensics has caused the terms to be used interchangeably. Although the two disciplines work in tandem and utilize many of the same tools, it is worth noting the distinction between the two disciplines.
Cyber security is the process of protecting and defending information systems from threats such as the misuse of systems, attackers, data theft, malware outbreaks, and system outages. While cyber forensics is the collection, preservation, acquisition, and analysis of digital artifacts for use in legal proceedings.
Typically, cyber security personnel identify a system breach or issue. For example, if a security device generates an alert indicating an anomaly on the network, the security team will conduct an initial investigation. If it is discovered that a system has been compromised, then security personnel will alert incident responders or forensic examiners. Responders or examiners will then complete an event reconstruction to investigate what occurred on an information system and determine if data was stolen. A forensic investigation may be one piece of an internal corporate investigation, civil litigation, or criminal investigation. Upon the completion of an investigation, the results will be delivered by the examiner to attorneys or law enforcement agents. Additionally, the technical details will be provided to the cyber security personnel in an effort to strengthen the defenses of their information systems.
Due to the recent onslaught of data theft and computer system breaches, such as the Target credit card incident and Sony email leak, cyber security and cyber forensics personnel have been working together in a cyclic process. As data storage grows larger and more information is made available via cloud-based systems and mobile devices, the need for cyber security is growing. In turn, there is an increased demand for forensic examiners to augment the entire cyber defense team.
Check back throughout the month of October for more articles about cyber security including a pieces on cyber terrorism and cloud security.