Digital forensics

Steer clear

When it comes to cybersecurity, digital forensics happens everywhere from incident response to disaster recovery. Microsoft, for example, is facilitating the process by offering users a replacement “cloud PC” to make it easier for users to hand over their devices for forensic analysis—though, according to Justin Timothy, a threat intelligence consultant at GuidePoint Security, that could present its own challenges for teams tracking down details.

“If you have an end user who’s trying to do their work but they can’t get their mouse to work, then they have to reach out to their corporate IT team,” Timothy said. “And that IT team is probably busy assisting with any forensics or recovery efforts.”

Accelerator

And what aspect of the tech world would be complete without trying to utilize AI? Cybersecurity experts are deploying the technology at every level of the detection process, even as enemies are using it to enhance cyberattacks. Pynt CTO Ori Goldberg told IT Brew that those threats will be offset by usage of AI in the digital forensic space.

“Tools powered by LLMs will enhance anomaly detection, automate threat responses, and perform autonomous vulnerability fixes,” Goldberg said.

Practical application

Last year, after a shooter in Pennsylvania tried to assassinate now-President Donald Trump, FBI investigators used digital forensics to break into the attacker’s phone and trace his online footprint. Agents used software from digital forensics firm Cellebrite.

Tracking attacks can also mean focusing on communicating with the enemy, Mark Lance, GuidePoint Security VP of digital forensics and incident response and threat intelligence, told IT Brew. That’s how to get a sense of where to look: “A lot of times those breadcrumbs aren’t there, but by having them provide us a file tree, that’s something we can then turn over to the forensics workstream.”