By Carolyn Casey
NEW BREED OF DIGITAL INVESTIGATORS EMERGES IN CORPORATIONS
During a recent webinar, we had a great conversation with three experts about the new breed of data hunters emerging in IT and InfoSec groups inside corporations. The webinar conversation touched on how internal investigations, e-discovery and cyber breach incident response approaches have evolved, what is driving the changes, and how the data finders’ roles and skills have adapted to the new environment.
SHEER SIZE OF DATA HUNT
Top of mind for all three data hunters was the sheer size of the data that must be found and analyzed. Finding the relevant data and quickly getting it to legal, human resources, compliance or audit to make decisions on the situation is everything. Mobile device and computer storage capacity has become ginormous, leaving vast amounts of information for investigators to mine. “The data is 20x what it used to be,” said John Wilson of eDiscovery Squared. Data hunters must be able to use technology to identify sources across the network and collect the data while preserving vital system and item metadata for forensic analysis and evidence integrity. Investigators must also be able to filter at the time of collection and during analysis to focus precious time and resources on core facts hidden in the morass of data volumes.
Imagine what digital investigators face when you consider:
- Smartphones can hold 64 to 500 GBs of data
- Average laptop hard drive has 500GB to 1TB of data
- Average desktop hard drive houses 1 TB of data
- Users typically receive 43,000 emails per year
- Text message data can involve 30,000 texts per year, per users
DATA SOURCES GET COMPLICATED
“Gone are the days where we can simply take and image a hard drive and be done,” commented John Grim from the Verizon RISK team. Data hunters nowadays must collect off live, multiple servers, not dead boxes. They must comb through multiple repositories for data, including cloud apps and content management systems. The new breed must be proficient in using tools to collect in this live environment. They need to know how to collect from multiple device types and multiple operating systems. Identifying malware in a data set or in an incident response investigation is also part of the role now, as is collecting from remote locations with today’s mobile workforce.
TRIBAL COMMUNICATIONS & COLLABORATION
The tribe is expansive in today’s digital investigations. Departments from all over the organization want to find files and information. It’s not just legal anymore. Human resources, compliance, audit and corporate communications frequently request information and data collection for investigations. “Communicating has been a problem for a lot of groups because there’s a lack of experience in this shift from dead box to live box investigations,” commented Jason Britton of iHeartMedia. Data hunters need to know what is expected from the investigative work of each different group. The groups need to communicate with the investigator throughout the collection, and get an early look at the data. Communicating and collaborating with vendors that house data you need, or that come in to help with the investigation, is also key.
Ten years ago, sharing the investigative findings was much simpler. Printing out an investigative report on paper worked. Today, investigators struggle to figure out how to push an entire report and timeline to their stakeholders’ review platform. Increasingly, teams like HR and compliance are starting to use
e-discovery technology to slice and dice the data. The volume is just too big to not use analytics to see information on the data set, social interaction in email patterns—tools commonly found in e-discovery technology.
WATCH WEBINAR ON TRAINS, PLANES OR BUSES
We are all mobile workers looking for something to break the monotony of long commutes and travel. You can listen to the webinar here, and check out the three case studies presented at your convenience. The case studies offer an anatomy of what works and doesn’t work in post- breach incident response, employee IP theft and e-discovery digital investigations.
Why not pick up perspective and practical insights while rolling along to your next destination?