Digital Detectives Fight Cybercrime

Learn more about our cybersecurity capabilities.

by Jim Battey

The constant threat of network intrusions makes an already challenging job for technology managers even more difficult. CSC’s Digital Investigative Services (DIS) is a valuable resource for those looking to identify threats and mitigate network intrusions, as well as investigate other crimes facilitated by technology such as intellectual property theft or harassing emails.

Investigating network incidents such as malware attacks is just one of many services offered by the DIS team. We also provide digital forensic analysis and litigation support services, along with data recovery, data collection, and electronic discovery. When an incident occurs, our experienced security professionals respond quickly to analyze and contain the problem, and work closely with network managers to develop a strategy for remediation.

Persistent threats

Valuable data in corporate information systems has become a target of choice for malicious individuals and groups around the globe. With a large increase in network intrusions taking place, the need for digital forensic and investigative services has grown significantly. No enterprise network is completely immune from intrusion. In recent years, companies have had to deal with advanced persistent threats, or APTs, that are continuous attacks directed at companies or governments intended to compromise networks and infiltrate data. Increasingly, APTs are being used by hackers for criminal purposes such as accessing classified information and disrupting businesses.

Stephen Lewis, manager of CSC’s DIS team, says APTs are a big thorn in the side of network managers. “It’s a growing problem. Attackers are getting into corporate networks and trying to extract data out of the network. We come in and help identify the threats and provide recommendations for remediation.”

For example, to analyze a malware attack, the DIS team examines the malicious code to assess its behavior and intended actions. Then, we attempt to identify its geographic origin and those involved in its creation. If needed, we can execute the malicious code in a controlled setting to determine its effects. Finally, we provide strategies to help our clients deal with the attack.

In a recent case, we were asked to help a company that was concerned that their network had been infiltrated after detecting anomalies on several computers. The DIS team took images of the affected computers, and after analyzing them, determined the type of malware that was used and what damage it had inflicted on the system. “Based on our investigation, we offered suggestions on how to remediate the damage as well as what steps they could take to secure their network from future attacks,” Lewis says. “We can identify all the compromised machines with a relatively high degree of confidence and stop the attackers’ ability to move within a network.”

A constant battle

Digital forensics is defined as the investigation and analysis for recovering, authenticating, and analyzing electronic data to reconstruct events related to security incidents. CSC’s DIS helps companies investigate computer security incidents and maintain compliance with legal requirements or regulatory agencies.

Investigative work is performed either at the client’s site or at our computer forensic laboratory. By working collaboratively with our information security professionals, we can identify the components necessary to develop a solution that can be integrated with a company’s existing security architecture.

Legal and HR support

In the area of litigation support, the DIS team uses legally accepted investigative methodologies and procedures that are supportable and repeatable. The digital forensics process involves a chain of custody that includes the collection, preservation, and analysis of data, while we create extensive supporting documentation that can be used in court. Lewis says, “After reams of information are recovered in the forensics investigation, our experts are able to narrow it down to a relatively small amount of data that can be used by lawyers at trial in practical and effective ways.”

The DIS team also gets involved in human resources-related investigations. For example, if employee misconduct is suspected or a corporate policy is violated, the team can assess and document what violations occurred. This includes investigations of intellectual property theft, unauthorized access to classified data, and computer misuse. Lewis says dealing with the bad guys remains a constant battle. “It’s a cat-and-mouse game. Anytime you find a way to stop one attack, they find a different way to come at you. You take what you learn and try to strengthen your network to prevent something like that from happening again. The key is finding a solution that is intelligent enough to not only stop what you know about, but also stop what you don’t know.”

Jim Battey is a writer for CSC’s corporate office.