
China - Essential Knowledge on Revised "Anti-Espionage Law" Part 1
2023/ 7/ 28
What is email forensics?Explanation of forensic investigation methods, examples via e-mail, and cost image
2023/ 7/ 28For any company, cyberattacks such as unauthorized access and data falsification, information leaks by employees of the company, internal fraud such as fraudulent accounting, etc. are not a fire on the other side.Regardless of whether the cause is external or internal, when an incident involving digital data occurs, it is necessary to collect and analyze the data recorded on computers, servers, hard disks, etc. as evidence. It's called "computer forensics".In this article, I will explain the basic knowledge, necessity, process, etc.

What is computer forensics
A forensic investigation is a forensic investigation conducted when an incident such as internal fraud or information leakage occurs.In recent years, the use of data in the cloud and the spread of not only personal computers but also smartphones and tablets have led to an increase in forensic investigations targeting digital data and devices. It's called.
Computer Forensics and Digital Forensics
There is also an explanation that ``computer forensics is the investigation and analysis of computer data'', but this is not accurate.In forensic investigations, the term “computer forensics” is essentially synonymous with “digital forensics” and does not refer to investigations limited to computer devices (terminals).Here, we will refer to it as digital forensics (computer forensics).
By the way, forensic investigations targeting mobile devices such as smartphones are sometimes called mobile forensics, and those targeting networks are sometimes called network forensics.
Purpose and Necessity of Digital Forensics (Computer Forensics) Measures
Cyberattacks such as unauthorized access and data falsification, as well as fraudulent accounting and information leaks within the company, incidents related to digital data, both inside and outside the company, can happen at any time.
Therefore, "digital forensics (computer forensics)", which investigates the cause and evidence from the traces of access and restoration of damaged data, is very important.If it is a crime outside the company, it is necessary to find out what kind of cyberattack occurred, which computer had a vulnerability, and what kind of process and route the damage occurred.Similarly, in the case of crimes within the company, measures to prevent recurrence can be put in place by investigating the causes, such as when and how the information leak occurred, and for what purpose the employee of which department committed the fraud. By clarifying the whereabouts of the person, you can be prepared in case it develops into a lawsuit.
Digital forensics (computer forensics) investigation targets
The target of the investigation is not limited to computers, but also includes servers and recording media.This section introduces the main target devices and related equipment.
・Computer (personal computer)
First and foremost is the computer that I use for work.Any digital data can be covered, from documents such as papers to emails and chat messages.
·server
Computer forensics targets not only personal computers but also servers on which files are stored.
・External hard disk
External hard disks are also subject to investigation.Small portable HDDs, in particular, can handle a large amount of data even if they are compact.Care must be taken not to overlook it during the investigation.
・Removable media
Removable media are also subject to computer forensics.In particular, USB memory is a device that requires careful attention when investigating information leaks, as data can be taken out without being suspected.
Period and flow of digital forensics (computer forensics) investigation
The period of forensic investigation varies from several hours to several months, depending on the number of devices to be investigated, investigation items, investigation purpose, etc.
The research begins with an interview.After clarifying the purpose of the investigation, we started collecting and preserving the data, analyzed the collected data using a dedicated analysis tool, restored the deleted data, etc., and clarified the process and route of the damage. I will continue.Then create a report from the information obtained.
Digital forensics (computer forensics) investigation using AI technology
It can be said that the use of AI (artificial intelligence) is no longer essential in modern forensic investigations that handle huge amounts of data.By effectively utilizing the features of AI, which excels at processing large amounts of data, accuracy and speed can be dramatically increased.A small number of experts read a small number of sample files and let the AI learn the judgment criteria. A small number of people can sort various data in a short time.This not only makes investigations more efficient, but also improves accuracy by allowing experts to focus their resources.
Digital forensics (computer forensics) investigation can be handled quickly and accurately with our own AI "FRONTEO"
As a pioneer in forensic support services, FRONTEO has been involved in fraud investigations since its founding in 2003.We have an overwhelming track record of supporting more than 2,000 cases of fraud investigations, and FRONTEO supports forensic investigations in the "Third Party Committee", contributing to solving the problems of many companies with high reliability.
The self-developed AI engine "KIBIT" is a simple and high-performance algorithm that can be implemented early due to its small amount of training data, short introduction, and light calculation processing. Since the AI is developed in-house, it can be flexibly customized for systems and special data uniquely constructed by each company.If you are a company considering a forensic investigation, please contact FRONTEO once.