The use of forensic analysis in the corporate environment
We associate forensic analysis mainly with investigations whose results may be applicable in court. In a corporate environment, it can provide the basis for subsequent legal processes (e.g., dismissal of an employee, lawsuit), but it is also relevant in incident investigations. The applications are wide-ranging - from identifying the point (and time) of compromise of a corporate network, what caused it, to investigating the leakage of protected corporate know-how.
In this paper, I explain the basic definition and processes of forensic analysis, with a heavy emphasis on use in a corporate environment. I will mention what are the recommendations and limitations in its use depending on the desired objective. Later, the focus will be on the Windows OS and show some of the capabilities that this operating system provides. Finally, we will show some examples of anti-forensic techniques that can complicate our investigations and how to deal with them.
Peter Pištek
is an information security researcher focusing on forensics, phishing, and anomaly detection in high-speed computer networks.
He was educated at the Slovak University of Technology in Bratislava, where after completing his PhD he worked as a researcher, lecturer, and vice dean. Since 2020, he has been working at the Kempelen Institute for Intelligent Technologies as a Senior Researcher, where he focuses on information security.
He actively leads and works on innovative industrial projects in cooperation with companies. He is co-author of more than 15 publications of international quality and co-author of the book "Fundamentals of Cyber and Information Security". He is currently the investigator of 2 European projects.