Detecting the details in data

IT forensics is gaining more attention from organisations in the region

Tags: AccessData Group LLC ( ( risk complianceIT forensicsManageEngineSANS Institute ( Micro Incorporated
  • E-Mail
Detecting the details in data IT forensics is the discipline of finding and presenting evidence, in a legally acceptable form, from digital data and information.
By  Keri Allan Published  July 17, 2014

IT forensics, the process of collecting data and analysing as part of a legally admissible investigation, is a relatively new science, but one that is gaining some attention in the Middle East. It is being used for criminal investigations, domestic cases and corporate internal investigation, often looking into fraud, corruption and regulatory breaches. The work involved may range from forensic data collections in support of email and document reviews for evidence to more serious investigations involving user analysis, such as document access, deletion/wiping analysis, Internet activity recovery, and much more.

“With cyber threats looming large, it’s absolutely essential to track what users are doing with their privileged access,” explains V Valasubramanian, Marketing Manager (IT Security) at ManageEngine. “When something goes wrong, records on who did what serve as forensic records and help fix accountability issues.”

A number of major organisations that provide forensic services have evaluated the security landscape in the Middle East and as a consequence have realised that there is a big opportunity to provide services in the region.

“For example, McAfee has opened a cyber defence centre in the region and Dell has moved its solution centre to Dubai,” says Paul Wright, Manager of Professional Services and Investigation Team, Middle East, India and Africa, AccessData.

Many other organisations have followed suit, including FireEye, which is launching a forensic lab in the UAE, focusing on targeted attacks.

“We have also seen educational institutions investing in research and development of computer forensics,” adds Ravi Patil, Technical Director, MMEA – Trend Micro. “However customers in the region rely on companies and resources in the west for the best of breed experienced forensics experts,” he adds.

Jess Garcia, Principal Instructor, SANS Institute, highlights that digital forensics and incident response services are typically classified as either proactive or reactive.

“Proactive services help organisations get ready for the worst by putting in place forensic readiness processes, capabilities, functions, labs etc. Reactive services help organisations address an incident when it has already happened, to answer questions and limit the impact of the incident by trying to stop it before it’s too late, or at least determining its scope so it can be properly eradicated. There are indeed several good companies that offer such services in the region,” he notes.

So the solutions are on offer, but who are the customers? It appears that more and more organisations across the Middle East are ready to collect and use digital evidence for intelligence purposes, civil and criminal prosecutions and even as a deterrent. One of the growing areas appears to be the financial industry, with forensic capabilities growing as financial institutions strengthen their governance, risk and compliance practices. But the largest sector investing in IT forensics appears to be governments.

“IT forensics in the Middle East is more often adopted by government sectors; however, most of the governmental institutions have in-house teams allotted to work on this. Also, maturity levels vary from one country to another within the local region,” says Sherif El Nabawi, Director, Security Consulting Services — META; MANDIANT, FireEye. “In the Middle East, countries have now started investing in IT forensics. For instance, Qatar law enforcement of national infrastructure (oil and gas sector) needs to have strict forensic operations. Hence, the Middle East has now started catching up to the international trend due to the increased activity by the Syrian Electronic Army and Iranian Hackers,” he adds.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code