Cyber Security and Digital Forensics: Two Sides of the Same Coin

Information Technology

There is a running joke at Champlain College between the Cyber Security and the Digital Forensics majors that the Cyber Security major’s job is to secure down systems and prevent hackers from gaining access while the Digital Forensics majors have the job of figuring out exactly what happened when the other failed. While a bit simplified, this view is not entirely wrong. Security and forensics are so closely related that without one the other would be non-existent. It is important to understand the similarities in each field, not just in their goals and work, but also in their way of thinking.

The LCDI hires students from all majors and backgrounds despite it being a forensics facility. This is because, like most work places, there are many different tasks that need to be done by different types of experts. In the digital world, security experts and forensics experts may do different tasks, but they lean on each other for support. According to the Merriam Webster dictionary, security is defined as “the state of being protected or safe from harm” while forensics is defined as “relating to the use of scientific knowledge or methods in solving crimes.” In almost all security breaches,  a crime has also been committed, and at this point, security and forensics join together to become one crime fighting team.  Forensics experts must rely on the work of security experts in order to make their job as easy as possible. While it may be nearly impossible to completely secure a system, it is the job of the security professional to ensure that he or she is keeping accurate logs of all access. When a security expert does his or her job correctly, a forensics expert can then do his or her job even more effectively and efficiently.

Security experts and digital forensics experts are alike in more ways than one. Not only are their jobs extremely dependent on one another, the two must also share a similar mind-set. The goal of both security professionals and digital forensics professionals is to stop criminal activity. In order to do this, both parties must have the unique ability to think like a criminal. In the case of the security expert, thinking like a criminal will allow him or her to anticipate possible digital attacks. This gives the expert the ability to predict what attack vectors a hacker or criminal may use, and exactly what needs to be done to prevent an attack. Of course, not all attacks can be prevented and this is where being able to predict attack vectors become particularly useful. Should a security expert know that they have an internet-facing service, they have the ability to ensure that service is being extensively logged. Unfortunately, attacks and intrusions do happen and this is where a forensic expert must be able to also think like a criminal. The ability to take on the mind-set of a criminal allows a forensic expert to better investigate an event. By placing themselves in the shoes of a criminal, an investigator can better understand the motives behind a crime and even begin to rebuild the events that may have taken place. This ability to think like a criminal, combined with each expert’s unique technical skills and tools, links security professionals and forensics experts together.

The digital world is not so different from the real world in many ways. Both worlds have people in it who wish to do others harm. Whether it is for personal gain, monetary gain, or simply revenge, there is always a high risk of crime. Fortunately, cyber security experts and digital forensics experts have the ability to prevent criminal activity in the cyber world. While each group has very different skill sets and individual jobs, both share a common goal of protecting people and their assets. When it comes to the case of cyber security and digital forensics, they truly are two sides  of the same coin.

-Hunter Gregal

More Learn
Optimize Your Computer With Our Spring Cleaning Checklist
Cookies: To Eat- Or Not To Eat?
The Beginner’s Guide to Cybersecurity