Using Digital Forensics to Safeguard Company Data against Foreign Intrusions

There’s no question that the world of business is more globalized than ever before. Whether you’re looking at the largest enterprises or the smallest start-ups, it’s vanishingly rare to encounter a modern company that doesn’t engage in some form of international trade. But no matter how easy it is to communicate with a colleague or client from the other side of the planet, sometimes an email or a video chat just doesn’t cut it. Some things can only be accomplished in person, meaning that for many of today’s busy executives, international travel isn’t just a part of the job—it’s a way of life. 

Like all of us, these executives probably take plenty of sensible precautions when they’re “on the road.” They might put a lock on their luggage to discourage thieves, or soothe anxieties about illness by stocking up on bottles of hand sanitizer. Unfortunately, executives are rarely as careful when it comes to protecting their devices, and the proprietary company data that those devices are used to access. For travelers who are unaware of the risks, it’s all too easy to expose one’s device or even an entire IT network to malware or other data breach attempts, simply by connecting to the wrong overseas wireless network or cloud services provider. 

Businesses need to create and enforce comprehensive corporate policies around employee travel, particularly international travel, if they wish to keep sensitive data and devices from being compromised during their journeys. These policies might include strict rules prohibiting use of personal devices, required usage of two-factor authentication or biometric security, and more. However, on their own, no corporate policies will be sufficient to protect your employees from foreign intruders under every possible circumstance. That’s where digital forensics technology can make a difference. 

Before-and-After Device Analysis

The effort to protect your employees’ devices from foreign intrusion should start before any travel takes place—both in terms of the implementation of effective security policies, and in terms of forensics analysis. With Oxygen Forensic® Detective, our customers can extract all of a device’s essential data, creating a detailed snapshot of the device before it goes overseas. This establishes a baseline standard before the trip that gives the IT team a clear view of what the device should look like, what data should be stored in it, and what processes should be taking place behind the scenes. 

Once the employee returns with their device, that extraction process is performed once again, and the before-and-after device “snapshots” are compared. By analyzing the delta between what the device looked like before and after making its way overseas, your team can easily determine whether the device was tampered with or compromised in some way. 

What to Look For

Bad actors can use any number of sneaky methods for breaching and tampering with a device, so it’s important to leave no stone unturned when determining whether an intrusion has occurred. Log files—small, auto-generated files that contain records of events from certain software and operating system processes—are often the best place to look for clues. Your team can examine log files to see whether the data being trafficked to or from the device has changed in any way. 

There are other questions to consider as well. Were any noteworthy network packets being sent out through the computer’s IP address while it was connected to a particular wifi network? Is the device sending out data without the employee’s knowledge? Have device settings been changed in any peculiar or notable ways? Is the device’s battery draining faster than usual? All of these can be signs that intrusion has occurred. 

What Happens When You Find Something?

If, after conducting your analysis, you determine that your employee’s device has been compromised, it’s important to escalate the issue to the appropriate authorities. This means that your IT or security team will likely need to interface with law enforcement, and should be ready to share all data relevant to the intrusion. (Notably, if the device intrusion occurred in another country, then your team will likely need to take the issue to the federal level.) From there, investigators will look to answer key questions around the nature of the intrusion. They’ll want to determine the endpoint for any data being sent from the device, and will also aim to trace the relevant IP address. If the intrusion seems to be a result of corporate espionage, then the investigation automatically becomes a federal issue. 

Are you interested in learning more about how digital forensics software can help safeguard your company data against foreign intrusion, and whether Oxygen Forensic® Detective is the right solution for you? Click here for more information, and be sure to follow us on Twitter @oxygenforensic

Leave a Reply

Your email address will not be published. Required fields are marked *