Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireTechnologies & SolutionsSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Digital forensics technology can help support cyber investigations, incident response

By Harsh Behl
digital-forensics-freepik1170x658.jpg

Image by vectorjuice via Freepik

July 12, 2022

The need for digital forensic investigations is spiking both in law enforcement agencies and corporations, but there’s a dramatic shortage of qualified forensic investigators. It’s estimated that approximately 600,000 open positions remain unfilled, and that number is growing. But this widening gap between need and talent signals increasing risk for investigators. In 2021 businesses worldwide experienced a 50% spike in cyberattacks per week, all requiring immediate investigation and response; law enforcement agencies, meanwhile, are handling a constantly growing digital investigation workload, but a lack of qualified staff is hampering their efforts to bring criminals to justice.


The risk lies not just in overload and stress on investigation teams:  time is of the essence in forensic investigations. Corporations must initiate breach response, investigation and remediation as quickly as possible to avoid risks ranging from financial loss, consumer exposure and reputation damage to heavy regulatory penalties. In law enforcement agencies, budget constraints and a lack of experienced staff mean that non-technical reviewers are more frequently asked to prepare cases for review; this leads to time-consuming errors, backlogs and bottlenecks.


At some time or other, we’ve all complained that twenty-four hours a day are not enough. This is particularly true for investigative staff. 45% of all crime occurs between the hours of 7 p.m. and 7 a.m. Given that the ‘normal’ working hours are 8 to 6, the fact that crime tends to happen when everyone has gone home is a big problem for investigators. 


For their part, law enforcement agencies often plug the gap by hiring forensic lab sub-contractors to work till the small hours. Although this solution makes more cases ready for the examiner to review by morning, it’s an expensive option. The annual cost for a single subcontractor averages about $80,000. Imagine if you had to employ four or five: the extra half-million dollars or so per annum is a big budget hit. This cost rises further if the workers are permanent or receive additional benefits and in any case training and replacing these workers is an ongoing expense. What makes the cost even more painful is that preparing these cases for review is a monotonous task. Humans who are bored tend to get distracted and make mistakes, which can jeopardize the speed or even the overall success of an investigation.


For corporations who can’t fill the vital cybersecurity and forensic positions, the highest cost lies in timeliness: they can’t afford delays in responding to incidents or breaches. If, for example, they are hit by ransomware and need to do an urgent investigation, they must scramble to assemble the necessary resources to initiate a digital forensic investigation from wherever they can. It’s an expensive and risky strategy. Even with the right resources in place, writing scripts to connect their security infrastructure with platforms such as security orchestration, automation and response (SOAR) and security information and event management (SIEM) will create an unwelcome delay in response. It also opens the door to human error.


Despite this picture of gloom, there’s light on the horizon in the form of new technology. Digital forensic tools with automation capabilities are now becoming available; they have been created specifically to help with problems including costs, talent shortages, consistency and efficiency. 


Automation benefits law enforcement agencies by helping them improve their overall digital forensic lab efficiency. It doesn’t replace human workers; rather, it augments their work, frees individuals from monotonous, repetitive tasks, and provides them with time to make considered decisions and judgment calls. Instead of closing the door on an empty forensic lab when six o’clock strikes, agencies can set their automated processes to operate at any time of night, day, or any day of the year, even if — especially when — the office is unstaffed. The beauty of this new technology is that it incorporates checks and processes to ensure that decisions are in line with standard operating procedures and, crucially, does away with the danger of human error. The data made ready for examiners is error-free, which is a huge factor in speeding the investigation process: mistakes cost the entire force time and money and hurt the victim in terms of bringing criminals to justice. 


For corporations, automation accelerates incident response workflows and improves the speed at which corporate assets can be secured. One of the highlights of the newest technology is its ease of use: a graphical user interface enables even non-experts to be productive with minimal training. Instead of waiting for IT to write a script, they can use a drag and drop interface to create automation for any case type. 


This is not just a distant dream: new software is now being trialed that integrates with organizations’ cybersecurity platforms, case management systems, e-discovery applications, and other third-party software tools that have the ability to call a restful API. This integration can speed up the investigation, from collection to processing to review, and can reduce the risk and delay inherent in passing data between platforms. For example, corporate users can now automate tasks and workflows, such as triggering the platform to process any forensic image placed there or initiating a remote endpoint collection when the SIEM security tool detects a possible incident or breach.


Automating investigations and incident response is a problem that everyone wants solved. But all automation tools are not created equal. Many are coming onto the market but almost none can deliver the core benefits that corporations and agencies crave — reduced investigation time and a solution to the talent gap. 


The key questions digital forensics professionals need to ask when testing an automation tool are these. Does it have the right amount of features to do what’s needed — but not too much? Does it include a graphical interface that removes the need for writing scripts and allows non-experts to be productive? Does it allow you to automate regardless of your level of expertise? Organizations that are able to automate can transcend the problems of staff shortages, delays and costs in digital forensic investigations and be better able to focus on their core objectives.


KEYWORDS: cyber security data breach digital forensics ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Harsh Behl is Director of Product Management at Exterro. As the air traffic controller for product releases, Harsh partners with customers and prospects in the market to talk about their needs and pain points and has developed an in-depth knowledge of what the market is looking for from their digital forensics tools. Prior to joining AccessData, now Exterro, Harsh was on the front lines working as an evidence analyst and forensic investigator, forensic consultant and a technical engineer.

 

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Columns
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Red laptop

Cybersecurity leaders discuss Oracle’s second recent hack

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • digitalization

    How Cybersecurity Can Best Support the Digital Enterprise

    See More
  • Office space with gray walls and floors

    Optimizing cyber incident response: Avoid delays and unexpected costs

    See More
  • AI-safety-freepik1170x658v09.jpg

    Can AI help cyber-proof public safety systems?

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing