Government agencies at the federal, state and local level are targeted daily by cyber criminals with a variety of motives and levels of sophistication. The Heritage Foundation recently issued a report that documented the most troubling cyber attacks on federal agencies in 2017, including incidents involving administrative agencies such as the FDIC, the SEC and the IRS — as well as national defense agencies such as the U.S. Armed Forces, the CIA and the NSA.
State and local government agencies may be under even more aggressive attack right now. As many as a dozen Connecticut state agencies were hit by the WannaCry virus in February of this year, the Colorado Department of Transportation was forced to shut down 2,000 computers this spring in response to the SamSam ransomware and the Emotet Trojan malware attack has already taken a toll in 2018 on municipalities from Allentown, Penn. to Savannah, Ga.
With the threat of cyber crime and data breaches accelerating, it’s more important than ever that government agencies improve their efficiency in conducting digital forensics investigations. It’s vital to identify the source of the incident as quickly as possible, collect all of the relevant digital data and then sort through those electronic records to pinpoint the information that needs to be passed along to law enforcement professionals. One key way that government agencies are achieving this improved efficiency is by enhancing collaboration with a new approach to forensic investigations.
The challenge is that government agencies are struggling to manage a backlog of computers and other devices waiting for examination. Unfortunately, by the time those devices are examined, it’s often too late to follow many of the leads that are produced. Moreover, digital forensics examiners are fighting a tough battle to locate the needles amid the haystacks. Since the amount of cases coming in is increasing and the amount of data to review and analyze is growing, most organizations have created a system to prioritize cases. The case may be placed into a queue and cannot be reviewed in a timely manner for the case investigator to move forward.
The time has come to rethink this old model for how government agencies conduct forensic investigations and find a way to leverage emerging technology tools so examiners and investigators can better work together in the interests of both justice and efficiency. This new collaborative workflow now being employed by leading-edge agencies is focused on the objectives of keeping the forensic specialist free for technical analysis processes and allowing the review teams who have the case knowledge to invest their time on conducting more effective reviews.
The good news is that state-of-the-art technology to achieve this goal is here now. Digital forensics software tools are available that help government agencies break down the old silos and facilitate collaboration between forensic examiners and digital investigators. These systems allow multiple examiners and reviewers to work on the same case—regardless of their location—and enables the team members to work together in an efficient, seamless way. This collaborative analysis streamlines the investigative process, facilitating a more productive workflow and reducing case backlog.
The hurdles of digital forensic investigations are fierce. But luckily there are advanced forensics software solutions available to empower investigators and forensics labs of all sizes to transform their work environments.
Keith Lockhart was recently interviewed by Federal News Radio Radio as part of Carahsoft’s “Innovation in Government” series. Listen to the audio and learn more about changing workflows and increased efficiencies in forensic investigations conducted by government agencies. For more information about new software tools that can help improve efficiency and collaboration in your forensic investigations, please visit www.quincforensics.com.