How often do we presume we ‘got it right just because nothing is glaringly wrong’, and is that good enough? Here’s what made me ask myself those questions. A good friend of mine had a busy week in the newspapers, perhaps a minor celebrity but he also had a good story at the right time. Four separate journalists incorrectly spelled his surname name in one week and he wasn’t the least upset by it. Maybe it’s my training to look for errors and inconsistencies but I was embarrassed for him. This wasn’t a malicious act by the journalists; there’s no gain and no real threat, but it does signify something to me. Good isn’t good enough. Now this wasn’t a simple repeated error with an ‘N’ instead of an ‘M’ in his surname, but separately different and clearly wrong mistakes. Not only does he have his name on his uniform but in this day and age, why not verify the spelling online? It isn’t hard to validate someone’s name against their socials. Isn’t journalism about providing accurate, timely information anymore? Getting inaccurate information out quickly to appease the masses doesn’t seem like best practice. Even good coffee baristas work to get your name right when you order a coffee.
Mistakes do happen but in the world of digital forensics, our job is to look for the menacing code threat actors want us to miss. Or overlook that piece of evidence that shows theft of intellectual property. Unfortunately, phishing attacks are quite common now. Businesses with apathetic attitudes are easy prey for threat actors that can cripple operations. We’re seeing disruptions at government agencies, critical infrastructure, academic institutions that teach computer programming, and right down to small private companies that rely on inexperienced online content providers. If you have your head buried in the sand, you may still believe that most threats are naturally occurring in the cyber space. It makes me sick how many companies talk about this as the new normal. Getting hacked isn’t the new normal. Not having the proper defenses in place is.
[embedded content]
For more information about FOR308: Digital Forensics Essentials click HERE
Check the headlines about how recently a ransomware operator apologized for allowing their product to disrupt life by risking communication at a children’s hospital. Honestly, I think we can still believe there is good out there. I don’t think I know anyone who hasn’t personally received a threat from a ‘government agency’ that if triggered leads to embarrassment and resentment. I take that phone call all the time from every age and every level of education. Fear and opportunity work when it comes to phishing attacks. Malicious activity is becoming more sophisticated and any sort of attack preys on our emotions. I’ve been guilty of searching for a malicious line of text as though it’s the likely culprit, but there could be multiple issues occurring. With good practice you learn an easy win in digital forensics may mean you didn’t finish looking at all the threats. It’s fine to follow a flow chart to look for repeated threats but you can’t rely on a static procedure. Stay dynamic in your approach to investigation and continue to evolve. This way you don’t let the fear of attack build up; you’re prepared. Threat actors may provide the glaring mistake to try to take your attention off the planned intent. Constant awareness is the diligence that becomes personal experience.
So, the next time you catch a spelling error, evaluate how impactful the error is and perhaps smile and pat yourself on the back. Locating errors may be the catalyst that leads you down the path of joining or expanding your role in the world of digital forensics. You never know when errors may pop up. Delve into the experience. Keep thinking DFIRently.
