While digital forensics is becoming increasingly prominent in handling security and company policy breaches, it demands strict legal compliance, said Danny Myburgh, Cyanre MD, at ITWeb Security Summit 2015, in Midrand.
Digital forensics is the process of finding and interpreting electronic data for legal use, the goal being to preserve any evidence in its most original form while performing a structured investigation to reconstruct a past event, Myburgh explained.
While IT professionals can use digital forensics techniques to investigate breaches of security or company policy, there are rigorous legal protocols which need to be followed in these processes, he warned.
Failing to follow legal procedures correctly could negatively affect the investigation’s judicial validity, Myburgh continued.
For example, examining employees’ communications or hardware could violate their right to privacy unless they have given written or verbal consent to surveillance, he noted.
Over the last decade, South African police have realised digital forensics can reveal information about a vast array of crimes, and is not only relevant in cyber crime investigations, said Myburgh.
For example, the investigation into the Marikana Massacre saw digital forensics practitioners examining a number of electronic devices such as CCTV cameras and the mobile phones of police and journalists, he said.