Sometimes the concepts of Forensic Analysis and Security Audit are confused, as they both conduct an in-depth investigation and analysis of an organization's internal security documents and procedures. However, these concepts are not synonymous and there are several differences that we will present in the article “What is the difference between Forensic Analysis and Security Audit?”.
Forensic Analysis consists of collecting, preserving, and analyzing digital traces, which are found in different storage and communication processing devices.
The main objective of this procedure is to carry out a retrospective reconstruction of the events, scientifically supported, to be able to answer the questions: Who? Like? When? At where? it's because? performed certain actions in the organization's assets. In addition, the Forensic Analysis Service provides CIS Forensics and Malware analysis which are conducted to better understand security threats, to support the understanding, mitigation, and remediation of incidents.
The Forensic Analysis service is comprised of the provision of resources to perform online (OCF) and autonomous (SCF) computer forensic analysis and expertise for incident management; and malware analysis by providing capabilities to perform technical analysis on suspicious operating systems, code, and applications to identify any malicious content. Sharing technical characteristics of malware within a trusted community, either on an ad hoc basis or through dedicated platforms.
Findings are entered into a report that will be presented in the judicial evidence-building process and can exonerate or blame the suspect.
A Security Audit guides and supports an organization's security accreditation and re-accreditation activities. It is based on the preparation, implementation, and verification of documents and processes necessary for security accreditation under ISO27K standards.
A Security Audit is composed of the following elements:
In short, the Forensic Analysis service is characterized by reconstructing an event to gather evidence and fulfill a purpose. A Security Audit analysis supports the implementation and checks procedures and documentation, to accredit the organization based on the standards required by the ISO27K standard.