No matter what security precautions you take to prevent data breaches or digital crime, incidents can still occur. If you believe there has been a breach into your computer or system, here are the steps you should take.
If you suspect your computer contains evidence that digital forensics experts can use in an investigation, stop using the device immediately. Evidence of the incident needs to be preserved in its original state, and any user might tamper with or damage the evidence. Something as simple as opening a file can change it, and evidence altered from its original state may be deemed inadmissible in court. Make sure to unplug the computer from the network connection (LAN or WiFi) so the contamination doesn’t spread. Additionally, do not attempt to turn on the device if it is powered off or turn off the device if it is powered on.
Though you may think your internal IT staff should conduct a preliminary investigation, it is better to wait and have a trained digital forensics team, like the team here at Liberty Business Associates, handle the investigation from the beginning. You should also keep a log detailing who had access to the suspected computer, who has been on the device, and where the device has been located since the dates in question.
Following these steps will help you respond better to an incident and give you the best chance of a successful investigation. Your entire team should be trained in responding to computer security incidents, and once they have completed these steps, including those listed above, the digital forensics experts at Liberty Business Associates can help you find the evidence and answers to your case.