pixel_dreams - Fotolia

Rise of anti-forensics techniques requires response from digital investigators

The rise of cyber threats is putting a strain on those trying to combat the problem but as Nick Booth finds out if you have the right skills these could be lucrative times

Good news and bad news from the security industry. Bad news first: there’s a booming population of stealth cyber attackers, who can invade your IT infrastructure without leaving a trace. The good news: there’s a massive shortage of people who can deal with this.

Actually, that last bit is bad news for most people. But it’s an ill wind that blows enormous good to any digital forensics practitioners out there. They’ve got so much work on they can’t cope. So financially speaking, they’re partying like it’s 1999.

There are plenty of vacancies. So how do you join this exalted group?

One of the leading lights in this burgeoning sector is Alissa Torres, founder of Sibertor Forensics, is a veteran of the US Marine Corp. Having served her country, Torres’ tenacity and attention to detail were a massive asset in the IT security sector, where she quickly rose from help desks to handling up security for clients. 

A military background helps in security, as you are used to working long hours, patience and paying attention to detail. Tracking skills help too, because you need an instinct to tell when something isn’t right, even if it looks OK.  

Today’s cyber crims have mastered the art of leaving crime scenes without leaving a trace, thanks to new techniques using fileless malware that can hide out in volatile memory. 

“Attackers know how forensics investigators work and they are becoming increasingly more sophisticated at using methods that leave few traces behind – we are in an arms race where the key difference is training,” says Torres.

The security industry needs people who can see beyond what the standard investigation are capable of probing, says Torres. They need to be able to see patterns above and beyond whatever the data is telling them.

In my experience, that rules out 99 er cent of the IT and marketing professionals in Britain, who seem to need a Big Data analysis to tell them that it’s raining outside. 

Torres estimates that possibly 1 in 4  Digital Forensics and Incident Response (DFIR) professionals has the level of training to successfully analyse the new types of self-defence techniques that include more sophisticated rootkit and anti-memory analysis mechanisms.

Torres is lead author and instructor of the SANS FOR526: Memory Forensics In-Depth course which she will be teaching at the upcoming annual Digital Forensics and Incident Response (DFIR) Summit in Prague on October 5th.

“We’re training people to use their brains, not their tools,” says Torres. 

Well, good luck with that! Perhaps it might be a good idea to cast the need a bit further afield than the IT industry. The only people with any imagination seem to to be the criminals. If only there was some way of converting them.

Read more on Threat Management Solutions and Services