Cybersecurity Fundamentals and Digital Forensic Techniques

Posted on May 23, 2026 in Architecture

Origins and Importance of Cybersecurity

The Original Purpose of ARPANET

The original purpose of ARPANET was to enable secure and reliable communication between military and research institutions and allow resource sharing among connected computers.

Cybersecurity for Critical Infrastructure

Cybersecurity protects essential sectors like energy, healthcare, transportation, and finance from cyberattacks that could disrupt services, threaten public safety, and cause economic damage.

Three Key Benefits of Cybersecurity

  1. Protects sensitive data and privacy.
  2. Prevents financial and operational losses.
  3. Maintains trust and ensures business continuity.

Understanding Cybercrime and Threats

Cybercrime vs. Traditional Crime

Cybercrime is conducted digitally, can be executed remotely across borders, often allows anonymity, and can impact many victims quickly compared to traditional crime.

The Danger of Insider Threats

Insiders already have authorized access to systems and data, making it easier to misuse information or bypass security controls.

Malware Risks in Cracked Software

When an employee downloads cracked software and data is stolen, the software likely contained malware such as a Trojan or spyware that created a backdoor, allowing attackers to access and steal company data.

Legal Frameworks and Global Standards

GDPR and Individual Privacy Rights

The GDPR mainly aims to ensure the protection of personal data and privacy rights, giving individuals greater control over their information.

Global Cybersecurity Index (GCI)

The International Telecommunication Union (ITU) is the international organization that releases the GCI.

UAE Cybercrime Legislation

The UAE Federal Decree-Law No. 34 of 2021 on Combatting Rumors and Cybercrimes is the law that stops false information and criminalizes cybercrime.

Core Concepts and Definitions

Data vs. Information

Data consists of raw facts, while information is processed and meaningful.

The Main Function of the Internet

The main function of the Internet is connecting computers and networks globally.

Key Features of Cybercrime

A key feature of cybercrime is that it specifically targets digital information.

Technical Attacks and Defense

DoS vs. DDoS Attacks

A DDoS attack is distributed across many devices to generate illegitimate requests, while a DoS attack originates from a single source.

Malware: Worms and Ransomware

A Worm is a malware type that spreads across networks without human action. Ransomware usually encrypts data and blocks access until payment is made during an attack.

Social Engineering Tactics

Social engineering usually tricks victims by exploiting human trust.

The CIA Triad in Practice

A correct application of the Confidentiality, Integrity, and Availability (CIA) principles involves encrypting data, preventing unauthorized changes, and ensuring systems work when needed.

Trojan Horses Explained

A malicious program that appears to be a legitimate or useful application but actually performs harmful actions in the background is called a Trojan Horse.

Digital Forensics and Incident Response

Post-Attack Investigation and Traces

Digital forensic investigators mainly look for digital traces and logs after an attack. While attackers often leave traces, they can hide or delete them, making detection difficult.

The Importance of Post-Incident Analysis

The inability to understand an attack is often more dangerous than the attack itself because the problem may recur if the root cause is not identified.

First Steps for Digital Investigators

When encountering a compromised device, a digital investigator’s first priority is protecting evidence and stopping further damage.

CSIRT Roles and Responsibilities

The Computer Security Incident Response Team (CSIRT) consists of:

  • Security Analyst
  • Incident Responder
  • Digital Forensic Specialist
  • Legal Advisor
  • Communications/PR Manager

SANS Incident Response Methodology

The SANS Institute developed one of the most widely recognized global frameworks for incident response. The methodology includes:

  1. Preparation
  2. Identification
  3. Containment
  4. Eradication
  5. Recovery
  6. Lessons Learned

Digital Evidence Preservation

  • Preserve Evidence Integrity
  • Capture Volatile Data First
  • Maintain Proper Documentation

Post-Incident Review Process

  • Root Cause Analysis
  • Response Evaluation
  • Improvement Actions

Defining Digital Forensics

Digital Forensics is a specialized branch of forensic science that involves the identification, preservation, extraction, and documentation of digital evidence.

Types of Digital Investigations

  • Public Investigation
  • Private Investigation

Legal Elements of Cybercrime

The elements of cybercrime include the Legal Element, Material Element, and Mental Element.

Volatile vs. Non-Volatile Evidence

  • Volatile Data Analysis: Focuses on RAM.
  • Non-Volatile Data Analysis: Focuses on storage media.

The Digital Forensics Laboratory

The lab is a highly secure and controlled environment designed to ensure the integrity of every piece of evidence.

Digital Forensic Investigation Tools

Commercial Tools: EnCase, Cellebrite, Oxygen Forensics, and FTK.
Open Source Tools: Autopsy and Wireshark.

Forensic Reporting and Documentation

  • Link evidence to hardware and protect with hashing.
  • Build a timeline and fix the time zone.
  • Name your tools and explain your steps.
  • Distinguish facts from opinions.
  • Show hidden details (metadata).
  • Write a simple summary and maintain the chain of custody.