Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Applying forensic engineering to cyber security incidents
Cyber Security: A Peer-Reviewed Journal,
8
(3),
214-221
(2025)
Abstract
Cyber security incidents are becoming increasingly common, and society is demanding accountability for failures that lead to them. Traditional incident response focuses on containment and recovery, but it often overlooks the root cause and potential liability. This paper proposes applying forensic engineering to cyber security incidents to investigate flaws in systems and hold organisations responsible for negligence. Cyber security structures and systems should be held to the same standards of accountability as physical structures, and forensic engineering can identify flaws in cyber security systems and determine if negligence was involved, especially where there are appropriate laws and regulation to do this. This approach promotes a sense of justice and incentivises organisations to invest in stronger cyber security measures.
Keywords: forensic engineering; cyber security incident; cyber security liability
The full article is available to subscribers to the journal.
Author's Biography
Jason Jordaan is a 30-year veteran in the field of digital forensics with extensive experience as an expert witness in this field. In addition to being the Principal Forensic Analyst for DFIRLABS, he is also a principal instructor for the SANS Institute, where he teaches digital forensics worldwide, and an assessor for the Netherlands Register of Court Expert. He has a MSc degree cum laude in computer science, a MTech degree in forensic investigation, a BComHons degree in information systems, a BSc degree summa cum laude in criminal justice computer science and a BTech degree in policing. He is a member of several professional bodies, including the Chartered Society for Forensic Science in the UK, and holds several digital forensics certifications, including Certified Forensic Computer Examiner (CFCE), Global Information Assurance Certification (GIAC), Certified Forensic Examiner (GCFE), GIAC Certified Forensic Analyst (GCFA), GIAC Certified Incident Handler (GCIH) and GIAC Battlefield Forensics and Acquisition (GBFA).
