Illusive Blog December 8, 2015

CSI: Cyber | Real Professionals Bash The Unrealistic Plot

By The Illusive Networks team

cyber_securityThis past summer, Mr. Robot made its television debut to rave reviews from the cyber security community for its technical accuracy. Yet, there was another cyber security show that debuted earlier in 2015—CSI: Cyber.

Unfortunately for executives at CBS, the fourth installment of the CSI franchise has been bashed by cyber security professionals. Chester Wisniewski of Sophos went so far as to say the show is “technically impossible and frankly ridiculous.”

For all of its technical inaccuracy, there’s one thing we can take away from the show—a growing need for cyber incident response and forensics.

Cyber Forensics: The First Step in the Response Process

Despite the unrealistic plotlines in CSI: Cyber, one thing stands true—the need to track the activities of cyber criminals and bring them to justice.

Cyber forensics are an essential part of any security strategy. Without a solution in place, companies have no real idea of what the criminals in their network can actually accomplish.

In a nutshell, cyber forensics goes beyond simple incident identification, and aims to understand the inner workings of cyber criminals.

Digital forensics teams collect evidence from cyber crime scenes, extract and identify this data, analyze the evidence and submit it to the court – but how do they do all of this?

Here are a few of the types of tools that every cyber forensics team needs in its arsenal:

  • Data Recovery: Used by forensics teams to extract evidence from damaged hardware and computer systems.

  • File Analysis: Once evidence is extracted, these tools dig deeper into source code to identify any malicious data.

  • Document Metadata Extraction: Source code isn’t all you have to worry about. Metadata from embedded pictures, plain text and objects can contain threats.

  • Memory Imaging: When data is extracted from damaged systems, it must be recreated for analysis. Memory imaging tools provide bit-by-bit copies from memory.

  • Memory Analysis: This lets you analyze the running programs, operating systems and other software components copied by memory imaging tools.

  • Network Forensics: Cyber attackers move laterally throughout your network until they capture what they’re looking for. Network forensic tools can analyze data that travels throughout your network.

  • Log File Analysis: Your computers keep track of operating system and application activities, and these records can tell you quite a lot about a data breach.


There are a number of available tools (free and for purchase) in each forensics category. However, many teams use a comprehensive system to cover their digital forensics needs.

Regardless of how you get the job done, these categories are essential to investigating your cyber crime scene. Just because you aren’t an FBI investigator doesn’t mean you don’t need this kind of intelligence – it can be used to improve your cyber defenses in the future.

Understanding how attackers made their way into your infrastructure not only highlights your vulnerabilities, but also gives you the opportunity to bolster security systems to thwart impending attacks.

The Importance of a Solid Cyber Incident Response Plan

Unlike the agents on CSI Cyber, when a security incident occurs at your company, your first step will be to determine its impact on customers and corporate IP assets. Developing a strong cyber incident response plan is critical to mitigating loss of reputation.

Here are the 4 essential steps for creating a cyber incident response plan:

  1. Identify the Extent of the Incident: Your first objective is to actually detect the breach and determine the magnitude of the violation. With 70% of attacks going undetected, it’s clear that this is easier said than done. With the right security applications and strategies in place, you can recognize breaches when they occur.

  2. Define Objectives and Investigate: One of Target’s biggest issues in 2013 was that attackers seemed to catch the company off guard.  Rather than wandering blindly through the response process, know what you need to get done ahead of time and begin investigating the attack.

  3. Start Taking Action: You’re often legally required to notify breached users of the attack and file a report. Know your industry’s regulations and begin handling what could become a PR nightmare.

  4. Recover your systems: You should already have a disaster recovery system in place—it’s time to put it to use!

What Can Television Teach Us About Cybersecurity?

Whether you’re considering the realistic possibility of a Mr. Robot-esque attack, or the ludicrous plots of CSI: Cyber, one thing is certain—sophisticated cyber criminals will inevitably find a way into your network.

Before you leave, take our 5 second poll! Why do you value cyber forensics?

Rather than letting them run rampant, you can use Deceptions Everywhere®® to trick them into revealing themselves and stop their attempts before they reach their intended goal.

This approach lets you see the tools and techniques that cyber attackers are using – key intelligence you can use if you wanted to open up a CSI: Cyber case of your own.