Cloud computing, serverless computing, microservices architecture, IoT and Industrial IoT (IIoT) “smart” devices, and increased API use pose new challenges to digital forensic investigations. In these cases, traditional methods of collecting and acquiring forensic evidence are often challenged by the storage on the server or the fact that the client does not necessarily capture all of the components of a transaction — or at least not all in one place. Performing accurate, comprehensive digital forensics in a situation where one or more APIs is integral to the event timeline requires a multi-level approach.
API forensics can be framed within a set of six phases:
- Identification. Conducting a search for, recognition of, and documentation of the physical devices potentially containing digital evidence.
- Collection. Collecting devices identified in the previous phase and transferring them to an analysis facility (physically or virtually).
- Acquisition. Capturing an image of a source of potential evidence identical to the original.
- Preservation. Preserving physical and logical evidence integrity.
- Analysis. Interpreting the data from the evidence acquired.
- Reporting. Communicating and/or disseminating the results of the investigation.
Rule4 applies its computer science background and forensics analysis credentials to perform thorough forensic analyses of unique API ecosystems. If necessary, we construct custom scripts for data extraction and preservation as part of the engagement so that independent analysis of our results is possible. We have provided expert testimony in numerous court cases and have an impeccable reputation for delivering comprehensive, accurate forensic reports.
We’re here to help with even your most challenging digital forensic investigations. Contact Rule4 for the support you need.