Digital Forensics Investigation Resolves Alleged Breach Event

For Business, For Legal Professionals | 11 Aug 2023

A case study on work that Notion Digital Forensics have completed.

Overview

Notion Digital Forensics investigated an alleged breach involving a multinational technology company where a private server certificate key was publicly shared. A government department suspected either accidental disclosure or cyber breach, requesting investigation due to potential risks to message confidentiality and integrity.

Objectives

The engagement required three main goals: investigate the events, determine how they occurred, and provide an analysis of an Australian government’s forensics report. The team then reported findings to help business partners resume operations.

Methodology

The investigation combined multiple approaches: interviewing technical staff, collecting and analyzing digital evidence, and reviewing relevant standards including the Australian Cyber Security Centre’s Information Security Manual. Notion delivered an expert report addressing government concerns with actionable recommendations.

Key Findings

The investigation revealed critical protection measures were in place. A key employee had secured the private key with a strong password. Testing showed the password resisted cracking attempts, making the disclosed key impractical to exploit - it would cost millions of dollars of computer time to brute force.

Conclusion

The comprehensive analysis provided assurance to stakeholders that despite potential disclosure, the password protection rendered the key essentially useless to threat actors. Recommendations also improved procedures to prevent future similar incidents.