JAKARTA - When it comes to cybersecurity, the main thing is about prevention efforts. However, if an attack has already occurred, then the thing that needs to be focused is the steps that must be taken after the incident occurs.

One procedure that should not be ignored in the effort to handle after cyber attacks is digital forensics. Digital forensics is an important procedure that must be applied by every organization after a cyber incident occurs.

According to leading cybersecurity consulting firm Spentera, the digital forensic process plays a crucial role in identifying the causes behind the attack and providing strong evidence for law enforcement.

In addition, information obtained from digital forensics can help companies or organizations map attacker profiles and identify system weaknesses, so that organizations can be better prepared to face similar attacks in the future.

However, according to Spentera, one of the main obstacles in the application of digital forensics is the lack of awareness of the importance of this step. And according to digital forensic expert Muhammad Nur al-Azhar, Indonesia still lacks experts and human resources who are experts in this field.

In addition, this challenge is also due to an increasing amount and complexity of data that continues to grow due to the wider digitization.

"The inability to identify the causes of cyber attacks shows that the implementation of digital forensics in Indonesia has not been optimal," said Thomas Gregory, Director of Blue Team Operation of PT Spentera in a written statement quoted Monday, August 5.

Thomas also explained some of the best practices (best practices) to implement digital forensics for organizations, including:

Identification: This phase involves the search, introduction and documentation of relevant evidence. The priority of evidence collection is based on the value and volatility of the evidence.

Collection: A digital device that has the potential to contain valuable data is collected and transported to a forensic laboratory. What is commonly done is static acquisition, but direct acquisition is required for systems that cannot be shut down, such as industrial control systems.

Acquisition: Digital evidence must be obtained without compromise on its integrity. This involves making appropriate copies using a write blocker to prevent data changes.

Preservation: Integrity of digital devices and evidence are maintained through the chain of ownership, ensuring thorough documentation at each stage so that it can be accepted in court.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)