This is why IT forensics and system hardening belong together

IT forensics and system hardening are only seemingly two completely different areas of information security. In practice, many important overlaps become apparent.

Why is IT forensics so important?

When a murder has occurred, various experts come to the scene of the crime – these include forensic experts. They look for clues that could lead to the perpetrator. It’s a similar story in the IT world: if hackers have infiltrated your IT systems, the task is to secure evidence.

IT forensic experts, also called digital forensic experts or cyber forensic experts, use various procedures and tools to find important traces. Traces that, on the one hand, reveal the security vulnerabilities through which the cyber attack came about. On the other hand, specialists can determine important clues about the perpetrators in order to prosecute them.

To do this, log files and audit logs are examined for suspicious points, among other things. In addition, the forensic expert reads from the information whether the affected systems were state of the art when the compromise occurred.

How do you prevent “digital murder”?

IT forensics is a cybersecurity measure that belongs to the “respond” or “reaction” area. In other words, it kicks in when, so to speak, the perpetrators have succeeded. Make sure that this never happens, so that no IT forensic expert has to visit your company. Take measures to protect your IT systems as best you can!

One of these “protect” measures is system hardening. It is used to reduce attack surfaces by configuring your operating systems and applications specifically. When hardening Windows 10, you disable services you don’t need and implement multifactor authentication, among other things. And when you harden your Windows Server systems, you should significantly restrict access rights, enable accurate logging & monitoring, and take many other measures.

Perform a simple system hardening on an ordinary Windows computer and you will have around 300 to 400 configurations to adjust. On well-secured systems, security configuration management can also include over 800 measures.

That’s quite a bit of work, especially if you have dozens or even hundreds of systems to harden. In addition, they need to be continuously monitored and configurations adjusted. Automated system hardening with a hardening tool like Enforce Administrator can help here.

More information needed?

Click through our presentation, which we have created together with our partners Bridge4IT and TEAL. The slides show you:

    • the current cyberthreat situation
    • how IT forensics and system hardening belong together
    • how to harden systems with the Enforce Administrator

FYI: You can also download the presentation at Slideshare.

Do you know how well your systems are hardened?

No? Then perform a check with the free AuditTAP. The AuditTAP modules check various standard products for the configuration of important and relevant security settings. The references checked against are fundamentally established and proven security standards.


If you have any questions about system hardening or need support, please feel free to contact us at any time without obligation. To do so, please write us an e-mail.

Image: Pixabay

Leave a Reply