The concept of low-hanging fruit comes from the idea that it is easier to go after information that is readily available than to dig for deeply rooted information. Cybercriminals may walk away from a system that is too hard to break or takes too long to get into. In some instances, grabbing the low-hanging fruit for the cybercriminal may be nothing more than choosing the easiest part of the system to deal with at the time.
The cybersecurity field is rife with low-hanging fruit. When a company doesn’t install patches for operating systems, or enforce sound password and logoff policies, it leaves its systems vulnerable to attack. Some people (generally those with less than honorable intentions) believe that if you leave your system unprotected, you deserve to be hacked. And it will happen, because low-hanging fruit is the easiest to grab. More employees will attempt to access a network folder called private than a folder named data.
As a forensic investigator, you’ll have to determine whether the low-hanging fruit provides enough evidence for your case. Let’s start with an area that might provide the evidence you need without an extreme amount of investigative work. This is evidence that is readily available, such as computer and log files, especially when dealing with unsophisticated criminals. People tend to treat their work computers as their own private storage facilities despite the fact that they are merely the company’s computers that they’re assigned to use. What people keep in their computers can be incredible—everything from their sexual preferences to evidence of crimes.
Although you should strive to have more than enough evidence, you might be able to use low-hanging fruit to get the information you need. It is at least a good place to start.