Digital Forensics and Incident Response (DFIR) is no longer just a technical discipline activated after something goes wrong. In 2026, it has become a strategic capability central to resilience, governance, and national security.
Norway’s latest threat and risk assessments, NSM’s Risiko 2026 and Etterretningstjenesten’s Fokus 2026, describe a security environment where cyber operations are persistent, strategic, and closely tied to geopolitics. In this landscape, incident response is not just about restoring systems. It is about understanding what happened, why it happened, and what it means.
Across sectors — from public administration to critical infrastructure — incidents continue to exploit known vulnerabilities, weak access controls, and insufficient logging. The issue is often not that attacks go undetected, but that organisations lack the evidence needed to properly assess scope, impact, and intent.
State actors increasingly combine cyber operations with influence campaigns, espionage, and economic pressure. These activities are long-term, ambiguous, and difficult to attribute. High-quality digital evidence is therefore not optional — it is essential.
From Technical Response to Organisational Resilience
One of the clearest messages in Risiko 2026 is that prevention and response cannot be separated. Detection, logging, and incident handling must function as one system. Without forensic readiness, organisations struggle to answer fundamental questions during a crisis:
- What systems were affected?
- What data was accessed?
- Is the attacker still present?
Structured logging, time synchronisation, secure log retention, and incident response processes that preserve evidence are critical. Without them, decision-making becomes guesswork rather than analysis.
The stakes are even higher in operational technology (OT) and industrial environments such as energy, water, and transport, where incidents may have physical consequences. Many of these systems were never designed with forensic investigation in mind, making specialised competence essential.
Cyber incidents are also increasingly part of broader hybrid threat activity. Digital intrusions may support intelligence collection, influence operations, or future sabotage. In this context, forensic findings contribute not only to technical remediation, but to organisational and national situational awareness.
Evidence Builds Trust
Regulatory requirements further reinforce the importance of mature incident response capabilities. Risiko 2026 refers to the digitalsikkerhetsloven, which sets strict timelines for reporting serious incidents affecting essential services. Meeting these obligations requires rapid, evidence-based assessments of cause and consequence.
Strong DFIR supports compliance, credibility, and trust. Weak capabilities increase risk — technically, legally, and reputationally.
– You only lose trust during incident response once; it is critical that we are prepared to face these challenges head on, says Veronica Schmitt, Programme Leader for DFIR at Noroff University College.
Cyber incidents are inevitable. Adversaries are patient. Consequences extend beyond individual organisations. The key question is whether organisations are prepared.
- Do we have the logs we would need during a serious incident?
- Can we reconstruct an attack timeline with confidence?
- Do our processes preserve evidence — or overwrite it?
– DFIR maturity is not built during a crisis. It is built beforehand, says Schmitt.
Meeting today’s threat landscape requires more than tools. It requires professionals trained to think evidentially under pressure, operate across technical and organisational boundaries, and translate forensic findings into decisions that matter.
– Digital evidence is the only reliable currency in a hybrid threat environment. Our focus is on educating professionals who do not just fix systems, but who can interpret what the data reveals and translate it for decision-makers, says Emlyn Butterfield.
Related programmes
Bachelor
Digital Forensics and Incident Response
The rise in cyber attacks, ransomware and hacking has created a critical need for skilled digital investigators with the ability to respond to cyber security incidents.
Online
Kristiansand
Online+ Oslo/Bergen
Read more
Bachelor
Cyber Security
The programme provides comprehensive training in securing digital systems against online attacks, cybercrime and digital warfare. It equips students for careers focused on strengthening digital defences and protecting data and information.
Online
Kristiansand
Online+ Oslo/Bergen
Read more
Bachelor
Applied Data Science
The programme equips you for a dynamic career, fostering collaboration with businesses to understand and harness the vast amounts of data at their disposal. It also cultivates skills in the field of intelligent AI systems.
Online
Kristiansand
Online+ Oslo/Bergen
Read more