WHAT CAN WE HELP YOU WITH?
Here at Cyber & Digital Forensics, our fully accredited team will support you throughout the digital investigation process, from the first suspicion to the final statement. Let’s start by answering your questions.
My business has been victim to a cybercrime, what should I do?
Your first action should be mitigating further damage by changing all of your passwords, especially those with access to sensitive information. Next, access the nature and scope of the incident, determining whether it was a malicious act or a technical glitch. Take steps to prevent ongoing traffic from spreading the attack by isolating all or parts of a compromised network. Lastly, contact Cyber & Digital Forenics for free, impartial advice and guidance on how best to conduct a thorough digital investigation.
How do I ensure my digital evidence is forensically sound?
A defensible incident is dependent on reliable evidence. If not handled with precision and care, sensitive information may be overwritten, destroyed, or otherwise corrupted. Follow these steps to learn what to do, and more importantly, what not to do, when a digital crime has been committed.
-
Upon the discovery of a crime, secure and take control of the area containing the equipment.
-
Document the location of the device, those who have access to it and the time of its removal.
-
Do not change the status of the device. Pulling the plug on a live machine can result in the loss of evidence from remote areas and prevent access to encrypted folders.
-
Isolate the compromised device by restricting network access. For a computer, this will involve switching off Wi-Fi and Bluetooth, for a mobile device, use a Faraday bag to prevent a potential remote wipe, or place it in Airplane Mode.
-
If possible, ask the user about the set-up of the system, accurately recording any passwords given.
-
Do not plug anything into the device, open any applications or files or copy anything to or from it.
-
To assist the investigation, seize any manuals, encryption keys or physical security keys related to the item.
Completing the above will help preserve the evidential value of the exhibit, however, it's essential you contact a digital forensic expert as soon as possible so a thorough investigation can take place.
What are the common situations in which digital forensics are used?
Law enforcement agencies have long used the process of computer forensics to analyse digital information with the intention of solving crimes such as murder, kidnap, child exploitation and drug trafficking.
More recently, commercial organisations have been adopting this practice to their benefit in a variety of cases including;
- Industrial espionage
- Intellectual property theft
- Employee disputes
- Internet and email abuse in the workplace
- Fraud and deception
- Unauthorized disclosure of corporate data
What’s the difference between deleted and overwritten files?
Deletion doesn’t destroy a file, it continues to exist on your hard drive even after you empty it from your Recycle Bin, and can typically be recovered by using specialist tools.
On the overhand, when a file is overwritten by the operating system deciding to use the space to store another file, it is generally considered unrecoverable.
How is a digital forensic investigation typically approached?
The main stages of a digital forensic investigation are:
Seizure
When a crime has been committed, any relevant systems, media or storage devices are seized. It is necessary to obtain a warrant for criminal investigations, whilst civil cases have more lenient guidelines.
To ensure these items are kept forensically sound, they must be handed over to a trained technician as soon as possible.
Acquisition
To prevent the evidence from being modified, a bit copy, also known as a forensic image, of the media is taken using specialist tools. The original item should then be securely stored to prevent tampering.
Analysis
A systematic search of the imaged media is conducted to uncover links to the suspected crime. A variety of data is recovered, from both accessible disk space and unallocated areas, including chat logs, internet history, documents and emails. Keyword searches and hash matching techniques are then used to compare the evidence against pre-compiled lists.
Reporting
Once the investigation is completed the results are compiled into a detailed intelligence report, assessing the data and information collected.
ACCREDITATIONS
Cyber & Digital Forensics is a qualified digital investigation organisation that works to ISO9001 standards and ACPO Guidelines. We
are also working towards a fully ISO 17025:2017 accredited forensics laboratory.
We hold the following accreditations:
STILL HAVE A QUESTION?
Get in touch with the Cyber & Digital Forensics team for free, impartial advice from one of our technical experts. We'd be delighted to create a tailored solution to meet your unique needs.