Digital Forensic and Incident Response Services Guide 2025

gracelimlengco
33 minutes ago
5 min read

Author: Josh Kither

Executive Summary

Our forensic IT services have evolved from a background of providing basic services to Liquidators and Administrators through our start in a second tier firm specialising in corporate recovery, corporate advisory, forensic accounting and forensic IT for the ten year period from 2003 to 2013. From 2013 we moved to a more independent position in Forensic IT, where we were able to provide services to a broader range of clients including a broad collection of lawyers from various firms across the country.

With the backbone of the business originating from origins within Victoria Police Computer Crime Squad, our processes, procedures and tools are all focused on obtaining a truthful outcome which could be trusted by Court and client alike.

During our twenty years’ experience we have worked on a huge variety of matters including date and time (metadata) analysis, document provenance, theft of intellectual property from both the employer and employee perspective, analysis of content and location information from mobile phones, acting as independent computer experts in Anton Piller orders, ‘Books & Records’ collection in insolvency matters and many more.

We work with business, lawyers, investigators and government agencies providing expertise relating to the successful identification of forensic artefacts and electronic evidence that supports/compliments an existing investigation.

Service Offering for Law Firms

Many of our engagements begin with a requirement to collect and preserve data from mobile devices, computers, networks and cloud services such as Gmail and Office M365. Once all available evidence has been identified and preserved, our investigation begins using a large suite of tools designed to allow us to interrogate the data without causing any change.

General Digital Forensics Services

Our Digital Forensics team are experts in the identification and analysis of electronic evidence, providing clear and concise insights for investigations, court cases and other business requirements. Below are some of the common forms of project we assist our clients with.

Search Warrants: Our team assists various government agencies in the execution of search warrants. We ensure that every digital data collection process adheres strictly to regulator guidelines, providing thorough and precise results.
Search Orders (Anton Piller): We specialise in the delicate process of Anton Piller orders, carefully gathering crucial digital evidence without prior notice while ensuring discretion, adherence to legalities, and thoroughness.
Expert Witness (All courts): Our seasoned professionals are adept at translating complex digital forensic findings into court-ready evidence, bridging the gap between technical intricacies and legal clarity.
Electronic Discovery: Extract potential evidence from diverse platforms, including emails and business communications to assist with the process of identifying, collecting, and reviewing electronic documents and data for legal discovery.
Theft of Business IP: Responding swiftly to intellectual property breaches, our team identifies the actions of recently departed employees to determine what data has been retained or exfiltrated out of the business.
Data Loss Investigation: Our comprehensive approach targets data loss at its root, diagnosing causes, facilitating recovery, and implementing measures to prevent future losses.
Data Leaks: Addressing data leaks with urgency, we contain the impact, pinpoint the leak origins, and fortify defences to prevent repeat incidents.
Data Deleted by Insiders: We investigate data destruction by insider threats and conduct a comprehensive investigation to identify the perpetrators
Employee Misconduct: We undertake sensitive investigations into digital misconduct, balancing confidentiality with the need for clarity, ensuring both resolution and prevention of future issues.
Unauthorised Data Access: Our proactive approach addresses unauthorised data breaches, assessing system vulnerabilities, ensuring offender accountability, and bolstering future system security.
Viewing Inappropriate Material: Through thorough investigation, we assess allegations of accessing or sharing inappropriate online content, providing organisations with clear insights and solutions.
Sensitive Info Communication: We meticulously investigate breaches of communication propriety, working diligently to protect organisational secrets, ensure security, and maintain reputational integrity.
Bullying or Harassment: Our team offers a compassionate yet thorough examination of digital interactions in cases of alleged digital harassment.
Email Investigations: We delve into email communications to validate authenticity, detect tampering, and uphold the integrity of digital correspondence.

Expert Evidence

Most of our team have experience preparing expert reports and attending courts in support of those reports.

Cyber Services

Forensic IT’s incident response team, located in Australia, includes skilled analysts who work quickly to minimise cyber breach impact. We respond rapidly to contain damage, preserve evidence, and restore normal business operations while investigating the attack.

Once the investigation is underway, we preparing interim reports updating stakeholders on the extent of the event and our progress in recovery and, when our investigation is complete, provide a comprehensive report for use as required by the entity for legal or compliance purposes.

Industrial Control Systems (ICS) Security Assessments

We provide comprehensive industrial control system (ICS) IT security assessments to organizations across multiple sectors. Our team of skilled security professionals possesses extensive expertise in ICS security and employs both manual analysis and specialized tools to identify vulnerabilities and recommend effective mitigation strategies.

Our assessment process encompasses an evaluation of network architecture, system configuration, and security protocols, as well as the use of simulation and testing methodologies to uncover potential weaknesses and review existing defenses. Upon completion, we deliver a thorough report detailing our findings and tailored recommendations for enhancing security and minimizing the risk of cyberattacks.

With our proven experience and knowledge in ICS security, we are well-positioned to assist organizations in safeguarding their ICS networks against emerging threats. For additional information about our ICS IT security assessment services or to arrange a consultation, please contact us.

Insolvency Industry

We provide several services that can directly assist in any appointment:

Day 1 Business System Assessment
- Attend on site or liaise with IT staff and gain an understanding of the business systems.
- Provide an overview to the appointee (Administrator?) explaining:
  - what systems are used
  - where data lives
  - best method of collection
  - whether software licensing could cause issues with access to data
  - any risks to ongoing access to data
- Provide a fee estimate for collection
Collection
- We use various processes and tools to collect a variety of data including:
  - Forensic imaging of computers (this can be done live while the computer/server is in use)
  - Extraction of mobile phones
  - Downloading cloud-based data
  - Collection of Microsoft 365 email and files
  - Extraction of information from accounting systems (this may sometimes best be achieved through generating and exporting various reports)
- We can also deploy tools to allow for the covert collection of data if circumstances require.

eDiscovery/Document Review

We have an online document review platform (EDT) (EDT | evidence and case management for the justice sector) which is available now and a second alternative platform (Relativity 1) (RelativityOne | All-in-One Legal Technology) available from next year (2026). These platforms provide you with the power to remotely access the documents have been collected for any matter and investigate them from your office.

(Pricing for each platform is different but in simple terms, we can control the pricing of EDT to try and make it cost effective whereas the pricing for Relativity1 is fixed and we have no control over it).

Data processing features for both platforms include:

Multiple machines can process different batches of data simultaneously into the one case;
Hundreds of file types are supported;
Identifying and hiding duplicates, non-person created files such as system files and any files outside relevant date ranges;
Integrated OCR to make scanned documents searchable;
Extracting embedded files;
Identifying deleted email items;
Review Geo-location information from JPG images, and
Reviewers can start their work while the data is still being ingested into the review platform.
No need to wait for processing to finish.