During 2015 - 2016 we have seen a significant rise in the incidence of Cryptolocker and Spear Phishing attacks, as well as the regular compromise of hosted systems.
Attackers have been able to identify and exploit weaknesses in business IT systems as well as the naivety of users, resulting in the substantial loss of data and money. This should prompt all businesses to reassess and test the security of their systems. All businesses should be examining access control, reviewing the need for two-factor financial sign-off and questioning the effectiveness of their continuity and backup systems.
eDiscovery and Litigation Support
Forensic IT provides collection, early case assessment (ECA), processing, de-duplication, searching, review and legal export services in regards to eDiscovery and litigation support matters. We apply forensic data preservation methods to the capture of electronically stored information (ESI) where appropriate so that metadata is preserved from the time of collection.
The capture and preservation of computers, business servers and other digital devices in a forensically sound manner is the most important part of every investigation we undertake. We can acquire and backup data from desktop and laptop computers, servers, mobile phones, external hard drives, memory cards, backup tape and the 'cloud' to name a few sources. We are specialists in the acquisition of data in the event that a business has been placed in Administration or Liquidation and are able to acquire data from live-running servers.
Mobile Device Extraction & Analysis
Our primary mobile device examination tool is the Cellebrite UFED mobile device system (http://www. cellebrite.com/Mobile-Forensics/Products/ufed-touch) which is a global leader in the extraction and analysis of data from mobile devices.
Using Cellebrite, we can perform physical, logical or file system extractions of current and old mobile phones, smartphones, tablets and GPS devices.
Our extractions also include the recovery of deleted data such as call logs and text messages as well as extracting data from SIM and memory cards where possible.
Fraud and Financial Investigations
We provide forensic investigation services in matters of corporate fraud and financial crime. Our role typically involves the secure collection of electronically stored information from user computers, servers, phones and accounting systems. Once the data has been collected we conduct analysis away from the business to identify evidence supporting allegations or concerns. Where required we can prepare a "brief of evidence" suitable for delivery to law enforcement.
Covert Data Acquisition
Forensic IT can acquire data from computers and servers covertly without end-user knowledge or disruption to business applications. This service is offered when discretion is needed during an investigation or when access to computers is not available outside of normal business hours. We can also offer this service when the acquisition of email or database servers is required but a service outage is not acceptable.
Forensic analysis involves the examination of electronic devices and the presentation of facts and opinion regarding the data examined. Analysis can be used to identify matters including theft of intellectual property, inappropriate use of IT in the workplace, and recovery of deleted data.
Search Orders (Anton Piller)
We can assist in the preparation and application of civil search orders in relation to the preservation of digital evidence. Most matters we deal with relate to intellectual property theft. Forensic IT staff are also experienced in the execution and participation of government agency search warrants.
Simply deleting files or formatting a hard drive before sale or disposal is not enough to ensure that data can't be recovered and prevent it falling into the wrong hands. We can assist in matters where secure deletion of data from computers, servers and other digital devices is required.
Forensic IT provides expert report and testimony services. We present digital evidence in a manner that is legally acceptable and easily understood by judge and jury, using clear explanations, visual representations and virtualised computer environments. Forensic IT can also examine reports and evidence provided by other experts.