ANALYSE SECURED EVIDENCE

Securing digital evidence professionally is the first step to success.

 

SITUATIONAL EXAMPLE:

You have gathered evidence (e.g. invoices, shipping bills, inventory discrepancies in SAP) that some kind of internal issue has possibly lead to corporate crime. The evidence might already be available in paper, on hard drives, or mobile devices (Smartphones, external Hard drives, USB flash drives, pen drives, cell phones).

Have you had the digital evidence secured in accordance with forensic standards?

It is necessary to have the data secured by a forensics expert in accordance with ISO 27035-27042 standards so that the chain of custody is not violated. After this step, it is necessary to research the secured data in order to find traces and leads to the true characteristics of the crime and the hidden perpetrators.

What we can do to help you in a drastic situation that requires forensic expertise:

  1.  Advice on how to best deal with all sorts of devices containing evidence
  2. Identification of existing or secured data
    • with reference to their type and relevance
    • with location inside different devices
  3. Creating an overview of all secured data, and
    • Extract of metadata,
    • Creating a database with all this vital information
  4. Checking forensic backups and images:
    • whether there has occurred any changes
    •  if the data has all been backed up
    • if all backups have been documented
    • if all backups were created as they should be
    • if all documentation is complete and correct
  5. Decrypting and unlocking of protected hard drives and mobile devices or files
    • in case the login data(Username, Password, PIN) for decrypting is not available
    • in case no login data exists, it is possible to attempt to find key or brute force the way past the protection
    • whilst this is to be done within the legal rules of the jurisdiction.
  6. Recovery of deleted files, with the technical capabilities of data recovery methodologies and IT Forensic tools.
  7. Extraction of data from
    • file containers (e.g. Truecrypt Container)
    • archives or
    • Mail databases (outlook edb, outlook pst, Thunderbird, Lotus notes, mail server)
  8. Converting non-standard data formats so that they are made readable for non-technical humans
  9. Export of data out of databases (e.g. MS SQL, MySQL, Oracle DB Enterprise, dBase)
  10. Providing forensic expert reports