- Cyber Forensics Services Impartial Analysis | Non-Manipulative Results
The most successful investigators possess a nose for investigations and a skill for solving puzzles, which is where the art comes in. It is an art and science of applying the computer science to aid the legal process.It includes various tasks apart from only investigating computers -
- Identify source of documentary or other digital evidences
- Preserve the evidence
- Analyse the evidence
- Present the findings
Computers may constitute a 'scene of a crime' for example with -
- Denial of service attacks, or
- They may hold evidence in the form of emails, internet history, documents or other files relevant to crimes such as murder, kidnap, fraud and drug trafficking. It is not just the content of emails, documents and other files which may be of interest to investigators but also the 'metadata' associated with those files.
- A computer forensic examination may reveal when a document first appeared on a computer, when it was last edited, when it was last saved or printed and which user carried out these actions.
Services offered- ... but not limited to,
Commercial organizations have used computer forensic in cases such as:
- Intellectual Property theft
- Employment disputes
- Industrial espionage
- Bankruptcy investigations
- Fraud investigations
- Inappropriate email and internet use in the work place
- Regulatory compliance
Although the ACPO Guide is aimed at United Kingdom law enforcement, its main principles are applicable to all computer forensics.
The four main principles from this guide (with references to law enforcement removed) are as follows:
- No action should change data held on a computer or storage media which may be subsequently relied upon in court.
- In circumstances where a person finds it necessary to access original data held on a computer or storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
- An audit trail or other record of all processes applied to computer-based electronic evidence should be created and preserved. An independent third-party should be able to examine those processes and achieve the same result.
- The person in charge of the investigation has overall responsibility for ensuring that the law and these principles are adhered to.
This states that an examiner himself/herself needs an appropriate training, regular testing and verification of their software and equipment, familiarity with legislation, dealing with unexpected issues and ensuring that the on-site acquisition kit is complete and in working order.
In this phase, it receives_
- Instructions, clarifications of which, if are unclear or ambiguous
- Risk analysis
- Allocation of resources and roles
Commercial organizations need awareness in the following issues,
- Health and safety
- Conflict of interest
This is the phased where actual acquisitions take place. There are two scenarios;
Simple Lab acquisition:
- There may be direct evidences presented personally into the lab.
- Includes identifying and securing digital devices which may store evidence and documenting the scene.
- Interviewing the personnel who may hold information relevant to the examination (e.g. User of the computer or manager, etc.)
Here, an examiner usually provides feedback or findings of the investigation/processes done. This should be an accurate, thorough, recorded, repeatable, timely and impartial analysis.
The examiner produces a structured report on the findings which addresses the instructions and any other relevant items from the investigation process.
The report must be written which includes appropriate terminologies. The examiner here, participates in any other types of communication as and when needed for the elaboration on the report.
Usually Legal issue confuse or distract from a computer examiner's findings. An example here would be the 'Malware Defence'. A Malware code disguised as something benign carries a hidden and malicious purpose. Malwares have many uses, and could include key-logging, uploading and downloading of files and installation of viruses. A lawyer may be able to argue that actions on a computer were not carried out by a user but were automated by a Malware without the user's knowledge; such a Malware Defence has been successfully used even when no trace of a Malware or other malicious code was found on the suspect's computer. In such cases, a competent opposing lawyer, supplied with evidence from a competent computer forensic analyst, should be able to dismiss such an argument. A good examiner will have identified and addressed possible arguments from the "opposition" while carrying out the analysis and in writing their report.
- Contact Us
GUJARAT (HEAD OFFICE)A306, Sujal Apartments, Opp. lane of Satellite Police Station, Satellite road, Ramdevnagar, Abad -15.
Call UsPhone +0 97-12-97-9008
MAHARASHTRA (CYBER SECURITY TESTING LAB)
Office - A/6, Mark Part Apartments, Pandurang Colony, Erandwane, Pune, Maharashtra - 411038.