Cyber Crime Investigations

The investigative discipline Digital Forensics can provide evidential investigation support pre/post cyber-attack.

Our forensic investigators are trained to safely preserve and examine data found on digital devices and networks often identifying the root cause of incident and evidence.

Preservation of Evidence

It is essential to follow forensic principles, evidence continuity and methodology when conducting a cyber crime investigation.  Our forensic investigators have a working understanding of the legalities, best practice and methodologies used in the current digital forensic environment.

We apply evidence continuity, covering seizure, exhibit handling, data collection and preservation through to examination and investigation.

During or after a cyber crime, related attack or unauthorised event we help clients with cyber crime investigations:

• Identify and secure network devices that may contain digital evidence and unauthorised activity
• Ensure any data breach or data loss is permanently stopped and the vulnerability fixed
• Obtain the correct legal procedures and permissions
• Map and index electronically stored information (ESI)
• Help with decision making around loss of evidence
• Evidence handling and chain of custody

Once the evidence has been seized and preserved, the forensic analysis and examination can begin, including the imaging (producing a working copy) of all digital data from the devices collected using specialised forensic software and hardware. The imaging allows the original device to be preserved as an evidential exhibit, leaving the imaged version to be forensically tested and analysed.

Working with our clients, the forensic analysis phase of the digital forensic investigation is the interrogation of the data collected; this will include:

• testing cyber crime investigation hypotheses
• identify the root cause of the incident, unauthorised access, breach or attack
• examine all compromised accounts and systems accessed by the attacker
• assist in providing evidence around the intruder’s profile and how technical defence mechanisms were breached
• identify, secure and analyse relevant support information and data from servers, cloud platforms, routers and other network devices
• traditional analysis of deleted files, browser history, access logs and file sharing
• understanding and interpreting the data structures
• presenting evidential findings and statements
• evaluate how to prevent future incidents, breaches and attacks

Cyber Essentials and Cyber Essentials Plus, are UK government backed certification processes overseen by the National Cyber Security Centre (NCSC). The certification ensures that organisations, businesses, charities and schools are demonstrating good cyber compliance and help prevent cyber-crime.

Threat actors are continuously looking for vulnerable targets that do not have these security and technical processes in place.

Certification provides your organisation with the security defences that will protect against the vast majority of common cyber-crime and attacks.

Our understanding of cyber-crime threats, data protection, data security audit procedures and vulnerabilities allows our Team to provide clients with measures to mitigate the risk of a cyber crime, attack and/or data breach.

How we help prevent Cyber-Crime

Our Team works alongside clients and guides them through the NCSC Cyber Essentials certification process.  This is a self-assessment process in which clients will be given access to an online platform to answer key questions about their infrastructure; and guarantee their certification:

• Conduct audits across the organisation to review, identify and assess where data is held and their access control processes
• Perform internal testing to identify firewall implementation and improvements
• Examine access control weakness, strengths and areas for development providing a secure configuration system
• Audit cyber-crime protection measures and endpoint security such as malware protection
• Review all devices, hardware and software platforms to ensure patch management versions are current and updated
• Work with the organisation to, design and implement appropriate technical and internal measures to ensure data security is designed into all processes
• Monitor and review procedures needed to ensure continued information security and Cyber Essentials compliance
• Help the organisation develop a staff training and awareness program

Minimising the vulnerabilities that leave your organisation open to internal and external attack is critical to your security posture.

Along with the introduction of multiple data protection legislation and compliance regulations over the last few years; demonstrates that having a secure infrastructure allows an organisation to operate with confidence.

Our technicians help identify critical vulnerabilities using technical/non-technical methods with our penetration testing service, providing threat vulnerability and risk assessments and supporting security improvement plans.

Our understanding of system networks, devices, procedures and vulnerabilities allows us to provide expertise around how malicious attacks are orchestrated and help organisations implement preventative and corrective measures to mitigate the risk of a cyber-crime, attack or data breach.

How we can help

TenIntelligence works alongside clients; helping them with cyber-crime investigations and prevention resources:

• Conduct information and connectivity audits across the organisation to review, identify and assess where data is held
• Conduct specific internal and external penetration testing to identify access control weakness, strengths and areas for development
• Work with the organisation to, design and implement appropriate technical and internal measures to ensure data security is designed into all processes
• Work with the organisation to design a Data Privacy Impact Analysis framework linking to pre-existing risk management and project management processes
• Review the risks on the organisation’s Risk Register and create a critical list of control weaknesses
• A complete review and/or develop framework of policies and procedures needed to ensure Information Security and Cyber Essentials compliance
• Help the organisation develop a staff training and awareness program

Areas for consideration:

• How does your organisation connect to the internet and other communication systems?
• Does your organisation use multiple software platforms, intranet, wireless activity and/or operating systems?
• Can you demonstrate compliance around your organisation’s firewalls, encryption, anti-virus and malware security provisions?
• Does your organisation perform due diligence into its third party providers and key employees?
• Do you check for mis-configurations and internal/external unauthorised access?