CYBER CRIME investigations and RESPONSE resources for your complicated cyber threats.
Cyber Crime Investigations
The unstoppable growth and dynamic of cyber-enabled-crime mean organisations of all sizes need to rethink their approach to the security. Everyone knows that security is important, and we all rely on the Internet, IT and other connected systems, all of which without the appropriate protection could be at risk from cyber-attack.
These attacks are becoming increasingly more sophisticated and stealthier, targeting people, networks and devices.
Helping clients with cyber crime investigations | keeping CyberSimplified.
Ensuring vulnerabilities that leave you open to internal and external attack are minimised is critical to your environment’s security posture.
Along with the introduction of multiple data protection legislation and compliance regulations over the last few years; demonstrates that having a secure infrastructure allows an organisation to operate with confidence.
Our technicians help identify critical vulnerabilities using technical/non-technical methods with our penetration testing service, providing threat vulnerability and risk assessments and supporting security improvement plans.
Our understanding of system networks, devices, procedures and vulnerabilities allows us to provide expertise around how malicious attacks are orchestrated and help organisations implement preventative and corrective measures to mitigate the risk of a data attack or breach.
How we can help
TenIntelligence works alongside clients; helping them with cyber crime investigations and prevention resources:
- Conduct information and connectivity audits across the organisation to review, identify and assess where data is held
- Conduct specific internal and external penetration testing to identify access control weakness, strengths and areas for development
- Work with the organisation to, design and implement appropriate technical and internal measures to ensure data security is designed into all processes
- Work with the organisation to design a Data Privacy Impact Analysis framework linking to pre-existing risk management and project management processes
- Review the risks on the organisation’s Risk Register and create a critical list of control weaknesses
- A complete review and/or develop framework of policies and procedures needed to ensure Information Security and Cyber Essentials compliance
- Help the organisation develop a staff training and awareness program
Areas for consideration:
- How does your organisation connect to the internet and other communication systems?
- Does your organisation use multiple software platforms, intranet, wireless activity and/or operating systems?
- Can you demonstrate compliance around your organisation’s firewalls, encryption, anti-virus and malware security provisions?
- Does your organisation perform due diligence into its third party providers and key employees?
- Do you check for mis-configurations and internal/external unauthorised access?
The investigative discipline Digital Forensics can provide evidential investigation support pre/post cyber-attack.
Our forensic investigators are trained to safely preserve and examine data found on digital devices and networks often identifying the root cause of incident and evidence.
Preservation of Evidence
It is essential to follow forensic principles, evidence continuity and methodology when conducting a cyber investigation. Our forensic investigators have a working understanding of the legalities, best practice and methodologies used in the current digital forensic environment.
We apply evidence continuity, covering seizure, exhibit handling, data collection and preservation through to examination and investigation.
During or after a cyber related attack or unauthorised event we help clients with cyber crime investigations:
- Identify and secure network devices that may contain digital evidence and unauthorised activity
- Ensure any data breach or data loss is permanently stopped and the vulnerability fixed
- Obtain the correct legal procedures and permissions
- Map and index electronically stored information (ESI)
- Help with decision making around loss of evidence
- Evidence handling and chain of custody
Once the evidence has been seized and preserved, the forensic examination can begin, including the imaging (producing a working copy) of all digital data from the devices collected using specialised forensic software and hardware. The imaging allows the original device to be preserved as an evidential exhibit, leaving the imaged version to be forensically tested and analysed.
Working with our clients, the analysis phase of the digital forensic investigation is the interrogation of the data collected; this will include:
- testing cyber crime investigation hypotheses
- identify the root cause of the incident, unauthorised access, breach or attack
- examine all compromised accounts and systems accessed by the attacker
- assist in providing evidence around the intruder’s profile and how technical defence mechanisms were breached
- identify, secure and analyse relevant support information and data from servers, cloud platforms, routers and other network devices
- traditional analysis of deleted files, browser history, access logs and file sharing
- understanding and interpreting the data structures
- presenting evidential findings and statements
- evaluate how to prevent future incidents, breaches and attacks