Digital Forensic Investigations
Digital forensic investigations is a discipline that provides evidence to support an internal fraud investigation or cyber-attack. Identifying and gathering digital evidence is key to successful litigation and dispute resolution.
Our forensic investigators recover and investigate material found in digital devices, including hard-drives, servers, laptops, smart-phones, networks and storage media by imaging these devices for further examination and evidence review.
Our team identifies evidence including the recovery of deleted company emails, encrypted files, documents and spreadsheets, sales proposals, altered documents, internet browser histories, internet emails, transfer of files, uploading of external devices and the recovery of other electronic generated documents.
Our advice is to act quickly by contacting TenIntelligence as soon as possible. Don’t try and recover or search for documents yourself, as your activity will alter the date and time stamps embedded in electronic documents and transactions, which could render the evidence as inadmissible. The preservation and integrity of evidence is paramount.
Preservation of Evidence
It is essential to follow forensic principles, evidence continuity and methodology when conducting digital forensic investigations. Our team have a working understanding of the legalities, best practice and methodologies used in the current digital forensic environment. We apply evidence continuity, covering seizure, exhibit handling, data collection and preservation through to examination and investigation.
How we can help:
The initial phases of typical digital forensic investigations are critical; we provide clients with a practical perspective and help them:
- Identify and seize digital items that may contain digital evidence
- Obtain the correct legal procedures and permissions
- Map and index electronically stored information (ESI)
- Help with decision making around loss of evidence
- Collecting other available records
- Evidence handling and chain of custody
- Examination of data from emerging technologies
- Identify the root cause of the incident, unauthorised access, breach or attack
- Examine all compromised accounts and systems accessed by the attacker
- Assist in providing evidence around the intruder’s profile and how technical defence mechanisms were breached
Imaging & Examination
Once the evidence has been seized and preserved, the forensic examination can begin, including the imaging (producing a working copy) of all digital data from the devices collected using specialised forensic software and hardware.
The imaging allows the original device to be preserved as an evidence exhibit, leaving the imaged version to be forensically tested and analysed.
Clients often request their devices to be imaged as a precaution and if required, to be analysed at a later stage in the investigation.
Working with our clients, the analysis phase of the digital forensic investigation is the interrogation of the data collected; this will include:
- testing investigation hypotheses
- traditional analysis of deleted files, browser history, access logs and file sharing
- understanding and interpreting the data structures
- examination of storage components
- identifying clusters, meta-data and unallocated data sets
- keyword searches
- identify the root cause of the incident, unauthorised access, fraud, breach or attack
- examine all compromised accounts and systems accessed by the fraudster or attacker
- assist in providing evidence around the intruder’s and/or fraudster’s profile
- determine how technical defence mechanisms were breached
- presenting evidence, findings and witness statements
- evaluate how to prevent future incidents, breaches and attacks