Digital Forensic Investigations
Digital forensic investigations is a discipline that provides evidence to support an internal investigation, data breach or cyber-attack. Identifying and gathering digital evidence is key to successful litigation and dispute resolution.
We work with law firms and Insolvency Practitioners helping them preserve digital devices and secure data found during a liquidation or investigation.
We assist clients recover and investigate material found in digital devices, including hard-drives, servers, laptops, smart-phones, networks and storage media.
Once we have forensically preserved the data, we then work with them to search and recover vital documents, spreadsheets, emails etc to help with their investigation or review.
Our team has successfully identified evidence including the recovery of deleted company emails, encrypted files, documents and spreadsheets, sales proposals, altered documents, internet browser histories, internet emails, transfer of files, uploading of external devices and the recovery of other electronic generated documents.
Our advice is to act quickly by contacting TenIntelligence as soon as possible. Don’t try and recover or search for documents yourself, as your activity will alter the date and time stamps embedded in electronic documents and transactions, which could render the evidence as inadmissible. The preservation and integrity of evidence is paramount.
Preservation of Evidence
It is essential to follow forensic principles, evidence continuity and methodology when conducting digital forensic investigations. Our team have a working understanding of the legalities, best practice and methodologies used in the current digital forensic environment. We apply evidence continuity, covering seizure, exhibit handling, data collection and preservation through to examination and investigation.
How we can help:
The initial phases of typical digital forensic investigations are critical; we provide clients with a practical perspective and help them:
- Identify and seize digital items that may contain digital evidence
- Obtain the correct legal procedures and permissions
- Map and index electronically stored information (ESI)
- Help with decision making around loss of evidence
- Collecting other available records
- Evidence handling and chain of custody
- Examination of data from emerging technologies
- Identify the root cause of the incident, unauthorised access, breach or attack
- Examine all compromised accounts and systems accessed by the attacker
- Assist in providing evidence around the intruder’s profile and how technical defence mechanisms were breached
Imaging & Examination
Once the evidence has been seized and preserved, the forensic examination can begin, including the imaging (producing a working copy) of all digital data from the devices collected using specialised forensic software and hardware.
The imaging allows the original device to be preserved as an evidence exhibit, leaving the imaged version to be forensically tested and analysed.
Clients often request their devices to be imaged as a precaution and if required, to be analysed at a later stage in the investigation.
Working with our clients, the analysis phase of the digital forensic investigation is the interrogation of the data collected; this will include:
- testing investigation hypotheses
- traditional analysis of deleted files, browser history, access logs and file sharing
- understanding and interpreting the data structures
- examination of storage components
- identifying clusters, meta-data and unallocated data sets
- keyword searches
- identify the root cause of the incident, unauthorised access, fraud, breach or attack
- examine all compromised accounts and systems accessed by the fraudster or attacker
- assist in providing evidence around the intruder’s and/or fraudster’s profile
- determine how technical defence mechanisms were breached
- presenting evidence, findings and witness statements
- evaluate how to prevent future incidents, breaches and attacks