The investigative discipline Digital Forensics can provide evidential investigation support pre/post cyber-attack.
Our Certified Practitioners are trained to safely preserve and examine data found on digital devices and networks often identifying the root cause of incident and evidence.
Preservation of Evidence
It is essential to follow forensic principles, evidence continuity and methodology when conducting a cyber investigation. Our Certified Practitioners have a working understanding of the legalities, best practice and methodologies used in the current digital forensic environment.
We apply evidential continuity, covering seizure, exhibit handling, data collection and preservation through to examination and investigation.
During or after a cyber related attack or unauthorised event we help clients:
- Identify and secure network devices that may contain digital evidence and unauthorised activity
- Ensure any data breach or data loss is permanently stopped and the vulnerability fixed
- Obtain the correct legal procedures and permissions
- Map and index electronically stored information (ESI)
- Help with decision making around loss of evidence
- Evidence handling and chain of custody
Once the evidence has been seized and preserved, the forensic examination can begin, including the imaging (producing a working copy) of all digital data from the devices collected using specialised forensic software and hardware. The imaging allows the original device to be preserved as an evidential exhibit, leaving the imaged version to be forensically tested and analysed.
Working with our clients, the analysis phase of the digital forensic investigation is the interrogation of the data collected; this will include:
- testing investigation hypotheses
- identify the root cause of the incident, unauthorised access, breach or attack
- examine all compromised accounts and systems accessed by the attacker
- assist in providing evidence around the intruder’s profile and how technical defence mechanisms were breached
- identify, secure and analyse relevant support information and data from servers, cloud platforms, routers and other network devices
- traditional analysis of deleted files, browser history, access logs and file sharing
- understanding and interpreting the data structures
- presenting evidential findings and statements
- evaluate how to prevent future incidents, breaches and attacks