Forensic intelligence is an investigative discipline that provides evidence gathering and investigation support pre and post cyber-attack. Our forensic investigators are trained to safely preserve and examine data found on digital devices and networks often identifying the root cause of incident and evidence.
It is essential to follow forensic principles, evidence continuity and methodology when conducting digital forensic investigations. Our team have a working understanding of the legalities, best practice and methodologies used in the current digital forensic intelligence environment.
We apply evidence continuity, covering seizure, exhibit handling, data collection and preservation through to examination and investigation.
How we can help:
The initial phases of typical digital forensic intelligence investigations are critical; we provide clients with a practical perspective and help them:
- Identify and seize digital items that may contain digital evidence
- Obtain the correct legal procedures and permissions
- Map and index electronically stored information (ESI)
- Help with decision making around loss of evidence
- Collecting other available records
- Evidence handling and chain of custody
- Examination of data from emerging technologies
Once the evidence has been seized and preserved, the forensic examination can begin, including the imaging (producing a working copy) of all digital data from the devices collected using specialised forensic software and hardware. The imaging allows the original device to be preserved as an evidence exhibit, leaving the imaged version to be forensically tested and analysed.
Working with our clients, the analysis phase of the digital forensic intelligence investigation is the interrogation of the data collected.
How we can help:
- testing investigation hypotheses
- identify the root cause of the incident, unauthorised access, breach or attack
- examine all compromised accounts and systems accessed by the attacker
- assist in providing evidence around the intruder’s profile and how technical defence mechanisms were breached
- identify, secure and analyse relevant support information and data from servers, cloud platforms, routers and other network devices
- traditional analysis of deleted files, browser history, access logs and file sharing
- understanding and interpreting the data structures
- presenting evidence, findings and witness statements
- evaluate how to prevent future incidents, breaches and attacks
Clients often request their devices to be imaged as a precaution and if required, to be analysed at a later stage in the investigation.
For further information, visit www.tenintel.com/cyber-security, where you can find out how we support clients with data protection and digital forensics support. Email us at firstname.lastname@example.org and follow us on LinkedIn and Twitter @TenIntelligence for all updates.