Blog

Mobile About Slide

What is Cyber Forensics

20.10.15

Legal and civil investigations

cyber forensics laboratoryCyber forensics is the process of extracting, analysing and reporting on digital data obtained from variety of electronic devices (computers, mobile phones, sat navs etc.).

The outputs from cyber forensics is legally admissable evidence in a court of law, provided its capture follows appropriate procedures.

Disklabs provides cyber forensics services in both criminal and civil cases.  An increasing part of our work is in support of organisations that have been the victims of cyber crimes such as IP theft or computer fraud.

The company operates a state of the art forensic laboratory manned by a team of forensics experts.  The lab works with a set of clear, standard procedures to maintain an admissible chain of evidence.

Disklabs is renowned for providing concise and understandable reports to its clients, even when the case involves complex information or a convoluted chain of events.

Cyber forensics combines physical examination, the use specialist software and person-to-person interviewing to examine electronic devices and identify improper behaviour.  Retrieval of data from disc drives, memory, software logs and other records is often the starting point.  This task is made more difficult because data will be lost, hidden, erased or damaged by the perpetrators of the crime.

Disklabs offers comprehensive fixed price contracts to ensure that there are no unexpected increases in cost and to provide you with the highest standard of service possible.  We follow Association of Chief Police Officers guidelines for digital evidence and we are  accredited to ISO9001, ISO27001 and ISO17025 standards.

For more information call us today on +44(0)1827 50000 or use our contact form to let us know your requirements.

 

What is Cell Site Analysis?

02.09.15

Location and movement of mobile phones

forensic cell site analysis for defence solicitorsCell Site Analysis is a legally accepted process which identifies the location and movement of a mobile phone over a period time.

The Cell Site Analysis process cross-references of historic call records (including voice, SMS and multimedia messaging) with readings from the cell site masts that transmit and receive mobile communications signals.

Investigators can review Call Data Records (CDR) from the mobile telecommunications providers and carry out ‘field strength surveys’. Surveys are required because of variations in signal strength at particular locations caused by distance from a Cell Site or interference from structures or local topography.

Cell Site Analysis allows forensic investigators to;

• Identify specific locations in which individual and multiple mobile phone have been used.

• Track changes in physical location and identify a time line of use or non-use.

• Identify electronic contact between different mobile devices – content, time and location based.

The evidence gathered from the Cell Site Analysis can be further correlated with other outputs from the digital forensics process related to specific content such as computer files or CCTV footage, or to digital “meta data”.

In the context of an investigation Cell Site Analysis can:

• Test the validity of alibis.

• Show proximity to a crime scene.

• Determine if individuals in a case have been in contact or proximity.

• Identify patterns of movement by suspects and victims.

Disklabs provides Cell Site Analysis services to criminal defence solicitors, law enforcement agencies and corporations. We have the expert forensic capability to extract and analyse data and the communications skills to create easy-to-follow reports.

Visit our website for further details on Disklabs’ Cell Site Analysis capability as well as our wider set of digital forensics services or get in contact. Call us today on +44(0)1827 50000 or use our contact form to let us know your requirements.

What is digital forensics?

11.08.15

Extraction, validation and analysis of digital data

Digital forensics is the extraction, validation and analysis of digital data from electronic devices.
Digital forensics data recovery and analysis servicesOriginally digital forensics referred solely to computer-based activity but it now covers a wide range of electronic equipment including;

• Mobile phones (cell phones).

• Portable devices (e.g. tablets and Sat Nav).

• Telecommunications network infrastructure (e.g. cell site masts).

• Surveillance equipment (e.g. video and CCTV).

Digital forensics is used to provide legally admissible evidence in courts of law for both criminal and civil cases.  The evidence may relate to the content of the data in terms of text or images, or its ‘metadata’, which refers to how and when it was created and used.

This means that digital forensics can be used to determine the nature of a crime, provide attribution to a particular suspect and provide a time and location-based ‘audit trail’ of activity.

In a legal context the digital forensics process must follow rigorous guidelines (in the UK the “ACPO Good Practice Guide for Digital Evidence” provides a template) to maintain the chain of custody and provide admissible evidence.

Digital forensics is also deployed in the corporate world for a variety of internal and external investigations related to, for instance, HR issues, employee fraud, regulatory compliance or hacking.  Although the same level of rigour is not required the actual digital forensics process is broadly the same as in the legal field.

Disklabs has been providing digital forensics services to criminal defence solicitors, law enforcement agencies and corporations for many years.  We have a strong track record in providing effective extraction, validation and analysis of digital data. What our clients’ particularly value are the clear, concise and easy to follow reports that we produce.  The ability to communicate potentially complex material to non-technical audiences is often the difference between success and failure.

Visit our website for more information on Disklabs’ range of digital forensics and data recovery services or get in contact.

Call us today on +44(0)1827 50000 or use our contact form to let us know your requirements.

 

Disklabs – Experts in cell site evidence preparation

Forensic Mobile Work

17.07.15

Your personal history revealed here

secure the data on your mobile deviceBack in 2009 Disklabs was featured in a Computer Weekly article entitled “Forensic mobile phone work reveals threat to all of us“.

The article revealed exactly how much detailed information could be gleaned about an individual from text messages, emails, contact databases and apps. Information that could be used to get access to bank accounts, to determine the best time to burgle your home or, more insidiously, for both cyber and physical stalking.

Six years on the situation has only got worse.

93% of UK adults now own mobile phones (source: Mobile Operators Association) and more than two thirds have a smartphone (source: Mobile Consumer 2014: The UK Cut. Deloitte). Our smartphones and tablets contain even more details of our personal and business lives.  Not only have the devices themselves been given greater processing power and capacity but they plug us in more effectively than ever to a myriad of apps, social media sites and eCommerce opportunities.

It is true that manufacturers and content providers have introduced various security measure and features to help protect us from prying eyes. Fingerprint scanners and facial recognition on our phones and tablets; Two-step verification log-ins and secure encrypted sessions for websites and apps.

However here are two statistics that make those measures sound less reassuring.

One. A 2014 study by Consumer Reports suggested that 34% of smartphone owners in the US don’t use any security features at all – it isn’t likely that the UK will be better in this respect.

Two. A staggering 183, 523 smartphones, tablets, laptops and USB drives were reported to the Police as lost or stolen in 2013-2014 (source: V3.co.uk).  EE (source: Explore.EE.co.uk) actually suggested the figure was as high as 10 million.

It all adds up to a massive risk for both individuals and organisations.  Reported UK cybercrime in 2013-2014 was valued at £670m but this is likely to be a massive underestimate.  Disklabs has provided its digital forensic investigation capability for a variety of public and private bodies and maintaining privacy has been the watchword in every case.

So what can you do to be more secure?

• Set up lock screens and use a pin number or better still a password with a mix of alphanumeric characters, upper and lowercase.  Pattern unlocks can be detected by greasy finger trails on the screen.

• Use apps to provide antivirus, antitheft, device location and privacy protection features. Providers include Norton, AVG, BullGuard and Sophos.  Don’t use any apps that come from unknown sources.

• Switch off automatic wifi, Bluetooth and NFC connections to stop your device from connecting with spoof networks.

• Consider encrypting your smartphone and SD card. This offers very strong protection to your phone but there are some disadvantages.  It may slow your phone down and once you have enabled it you can’t go back to non-encrypted use without a factory reset.

Most people don’t willfully leave their doors and windows open, a stack of money laying on the kitchen table and a list of the location of their most valuable belongings pinned to the fridge when they go out.  Don’t do the equivalent on your mobile device.

Visit our website for more information on Disklabs’ range of digital forensics and data recovery services or get in contact.  Call us today on +44(0)1827 50000 or use our contact form to let us know your requirements.

 

Image courtesy of Stuart James at FreeDigitalPhotos.net</>

 

Remote Computer Forensics

17.07.15

Supporting the IT Department

remote computer forensicsWe live in an increasingly litigious world where companies can easily find themselves in the middle of legal action. Increasing corporate legislation means that considerable amounts of data must be made available usually from digital storage. Other cases including employee misconduct require a computer forensic response, including the ‘imaging’ and examination of hard drives in line with accepted techniques for integrity and continuity of evidence.

These issues can be an extraordinary pressure on IT Security Teams. These teams by definition cannot be expert at everything within the digital security arena.  As a result incident response and e-discovery requirements are often handled incorrectly leaving the company open to criticism and legal action.

A cost-effective solution now exists for IT security teams to manage their legal responsibilities from a central location by using software that ensures forensic integrity of data. From any location around the globe (law allowing) machines in the enterprise can be examined, hard drives imaged for forensic examination and necessary surveillance carried out.

Intelligent monitoring

The solution revolves around the pre-deployment of tiny covert software ‘agents’ which can be deployed using standard patch management systems. The ‘agent’ provides a point of contact for the Console which is used by the security team to communicate with each PC or Server. The ‘agent’ allows the Console to connect to it using encrypted authentication and provides the operator with the ability to collect volatile evidence (network connections etc), RAM and even the entire drive. This is a way for providing a remote forensics solution for the enterprise.

The ‘agent’ also provides unparalleled abilities to monitor the computer for anomalous activity that can be set by the Remote Forensic Expert. This may include the amount of data traffic being generated or data being copied to an external device. This behaviour can notify the Remote Forensics Expert who can respond to an incident anywhere in the world immediately. The Remote Forensics Expert can grab an image of the screen of the remote PC, turn on keylogging and even sniff data packets being generated or received by the computer. This can act as intelligence gathering to make the decision whether to image the machine or not.

E-discovery

Increasing legislation, especially surrounding SOX, (Sarbanes-Oxley), in the USA is causing many companies headaches when e-discovery demands are made upon them. Our solution greatly simplifies the issues by allowing the Remote Forensics Expert to instruct each deployed ‘agent’ to search for defined data criteria and either copy the data to a central store or just report its presence.

For example, a law firm may require all data created after a certain date which contains particular keywords, alternatively they may wish to know which computers have a certain spreadsheet on them, and you can even query your enterprise to see which computers have accessed a particular web site. These capabilities make complying with e-discovery demands considerably simpler.

Although there are other solutions in the marketplace which provide some of these elements, our solution is not bound to any specific forensic examination platform and is significantly more cost-effective.

Disklabs has a team of digital forensics experts offering a range of investigatory and consultative capability.  Let them advise you on a remote computer forensics solution today

Call us on +44(0)1827 50000 or use our contact form to let us know your requirements.

 

Disklabs – Computer forensics services for legal and civil investigation.