We live in an increasingly litigious world where companies can easily find themselves in the middle of legal action. Increasing corporate legislation means that considerable amounts of data must be made available usually from digital storage. Other cases including employee misconduct require a computer forensic response, including the ‘imaging’ and examination of hard drives in line with accepted techniques for integrity and continuity of evidence.
These issues can be an extraordinary pressure on IT Security Teams. These teams by definition cannot be expert at everything within the digital security arena.  As a result incident response and e-discovery requirements are often handled incorrectly leaving the company open to criticism and legal action.
A cost-effective solution now exists for IT security teams to manage their legal responsibilities from a central location by using software that ensures forensic integrity of data. From any location around the globe (law allowing) machines in the enterprise can be examined, hard drives imaged for forensic examination and necessary surveillance carried out.
The solution revolves around the pre-deployment of tiny covert software ‘agents’ which can be deployed using standard patch management systems. The ‘agent’ provides a point of contact for the Console which is used by the security team to communicate with each PC or Server. The ‘agent’ allows the Console to connect to it using encrypted authentication and provides the operator with the ability to collect volatile evidence (network connections etc), RAM and even the entire drive. This is a way for providing a remote forensics solution for the enterprise.
The ‘agent’ also provides unparalleled abilities to monitor the computer for anomalous activity that can be set by the Remote Forensic Expert. This may include the amount of data traffic being generated or data being copied to an external device. This behaviour can notify the Remote Forensics Expert who can respond to an incident anywhere in the world immediately. The Remote Forensics Expert can grab an image of the screen of the remote PC, turn on keylogging and even sniff data packets being generated or received by the computer. This can act as intelligence gathering to make the decision whether to image the machine or not.
Increasing legislation, especially surrounding SOX, (Sarbanes-Oxley), in the USA is causing many companies headaches when e-discovery demands are made upon them. Our solution greatly simplifies the issues by allowing the Remote Forensics Expert to instruct each deployed ‘agent’ to search for defined data criteria and either copy the data to a central store or just report its presence.
For example, a law firm may require all data created after a certain date which contains particular keywords, alternatively they may wish to know which computers have a certain spreadsheet on them, and you can even query your enterprise to see which computers have accessed a particular web site. These capabilities make complying with e-discovery demands considerably simpler.
Although there are other solutions in the marketplace which provide some of these elements, our solution is not bound to any specific forensic examination platform and is significantly more cost-effective.
Disklabs has a team of digital forensics experts offering a range of investigatory and consultative capability. Â Let them advise you on a remote computer forensics solution today
Call us on +44(0)1827 50000 or use our contact form to let us know your requirements.
Disklabs – Computer forensics services for legal and civil investigation.
© Disklabs Ltd 2017
