Computer and Mobile Forensics
Our consultants have a vast experience in the area of computer and mobile forensics. ProCheckUp employ scientific methods to recover digital evidence in a purpose-built forensic lab, and follows the established ACPO Good Practice Guide in handling digital evidence to ensure that digital evidence is legally admissible in courts.
Forensic Investigation steps/assurances
As per NIST SP800-86 guidelines, there are four steps that ProCheckUp follow:
- - Collection: Identifying, labelling, recording, and acquiring data from the possible sources of relevant data, whilst following procedures that preserve the integrity of the data.
- - Examination: Forensically processing collected data using a combination of automated and manual methods. Assessing and extracting data of interest, while preserving the integrity of the data.
- - Analysis: Reviewing the results of the examination, using legally justifiable methods and techniques, to derive useful information that addresses the questions that were the impetus for performing the collection and examination.
- - Reporting: Reporting the results of the analysis, which may include describing the actions used, explaining how tools and procedures were selected, determining what other actions need to be performed (e.g., forensic examination of additional data sources, securing identified vulnerabilities, improving existing security controls), and providing recommendations for improvement to policies, procedures, tools, and other aspects of the forensic process.
Forensic Investigation action plan
Upon discussion and identification of the necessary information to start the investigation (e.g. activity logs, data devices or even further information) a plan will be drafted and will follow these steps:
One ProCheckUp have access to the device(s), an identical copy of the evidence supplied by the client will be made. Once copied, the original media will be sealed and stored in a safe location.
Data integrity is arguably the biggest risk, as without it, the entire investigation could be voided due to bad results or damaged data. Every precaution will be taken to ensure that the data on the original disk is not changed or modified/deleted in any way.
An audit trail will be kept to provide accurate timeline of the personnel handling the evidence and every step taken by the investigator(s).
Data recovery is often useful in aiding a forensic analysis and investigation, but can also be required in many other circumstances. A number of failures could result in the loss of data on a physical disk. Whether the data loss is intentional or unintentional; ProCheckUp have the technology to salvage the lost data in certain circumstances.
ProCheckUp can help recover lost data due to the following reasons:
- - Human error / accidental file deletion
- - Logical bad sectors on a hard disk
- - Overwritten data
- - Formatted drive
- - Corrupt partitions / filesystem
- - Operating system error
- - Unbootable drives
Note: Only logical data recovery is covered by this service. ProCheckUp cannot guarantee that data loss due to physical damage can be recovered.
Data Discovery is the systemic identification and analysis of sensitive data on a network. Such data can encompass trade secrets and intellectual property, financial and payment card data (eg: credit card PAN, CVV and track data), personally identifiable information, payrolls, health and databases.
Due to the complexities of today’s business processes; sensitive data can unintentionally find its way to insecure locations within the network such as in an employee’s mobile computer, open file shares or the cloud. ProCheckUp can help organisations ‘discover’ such data to ensure that the controls in place are effective in ensuring the confidentiality, integrity and availability of the data.
Locating and protecting specific types of confidential information is a key requirement within a number of industry standards and regulations such as PCI DSS and HIPAA.