NY Office : 212.582.3115 FL Office : 954.802.1949 World Wide Toll Free : 866.977.3700

Forensics Analysis

Forensic Investigations, Discovery, and Analysis
International Consultants & Investigations offers Computer Forensics For Investigations supporting Law Firms, Corporations, Government
Preservation and analysis of electronic evidence using methods acceptable in courts of law.

FORENSIC: Relating the application of scientific knowledge to legal problems

SCIENTIFIC METHOD: Principles & procedures for the systematic pursuit of knowledge involving recognition & formulation of a problem, collection of data through observation and experiment , and formulation & testing of hypotheses

PRESERVATION

  • Documentation
    • Chain-of-custody
    • Acquisition
  • Goal: Preserve w/o impact
  • Reality: Understand impact
  • Write-block when possible

AVANCED PRESERVATIONS

  • Live systems
  • Networks
  • The “Cloud”
  • What about data security?

DATA SECURITY

  • TrueCrypt
  • File, device, and boot volume encryption
  • Lots of flexibility, extremely powerful
  • Open source

ANALYSYS

  • Data carving
  • Internet history
  • Removable storage activity
  • Document metadata
  • Evidence spoliation
  • Malware identification

SAMPLE TOOLS

  • EnCase / EnCase Enterprise
  • Forensic Toolkit (FTK)
  • ProDiscover IR
  • X-Ways Forensics
  • SANS SIFT
  • CelleBrite

SPY SOFTWARE

  • Spy software detection
    • Browse “Program Files”
    • Antivirus?
    • Configuration Review
    • Known Hash Values
    • Software Remnants (Post-Uninstall!)
    • Log entry carving
  • Remote access software used for spying?
    • Windows Remote Desktop, LogMeIn, VNC, GoToMyPC, Screen Sharing, Back to My Mac

ICO INVESTIGATION AND PROTECTION

LOG ME IN REMNANTS

Remnants of spy and remote access software can be exported from live files and carved from unallocated space:

GPS

Many GPS devices have readily accessible storage which can be forensically preserved Others may require vendor assistance Live data can be plotted on Google Earth Deleted data can be plotted as well once it’s identified and extracted properly consulting. International Consultants & Investigations – Forensics