SERVICE – Digital Forensics
Digital Forensics is the process of uncovering and interpreting electronic data…
From company internet abuse to industrial espionage, eForensik’s state-of-the-art technology enables us to perform cutting edge analyses on personal computers, notebooks, flash discs and other digital storage devices.
We deal with a variety of cases that include employee theft, fraud, unauthorised disclosure of corporate information, industrial espionage as well as damage assessment. Most common among our investigations are those with a view to support or refute allegations put forward in a court of law.
Our process adheres to strict industry standards to ensure our clients get a comprehensive, understandable and defendable report of the situation.
ABOUT THE DIGITAL FORENSIC PROCESS
Forensic processes typically involve the seizure, imaging and analysis of digital media. These are followed by comprehensive reports, which often entail complex time-lines or hypotheses.
BRANCHES OF DIGITAL FORENSICS:
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law.
Mobile device forensics is a branch of digital forensics relating to recovery of digital evidence or data from a mobile device under forensically sound conditions. The phrase mobile device usually refers to mobile phones; however, it can also relate to any digital device that has both internal memory and communication ability, including PDA devices, GPS devices and tablet computers.
The acquisition and analysis of information kept in clouds, for example Gmail, Yahoo, Microsoft Office 365 and many others.
Network forensics is a sub-branch of digital forensics relating to the monitoring and analysis of computer network traffic for the purposes of information gathering, legal evidence, or intrusion detection. Unlike other areas of digital forensics, network investigations deal with volatile and dynamic information. Network traffic is transmitted and then lost, so network forensics is often a pro-active investigation.
Malware Analysis is the study of a malware by dissecting its different components and studying its behavior on the host computer's operating system.
Memory forensics is forensic analysis of a computer's memory dump. Its primary application is investigation of advanced computer attacks which are stealthy enough to avoid leaving data on the computer's hard drive.
Drone forensics can perform the physical extraction of data from drones and parse GPS locations showing valuable route data. It can also analyse data from iOS and Android drone applications and extract data from drone cloud services.
FORENSIC INVESTIGATIONS USUALLY
FOLLOW THESE STEPS:
IDENTIFY – We determine the type of case and plan accordingly.
ACQUIRE – We start the Chain of Custody (CoC) and acquisition process. We secure the relevant device(s). Then we gather information in a manner consistent with the best practices guidelines. This ensures the proper CoC and that any evidence discovered will be admissible in court. All procedures are documented – proof that all of the information on the relevant computer system or any other device had been preserved in its original form.
RECOVER DATA – We recover data by means of storage device imaging and data collection from other resources.
ANALYSE – We examine the recovered data. We search for potential evidence using advanced techniques and tools to isolate the most relevant electronic data. Files are recovered from both allocated and unallocated disk space (the latter still contains data). Even files that are encrypted, password-protected, hidden, or deleted but not yet overwritten, can be recovered.
REPORT – Once analysis is complete we present a comprehensive, understandable and defendable report.