We had one of our employees steal data from the company and gave it to one of our competitors...”
Our digital forensics and incident response (DFIR) investigations generally fall under:
- Data breach (IP theft, hacking, ransomware etc.)
- Company policy violation
- Departing employee investigation
- An employee or ex-employee:
- exfiltrate emails, intellectual property or other confidential information;
- deletes intellectual property, important or confidential information;
- sells your products or services on the side;
- makes fraudulent payments or other expense claims;
- compromises your digital security by visiting harmful websites;
- manipulates or otherwise alters digital records;
- misuses company assets by storing child pornography etc. on the servers/computers and deletes the evidence;
- hack confidential user accounts etc.
- External cybercrime where a perpetrator:
- uses your company identity for nefarious purposes;
- gains access to your systems:
- by performing an SQL, brute force, DOS or other forms of attack;
- using identity theft, social engineering, phishing, spoofing or by other means.
What can you expect from a digital forensic investigation?
We can help you recover, extract, investigate and analyse evidence from working and non-working (mechanically failed), deleted and corrupted digital data storage devices including cloud-hosted locations that may have been used during an insident to determine and report the who, what, when, where, why and how of an incident, e.g.:-
- Who was using the device?
- Who opened, executed, emailed, copied or deleted the data - to whom was the data sent, who else was involved or had access to the device or data?
- What happened?
- What data was accessed, copied, sent, printed, screen captured, deleted, obfuscated, password protected or encrypted - what applications or devices were used, what programs were installed, deleted or uninstalled, what other data could have been affected, what websites, social media, online communication, forums, file storage sites etc. were visited, what was posted or uploaded, what was the sequence of the events?
- When did this happen?
- When was the data accessed, copied, sent, printed, screen captured or deleted - when were the applications or devices used, installed, deleted or uninstalled?
- Where did this take place?
- Where else is the data located, where was the data sent, uploaded, copied or printed to?
- Why did it happen?
- Are there any correspondence, metadata or activity logs that could assist in answering this question?
- How was it done?
- How was the data accessed or compromised, how did the data get on or off the device, how did the person communicate with other people?
Our field of expertise include:
- Computer Forensics (Windows, Mac, Linux etc.)
- Network Forensics
- Mobile Device Forensics (Android and IOS devices - cellular phones, smartphones, tablets, GPS devices, Kindle, Media devices, SIM cards etc.)
- Email Forensics (MS Exchange, Outlook, Gsuite, Gmail, Office 365, Lotus notes etc.)
- Cloud Forensics (Apple, Amazon Web Services (AWS), Box.com, Dropbox, Facebook, Instagram, Lyft, Mega, Twitter, Uber, WhatsApp, G Suite, Gmail, Microsoft Azure, Office 365, Office 365 Sharepoint, OneDrive, Microsoft Teams, Slack, Snapchat and Yahoo) - * Require admin or user credentails depending on the service.
- Drone Forensics
- IoT Forensics
- Memory Forensics (Windows, MAC, Linux)
- Email Forensics (Outlook, Microsoft 365 Email, G Suite, MS Exchange, Gmail, Lotus Notes etc.)
- Database Forensics (MSSQl, MYSQL etc.)
What is a departing employee investigation?
This a condensed forensic investigation from personal computers (PC's) and laptops, with the data captured remotely to determine:
- What files were downloaded and accessed?
- What cloud services were accessed?
- Internet history (searches and websites visited)?
- Unauthorised programs loaded?
What is departing employee investigation not?
- A full forensics investigation including a detailed forensic report.
- Does not include:
- Recovery of deleted data, decrypting files and password recovery.
- A full forensic image of the data storage device.
- Data extraction and investigation from mobile devices.
Tags: Digital Forensics Computer Forensics Data Forensics Electronic Forensics Digital Search And Seizure Digital Evidence Digital Forensic Investigation Data Message Forensics Electronic Evidence Forensic Duplicates Intellectual Property Theft Data Theft