←All Posts Posted on February 14, 2015 By admin
Elvidence provides a wide range of computer forensic services, ranging from data collection and analysis to computer hacking investigations and expert witness services. Whilst this type of work is often linked to gathering evidence for court cases it can have many other uses too. Here’s a look at some of what we can do for businesses and individuals.
There’s been a significant rise in the amount of computer and internet related crime in recent years. This is hardly surprising as we increasingly rely on computers and the internet to carry out transactions and store and exchange information. The very nature of computers means that whatever you do leaves a trail of evidence, but in order to be used in court this needs to be gathered and handled in such a way that it isn’t compromised. This is where digital forensics comes into play.
Though the gathering of digital evidence now plays a key part in the investigation of many crimes, it’s also used by a growing number of businesses. The skills of a computer investigator can be useful in uncovering misuse of company computers or email, or the copying and leaking of data from within an organisation. Our services can of course be adapted to meet the specific needs of the client.
Often abuses of computer and other digital systems happen in the workplace. This can take a number of forms such as staff viewing inappropriate material using work internet connections, or passing commercially sensitive information to competitors. In some cases maybe even setting up a new business in opposition to their employer. Forensic examination of computers and mobile devices can reveal what has been happening. Computer investigations are something that can be carried out covertly if required.
In some cases this activity may amount to actual fraud. Most financial and other transactions today are recorded electronically and devices in an organisation may therefore need to be examined to determine if fraudulent activity has taken place. Transaction information is only part of the story though. Often other documents and emails can help identify the falsifying of stock records or invoices which in turn can indicate that fraudulent activity has taken place.
Thanks to technology it’s easier than ever to copy and distribute information and that leads to problems when it comes to safeguarding intellectual property. It’s all too easy for employees to copy material to a flash drive or a cloud storage service without the knowledge of the enterprise. However, the way computers work means that these activities almost always leave a trace. Timely forensic investigation can provide evidence of the theft of information allowing appropriate action to be taken.
Another problem faced by businesses today is unauthorised access to information. This can take place internally through the misuse of legitimate credentials, or by someone trying to break into a system from outside.
Hacking and unauthorised access can often go undetected until some other activity – such as actual theft of data – has taken place. There are usually log files available that record access to a computer by particular users or from particular internet addresses. The problem is that these logs are often overwritten on a rolling basis so evidence can be wiped out. When signs of a problem are detected therefore it’s vital to act fast in order to preserve information. Having an experienced digital forensic expert do this is essential as the information may end up as evidence in a court case and if it’s incorrectly handled it could jeopardise the outcome.
When cases involving digital information come to court it may be that the services of an expert witness are required. This is someone who – under the Civil Procedure Rules 2005 (CPR) – is required to have expert knowledge from their skill and experience. They’re also required to be independent when delivering information to the court. An expert witness may be required to produce a report and deliver evidence in court or at a tribunal, arbitration hearing or other legal proceeding.
A computer forensic expert witness is likely to have experience and expertise in a number of areas including theft, fraud, hacking malware and intellectual property theft. They may also be experienced in presenting digital information in cases involving employment and family law or in criminal law areas including assault and drugs.
Under CPR the computer forensic expert witness is required to be independent and it’s therefore possible that they could be instructed jointly by both parties. In this case the witness would outline the points of agreement and disagreement between the parties in order to assist the court.
Computers have made it easy for almost anyone to create professional looking documents. Whilst this is an undoubted benefit for businesses it can also lead to problems when it comes to determining the authenticity of a document. It’s easy, for example, to change the date on a legal document like a will or a contract to make it appear that it was created much earlier than it was. A computer investigator can determine the actual file creation and modification dates from electronic copies in order to authenticate a document in the event of a dispute.
Not so many years ago digital information was confined to computers located on desktops or in server rooms. In recent times though technology has become much more ubiquitous and mobile. The smartphones and tablets of today have more storage and processing power than the desktop machines of a decade or so ago. The rise of mobile devices also makes it much more likely that personal equipment may be used for business purposes, with many companies adopting Bring Your Own Device policies allowing employees to use their own kit.
Removable storage media like USB sticks and SD cards comes into play too as they make it easy to carry around and transfer relatively large volumes of information. When any of these devices is involved in a legal or disciplinary issue it’s important that digital forensics is used so that the data can be recovered without being compromised. Even if a device has been reset or formatted it may be possible to recover data, but if it’s done in the wrong way the information could end up being worthless as evidence.
The nature of electronic devices means that it’s easy to store data and equally easy to wipe it out again. However, it’s remarkably difficult to remove information from a storage device completely. Elvidence’s computer forensics experts have a lot of experience in recovering information even from devices that may be physically damaged.
By using specialist tools data can be recovered from files or fragments whilst still preserving the integrity of the data. Unlike paper documents a recovered digital file will still have information about its usage history, creation dates, previous versions and so on. It’s also possible to recover deleted emails, internet history, uninstalled software and more. This is useful for the legal areas we’ve already talked about but also for recovering important business data from damaged or accidentally wiped storage.
You may not have come across the term eDiscovery before. It’s used to describe the early stage of litigation where the parties have to provide each other with records and other information relevant to a case. The information included in an eDiscovery process may be documents, spreadsheets, email and multimedia files.
It can often be a complex process involving large quantities of data, so it’s important to have experts involved. Elvidence will search for and extract relevant information and present it in a litigation-friendly format. These procedures are applicable whether the case involves a small business with a couple of PCs or a large corporate network.
Email has in many cases replaced the telephone as the main means of business communication. But it’s all too easy to create free email accounts with almost no verification taking place, it can therefore be difficult to know if a message is from a legitimate sender.
It’s also easy for spammers, hackers and those with a criminal agenda to ‘spoof’ emails so that they appear to come from somewhere else. A forensic investigation can in many cases lead to the true source of a suspicious email.
We’ve come to rely on the internet for a whole range of day-to-day tasks from organising our social lives to shopping and managing our bank accounts. But there’s a dark side to the internet too which might spark the need for some sort of investigation. Cyber bullying or stalking for example, fake social media posts, defamation, copyright theft and more can all take place online. Investigations in this area can be complex as sites may be based overseas, but there are many things that can be done to trace posts and users.
Whilst computers are now essential for most organisations, they often tend to be installed in a rather ad hoc way over a number of years. Systems are bought to meet specific short-term needs without any sort of master plan for their management or integration, especially in smaller businesses.
Elvidence offers system audit services which help organisations to understand their systems and get back in control. This can be especially useful following a restructure or merger or after the departure of an IT administrator who set up the systems. By auditing and mapping out the IT infrastructure businesses can take back control of their systems and put in places documentation and procedures to ensure they stay on top of things.
Digital forensic investigations aren’t just about criminal or disciplinary matters. Computer investigations can have their place in other areas like family law too. Emails or text messages may provide evidence of marital infidelity for example or analysis of computer contents may show that children are at risk of grooming or viewing inappropriate content. Analysis of computer files can also uncover the existence of assets which someone may be trying to hide in the event of a separation or legacy dispute.
Sometimes the only way to get information in a legal matter is by using the force of the law. Elvidence staff can help with the preparation and execution of Anton Piller Orders and search warrants to ensure that the right data is targeted and recovered.