Computer Forensic Analysis
What is forensic computing?
A methodical series of techniques and procedures for gathering evidence, from computing equipment and various storage devices and digital media, that can be presented in a court of law in a coherent and meaningful format. — Dr. H.B.Wolfe
The goal of computer forensics analysis is to prepare all relevant material for further cybercrime’s investigation.
Cyber crime includes:
- Hacker system penetrations (both external and insider attacks)
- Distribution and execution of viruses and worms
- Damage of company service networks
- Financial fraud
- Theft of intellectual property
Gathering of digital evidence is crucial during computer forensics examination. We perform it in the following steps:
1. Protecting the subject computer system from any possible alteration, damage, data corruption – if it is possible, do not power off your systems or disconnect them from the network – this can cause the lost of all evidence, contact us first.
2. Discovering of all files, processes and system objects on the subject system (it includes existing normal files, hidden files, encrypted and password-protected files).
3. Recovering all (as much as possible) of discovered deteled files.
4. Revealing the contents of hidden files as well as temporary or swap files.
5. Cracking (if it possible and legally approriate) of all password-protected and encrypted files.
6. Analyzing of all relevant data discoved in all parts of a disk (it also includes unallocated/slack space).
7. Preparing overall analysis of the subject computer system, as well as a listing of all relevant files, processes and discovered data, providing an opinion of the performed analysis (description of possible attack’s scenario, any attempts to hide, delete, protect, encrypt information and anything that appears to be relevent to the overall forensics analysis)
8. Providing expert consultation and/or testimony, as required.