Digital forensics is the use of scientifically derived and proven methods for the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence. This evidence can be extracted from many digital sources such as CD/DVDs, hard drives, flash drives, memory sticks, and magnetic tapes, etc.
Digital forensics serves as a supporting proof or corroborating evidence often made by prosecutors and defendants to refute a claim that a certain activity was done by a specific person using a piece of digital equipment. The most common use is to recover erased digital evidence to support or disprove a claim in court of law or in civil proceedings such as the eDiscovery process in courts. Forensics is also used during internal corporate investigations or intrusion investigation which includes additional activities like network and log review.
Types of Digital Forensics
At NII, we have a full-fledged team and a well-equipped lab to carry out the following types of digital forensics:
- Computer forensics
- Reveal the current state of computer system
- Obtain evidence from various storage medium such as computers, embedded systems, USB pen drives
- Examine system logs and Internet history.
- Some of the artefacts we can get from such investigations include:
- Hidden, deleted, temporary and password-protected files
- Sensitive documents and spreadsheets
- File transfer logs
- Text communication logs
- Internet browsing history
- Pictures, graphics, videos and music
- Checking Event logs and System Logs
- Checking Illicit, pirated or legitimate software installations
- Mobile device forensics
- Recover digital evidence from a mobile device.
- Investigate call logs and text messages (SMS/Email)
- Providing location information via GPS or cell site logs
- Investigate communication stores such as BBM, WhatsApp, WeChat, etc.
- Artefacts that can be retrieved are:
- Phone number and service provider information
- Incoming and outgoing call logs
- SMS, Emails, IRC chat logs
- Contact details from address books and calendars
- GPS and location based data
- Network forensics
- Monitor and analyze LAN/WAN/internet traffic (even at the packet level)
- Retrieve and analyze logs from a wide variety of sources
- Determine the extent of intrusion and the amount of data retrieved
- Forensic data analysis
- Investigation for financial frauds
- Correlating with financial documents
- Working closely with Certified Fraud Examiners
- Database forensics
- Forensic study of databases and their metadata.
- Investigation on database contents, log files and in-RAM data
Digital evidence is being employed effectively in all types of litigation. From hostile work environment issues, criminal defense cases, intellectual property matters, financial fraud to family law practices, etc. The following information used by the forensic investigator is admissible in litigation suits:
How NII can help you?
NII has done extensive projects in digital forensics and has a dedicated team for carrying out these various activities. We have co-operated with law enforcement authorities in helping them getting leads in the forensics investigations and also played a vital part in internal corporate investigations for many of our clients. Our work ethics and quality deliverables have won accolades from many of our clients and their testimonials are strongest testimony to our professional and quality work deliverables. A representative list of some of the projects we have done are:
- Analysis of dozens of hard drives and correlating them with financial documents to build a water-tight case of tax evasion, FEMA violations, disproportionate assets, etc. against the accused who was arrested on other grave charges. The evidence and reports provided by us enabled regulatory agencies to pursue multiple independent cases against the accused and law enforcement was able to file a 5000-page charge-sheet
- Analysis of server logs to determine a breach in one of the country’s main telecom firms done by Pakistani hackers prior to Independence day. Complete details of the steps taken by the hacker and the malware uploaded onto the servers was provided along with detailed recommendations on how to ensure such an event doesn’t occur in the future
- Disk-based analysis to retrieve deleted files, email correspondence and Internet browsing history of the suspect and determine the exact nature of the financial fraud as well as determine the list of accomplices.
- Analysis of smartphones and tablets to retrieve BB Messenger, WhatsApp, and SMS communication
- Empaneled by a multi-national bank for all forensic cases in the Asia-Pacific region
Related Articles / Blog posts for Digital Forensics
- Indian APT – the Hangover Effect – Full Report on Malware Analysis
- Dissecting NTFS Hidden Streams
- Dump password of application pool user from IIS >= 6.0
- Data Carving Issues
- Hiding data with Host Protected Area (HPA) in Linux
- Bad Superblock, corrupt inode tables and loads of bad luck!
- Understanding Index.dat (Internet History Data File in Windows)
- LINReS – An open source Linux Incident Response Tool!