Experience is everything in computer forensics. Deloitte is proud to have assembled some of the most experienced computer forensic specialists from around South. With backgrounds in law enforcement, technology, fraud investigation, systems security consulting, computer forensics and computer incident response, our team has an impressive track record of successful discovery.
Within a forensic analysis, our professionals can work with the client to navigate IT systems for evidence of malfeasance, such as information deletion, policy violations and unauthorised access. A wealth of information may be recoverable from computer hard drives and backup tapes, including active, deleted, hidden, lost or encrypted files, or file fragments. Even files that were created but never saved may be recovered.
The process used by a computer forensic specialist often involves taking an image or exact replica of the hard drive, which is preserved in a locked, fireproof safe for evidentiary and chain of custody purposes. We can then run diagnostic software tools against copies of the image to search for the existence of relevant files.
Paper documents still play a significant role in many litigation matters. Computer forensics may also be used to compare paper documents with their electronic counterparts to help determine if the document has been altered.
An electronic data investigation typically begins with capturing data from a computer by producing a duplicate image of the hard drive containing all resident data, including files that users may have deleted long ago. Our computer forensic professionals can then look for e-mails, documents, spreadsheet files, Web downloads and other electronic data that may have been deleted or encrypted, or that may exist only in fragments. Such bits and pieces of data can have tremendous value in an investigation.
Planning, advice and management
Planning your response to incidents that require a forensic investigation is vital. Detailed planning allows you to optimise the data which you recover to provide a useful, timely and evidentially sound information in the evident of an incident
Data preparation and analysis
With rapidly increasing data storage capacities, the processing and analysis of electronic data requires smart, innovative solutions to ensure that material is analysed and refined based on relevancy.
Preparation and presentation of electronic evidence
Material obtained from electronic storage devices can often be the missing piece in the jigsaw puzzle. It is crucial that such valuable material is presented in a clear and concise form which is relevant to its audience.
Our computer forensics unit can:
- Conduct detailed computer forensic and electronic investigations;
- Assist in the development if a forensic response process
- Conduct forensic examinations of systems or devices and storage media
- Attend third party premises subject to a legal search authority
- Forensically duplicate and extract data from system backup tapes
- Examine and retrieve data from computer networks and hardware devices
- Perform disk image analysis and restoration
- Storage media/disk sector analysis
- Examine and analyse portable devices, removable storage media and backup tapes
- Analyse complex computer and business applications
- Conduct comprehensive forensic examinations across computer networks, internet related services (web servers, security/authentication systems, firewalls, IDSS, etc)
- Recover data and file fragments which have been intentionally deleted, hidden or protected
- Recover passwords from systems and documents
- Graphically represent voluminous data sets in a clear and concise form
- Conduct statistical data analysis and modelling
- Provide expert evidence to courts and administrative hearings
- Collecting data in a wide range of formats and media (including hard copy) from national and international locations
- Navigating IT systems to uncover information that may be recoverable from computer hard drives and back-up tapes, including active, deleted hidden, lost or encrypted files or file fragments
- Preserving all data to be stored in a locked, fireproof safe for chain of custody purposes.
Threats posed to organisations by cyber crimes have increased faster than potential victims – or cyber security professionals – can cope with them, placing targeted organisations at significant risk.
Today’s cyber criminals are increasingly adept at gaining undetected access and maintaining a persistent, low-profile, long-term presence in IT environments. Meanwhile, many organisations may be leaving themselves vulnerable to cyber crime based on a false sense of security, perhaps even complacency, driven by non-agile security tools and processes. Many are failing to recognise cyber crimes in their IT environments and misallocating limited resources to lesser threats. For example, many organisations focus heavily on foiling hacking and blocking pornography while potential – and actual – cyber crimes may be going undetected and unaddressed. This has generated significant risk exposure to financial losses, regulatory issues, data breach liabilities, damage to brand, and loss of client and public confidence.
Most indicators point to future cyber crime attacks being more severe, more complex, and more difficult to prevent, detect, and address than current ones, which are bad enough.
An underground economy has evolved around stealing, packaging and reselling information. Malware authors and other cyber criminals for hire provide skills, capabilities, products and “outsourced” services to cyber criminals. These include data acquisition and storage, stealthy access to systems, identity collection and theft, misdirection of communications, keystroke identification, identity authentication, and botnets, among others. Meanwhile, today’s security model is primarily “reactive” and cyber criminals are exploiting that weakness.
Organisations can take several steps to protect themselves:
- The first step is to comprehend the seriousness of cyber crime threats to valuable data, processes and assets.
- The second is to shift from a security-based approach to a more risk-based approach to cyber security.
- The third step is to knock down the walls associated with siloed approaches to dealing with cyber crime threats.
- Our cyber crime specialists will work closely in developing “actionable” cyber threat intelligence (first on intelligence gathering and analysis and then assessment) in the context of an overall risk-management system.
- Tailored to your needs, we will assist in identifying exposures to cyber crime and their current detection, prevention, and mitigation capabilities.