Digital Forensic Investigations

Expert digital forensic investigations and incident response with the highest level of privacy and customer confidentiality. We can analyse anything from a single personal laptop or home computer all the way through to enterprise level investigations into state sponsored advanced persistent threats. We can provide a customised and scalable investigation completely remotely and with the highest level of confidence and ability.

How does it work? Our investigation starts with the requirements capture and the acquisition of data, this can be done by you and mailed to us on an external drive or uploaded to our secure servers. This can also be carried out by one of our technicians visiting you onsite or by talking you through the process on the phone. At this point we need to know a bit of background about the device or devices and the intended outcome of any investigations.

  • Has someone used your equipment without your consent?
  • Has someone installed something on your computer without your knowledge?
  • Do you have malware?
  • Do you have spyware such as a keylogger or listening device installed on your laptop?
  • Has someone plugged something in they shouldn’t have?
  • Do you need to prove someone did something for an internal investigation?
  • Has someone deleted something from your device that you want to see or need? Has someone hacked into your device?
  • Is someone using your equipment for something they shouldn’t be?
  • Do you have a new device that you just want to know what its been used for in the past?
  • Is your corporate intrusion detection system alerting you but you don’t know what to do?
  • Has your corporate anti-virus alerted you to something and you want be sure you are clean?
  • Has your perimeter defence picked up something and you would like to know how it got there?
  • Have you been the victim of an attack and would like an enterprise level investigation to determine the scale of the attack?
  • Have you contained a threat and want to know if the attacker moved laterally through the network and exfiltrated data.

    We will then analyse every bit and byte of the data and produce a report back to you detailing our findings. Once our investigation has completed and you are happy with our service we erase our copy of the data and destroy all our previous contact data securely. We understand client confidentiality and reputational risks around such investigations. During our investigation we use non-persistent machines in an air gapped closed offline network with no internet functionality to ensure none of your data is ever at risk of leaving our lab. We also do not look at the actual data such as videos or pictures but look at the metadata around the data for our analysis.

    A common misconception is that anti-virus software protects the data completely. If someone has had access to your device for enough time to double click a file on your desktop then this is all they need to be able to open a backdoor for them selves to access your device remotely. Anti-Virus also requires that the virus or malware has been seen before and is well documented, malware that has been created and delivered to a customised target will not be identified by anti-virus. Particularly at risk are senior members of staff in companies to gain the attacker complete access to the highest level of decision making, accounts or business knowledge.

    All our investigators have been trained to the highest standards and have multiple qualifications from the world-renowned SANS information security training organisation as well as Comptia, Microsoft, Cisco and others. Our investigators can analyse disk images, physical disks, virtual machines, live memory analysis, malware investigations and simulation, reverse engineering of malware, data recovery and network traffic. For corporate clients our report will outline possible remediation plans and can aid the internal IT department in cleaning the network.