- Category: Technical Services
|There are many ways and places to hide information in today's high-tech world, but recovering that information presents its own unique set of challenges and we're here to meet them with either on-site and/or remote services.
|Forensic Data Analysis involves the recovery, decryption and analysis of information stored within computer systems, storage systems, phone systems and hard data. The processes involved are very specific to each case but in general there several categories...
Soft Data Forensic Analysis
Information stored on a computer hard disk for example is soft data.. in that the information can be easily changed and/or deleted. Recovering the information is often the easy job, but deciphering the information is much harder. There are many systems and protocols for the encryption and decryption of data and many of which present a very high degree of resistance to compromise. However, most computer systems during their operation leak large amounts of data to unprotected areas of the storage medium and this information can often be useful. Another recent technique employed, especially by criminals with data encryption knowledge is what we call Hot Data. Hot Data is the storage of confidential information in RAM and NOT on the hard disk. This method of storage provides almost certain protection from discovery as during a raid the Police will probably just pull the plug on everything and take it away, ensuring the data is destroyed. A variation of Hot Data is a system where data is stored on the hard disk, but the key required to decrypt it is stored ONLY in RAM and changes every time the computer is reloaded. Whatever the method of protection, interception at the CORRECT MOMENT is critical.
Hard Data Forensic Analysis
Information that is stored on paper, burnt onto CD or DVD, or spoken in code are all examples of Hard Data. Its "Hard" because it can't be easily changed and as such is likely to be static. Recovery and deciphering of hard data often requires information from two or more sources and this distributed method of protection is what presents the challenge. Correct identification of the cipher used and the method used to protect that cipher are just as, if not more important than the cipher itself.
Whilst digital communications should make it easier to monitor and record activity of known or unknown individuals, it is often not the case as the wide availability of encryption technologies such as S/MIME, PGP, and seemingly impenetrable algorithms such as Blowfish make the job considerably harder. There is however always a point at which the information MUST travel unencrypted and interception at this point is by far the best strategy. For Counter-Surveillance systems and services see Data Security.
Forensic Analysis and Reporting
The process of recovery and analysis is often a complex one, but the process generally follows this procedure.
Upon completion of any assignment, the information in all its various forms together with our documentation and reports is supplied back to the client in electronic form. We do not keep a record of ANY information relating to any previous cases.
Decryption of Protected Storage
We provide a wide range of security decryption services and are able to currently decrypt and/or remove passwords from the following file types:
This is by no means an exhaustive list and there are new decryption strategies added regularly as we encounter them. If you have a file, disk, system or device that is protected by password and/or key then we can unlock it. The time and resources required depend largely on the protection mechanism and we can advise of these at point of order.
|We provide a full compliment of services, from seizure of equipment and forensic analysis of data to comprehensive digital surveillance of individuals and organisations. Our procedures and processes are geared to provide concrete evidence for criminal or civil proceedings.
Contact us for more information.