|
|
Nowadays more and more investigations
are closely linked with forensic investigations. Of course the traditional
fingerprint is still important in its way, but it is experiencing
increasing competition from its digital counterparts such as the
IP address, the logfile, the data carrier and its deleted files.
This is supplemented by a significant increase in data volumes, resulting
from ever-larger data carriers and ever more rapidly escalating e-mail
traffic.
Specialist expertise is required of the investigator, not only for
investigations into systems hacking and other external attacks. The
perpetrator of what is known as the "inside job" (e.g.
the employee who harms the company) is today also using more and
more hardware and software, on which he then in turn leaves his tracks.
A few examples worth mentioning are:
- Desktop computers and notebooks
- Handhelds (IPAQ, Palm, Blackberry, etc.)
- Mobile phones
- USB sticks
- External hard disks
| |
Without adequate expertise in these technical
areas there is not really much hope of success in conducting investigations.
For example, the investigator should know how to handle evidence
properly, how to evaluate it in legal terms, and which processes
are suitable for its analysis.
We work with leading software solutions such as EnCase (virtually
the standard tool of international police authorities) or Access
Data’s Forensic Tool Kit, but also with forensics and incident-response
toolkits such as F.I.R.E, Sleuth Kit, dd and other solutions.
In addition to securing evidence, some other important aspects then
come into play, such as
- restoring deleted data
- decrypting encrypted data
- discovering hidden files
- documentation
We will be happy to answer any questions you may have on these areas….
|
