Cybercrime investigations involves the collection, preservation, analysis and presentation of computer-related evidence utilising secure, controlled methodologies and auditable procedures.
A vital aspect of the science of cybercrime investigations is the fact that any use of a PC almost invariably causes information to be saved to the hard disk relating to every user session carried out.
In forensic terms, for every user interaction with a PC there will always be data left behind on that PC relating to the actions carried out.
It should be noted that data is rarely completely eliminated from a hard disk, even after processes involving deletion, defragging, disk formatting or operating system installation. This has important implications during the discovery phase of litigation.
Such evidence is compiled on the assumption that skilled professionals will contest it in court, although solutions outside the Court might ultimately occur.
The object of any computer forensic investigation is to obtain incontestable, factual evidence.
How we help legal professionals:
Cybercrime Investigations apply information technology-based knowledge and skills, particularly those of data recovery, to the task of obtaining PC-based evidence.
- Safe evidential acquisition, preservation and analysis of computer systems and files whilst avoiding alteration of critical data, consistent with the principles of the law of evidence.
- Investigation and analysis of data (both visible and deleted) associated with Civil Litigation.
- Electronic media discovery
- Intellectual Property theft analysis including company confidential files, sales/marketing and financial software use.
Common scenarios include...
- Fraud and embezzlement by employees
- Deliberately deleted data
- Database stolen by an employee leaving to set up in competition
- Inappropriate use of PC by an employee, including pornography