digital forensics investigation services
Digital forensics is the use of scientifically derived and proven methods for the preservation, collection, validation, identification, analysis, interpretation, documentation and presentation of digital evidence. This evidence can be extracted from many digital sources such as Wearable techs, mobile devices, hard drives, flash drives, memory sticks, and magnetic tapes, etc.
Digital forensics serves as a supporting proof or corroborating evidence often made by prosecutors and defendants to refute a claim that a certain activity was done by a specific person using a piece of digital equipment. The most common use is to recover erased digital evidence to support or disprove a claim in court of law or in civil proceedings such as the eDiscovery process in courts. Forensics is also used during internal corporate investigations or intrusion investigation which includes additional activities like network and log review.
our digital forensics investigation services
Certcube Labs has done extensive projects in digital forensics and has a dedicated team for carrying out these various activities. We have co-operated with law enforcement authorities in helping them getting leads in the forensics investigations and also played a vital part in internal corporate investigation for many of our clients. Our work ethics and quality deliverables have won accolades from many of our clients and their testimonials are strongest testimony to our professional and quality work deliverables. A representative list of some of the projects we have done are:
- Analysis of dozens of hard drives and correlating them with financial documents to build a water-tight case of tax evasion, FEMA violations, disproportionate assets, etc. against the accused who was arrested on other grave charges. The evidence and reports provided by us enabled regulatory agencies to pursue multiple independent cases against the accused and law enforcement was able to file a 5000-page charge-sheet
- Analysis of server logs to determine a breach in one of the country’s main telecom firms done by Pakistani hackers prior to Independence day. Complete details of the steps taken by the hacker and the malware uploaded onto the servers was provided along with detailed recommendations on how to ensure such an event doesn’t occur in the future
- Disk-based analysis to retrieve deleted files, email correspondence and Internet browsing history of the suspect and determine the exact nature of the financial fraud as well as determine the list of accomplices.
- Analysis of smartphones and tablets to retrieve BB Messenger, WhatsApp, and SMS communication
- Empaneled by a multi-national bank for all forensic cases in the Asia-Pacific region
How Is Digital Forensics Used in an Investigation?
Digital footprint is the information about a person on the system, such as the webpages they have visited, when they were active, and what device they were using. By following the digital footprints, the investigator will retrieve the data critical to solving the crime case.
Cyber forensic investigators are experts in investigating encrypted data using various types of software and tools. There are many upcoming techniques that investigators use depending on the type of cybercrime they are dealing with. Cyber investigators’ tasks include recovering deleted files, cracking passwords, and finding the source of the security breach. Once collected, the evidence is then stored and translated to make it presentable before the court of law or for police to examine further. The role of cyber forensics in criminal offenses can be understood with a case study: cold cases and cyber forensics.
First Response , Search and Seizure
Evidence Collection and securing the devices
data acquisition and analysis
evidence assessment and detailed case study preparation
documentation , reporting and expert witness testimony
digital forensics Investigation areas
Corporate foresnciss investigations
Certcube Labs in-house teams the framework structures needed to give solid investigations the strongest optimal results, possible. We provide system planning for manageable information collection, analysis reviews, and preserving captured findings of a recent incident for future legal reference.
Our assessment professionals will provide the mapping planning needed so staff can benefit from best practices using forensic capturing systems. We help you save staff weeks or months of setup times, architectural workflow identification settings, and solid record-tracking designs to help you get the most out of your forensic platform systems.
Strategy planning areas include:
Security Breach
We have years of extensive expertise and experience working with Security Breach Management. This will help provide support teams the workflow template maps needed to use your forensic tools effectively in a streamlined approach. This will save your staff weeks of architectural workflow designing with proven, industry best practice approaches that can be strongly leveraged and implemented bringing years of security quality assurance.
In-House Forensics Team
While creating defensive response system management teams, it’s important to identify the roles and responsibilities assigned to each contributing member. Our infrastructure evaluation that includes current workflows that will help business layout the resource management roles, and help you get the most value out of your forensic environment.
civil forensics investigations
Civil litigation is an integral part of the justice system and digital evidence has consistently proved its value, although procedures within civil cases differ somewhat from those in criminal cases. Data collection, imaging and the presentation of the evidence can be considerably different, with the consequences of the case ultimately having very different outlooks.
Firstly, in the traditional manner, the civil aspect covers an array of violations outside of the criminal spectre, namely ‘white-collar crimes’. These typically cover a variety of crimes committed through deceit and are motivated by financial gain, including fraud, bribery, tax evasion, intellectual property theft, computer misuse and commercial disputes. The losing parties within such disputes often must give payment, property or services to the prevailing party as imprisonment is not at issue within civil cases.
Within civil litigation, there also tends to be a lot of negotiation over what digital evidence, computers and data can be inspected, as well as where and when. It is common for one party to have access to a limited area of data from the other party’s computer. During this time, a defendant may take the opportunity to attempt to hide or destroy data, which is where a computer forensic expert can come into play, employing specialist techniques to recover the ‘lost’ data. This deleted data and in itself, the act of deleting the data can be used as further evidence within an expert witness testimony. However, a missed item of digital evidence can be the difference between a substantial jury verdict and the dismissal of a case.
Any litigation matter that involves digital evidence, whether located in a computer, laptop, tablet, smartphone, portable drive, or any other device is open territory for eDiscovery. In a civil case, the initial process of eDiscovery (electronic discovery) may be to find enough relevant data to show a party whether they are likely to prevail if the case goes to court.
Another aspect of utilizing digital forensic experts within civil litigation is in the case of a family matter or divorce. If an individual has illegally obtained access to their partner’s email or social media account then a computer forensics expert can examine the digital evidence, some of which may have been removed or deleted.
Digital forensics investigation Services
- Intellectual Property (IP) Theft
- White-Collar Crime & Regulatory Investigations
- Document Analysis & Authentication
- Employee Misconduct Investigations
- Data Preservation & Data Recovery
- Senior Leaver – Confidential Information Removal
- Social Media Investigations
- Forensic Readiness Planning
- Wearable Technology Investigations
- Mobile Phone Investigations
- Computer Forensic Investigations
- Audio & Visual Investigations
- Cell Site Analysis
- Expert Witness Service
Intellectual property is often the distinguishable factor that helps a business to stand out amongst its competitors and is usually one of its most valuable assets, whether the data is trade secrets, a client database, confidential technical product information, or financial information. It can be critical to giving an organisation the competitive edge within its relevant market. If a competing organisation was to imitate a patented company design too closely or take possession of a companies’ IP, the damage could be tremendous. Intellectual property (IP) theft commonly occurs when an employee leaves a business to work for a rival, or to set up their own company.
Certcube Labs frequently instructed by clients who have had company data stolen by current or former employees. We provide investigations in cases ranging from intellectual property theft, partnership and contract disputes, to whistleblowing matters. The extensive capabilities of our multi-disciplinary team of experts allow us to forensically investigate digital devices such as computers, mobile phones, hard drives and tablets within strict time frames to meet client requirements.
As industry-leading digital forensic experts, Certcube Labs have vast experience undertaking white-collar crime and regulatory investigations including instances of digital fraud. Our combined digital forensic and eDiscovery capabilities ensure that we provide a comprehensive investigative service. We are regularly instructed to assist law firms, businesses and private clientele with the identification and analysis of digital evidence.
We provide tailored solutions and investigations for clients dealing with a full range of circumstances. Our digital forensic team are experts in identifying, preserving, analysing and presenting digital evidence.
Do you want to see when a document was really created, and by whom? Have you received communication that you don’t think is genuine? Has a document been edited to someone’s advantage?
Certcube Labs ‘s Forensic Document Analysis & Authentication service can determine the legitimacy of emails, messages, computer files and electronic documents. With the application of advanced digital forensic techniques and metadata analysis, we can decipher the digital evidence you require for legal proceedings.
Owing to our grounding in serious criminal matters, we are well-placed to document any pornographic activity and categorise this appropriately; including the grading of indecent images should it transpire that they are present on a device. We are also able to provide a stream-lined breakdown of internet activity logs, demonstrating whether pages are seemingly accessed manually by a user, or whether they are pop-ups or suggested pages.
Data preservation is the first step in any forensic process. It can act two-fold; firstly, it can be used as evidence in court, and secondly, as a sound forensic base for any examination to be taken upon. Our powerful forensic processes include the preservation of both live and deleted data.
Certcube Labs understand how important your data is and the wider commercial implications of data recovery, including the savings in cost and business disruption. With the use of advanced digital forensic techniques, our experts can extract and preserve data from all types of digital devices whilst preserving the integrity of the data held on the device. The data acquired can then be used evidentially in court, and if required, further analysis can be undertaken on the data, leading to a court-admissible forensic report of findings.
Certcube Labs is well-versed in confidential information removal, acting on behalf of senior executives as they depart from an organisation. It may be that the individual is privy to highly confidential and proprietary information, and as such, needs to take steps to prove they have rid themselves of access or possession of such data.
It may be that as a risk management protocol, the soon-to-be-former employer mandates that all company devices provided to a senior individual are to be preserved and investigated upon understanding they are leaving the business.
Upon taking instruction from the instructing client, Certcube Labs can forensically acquire data from a device, locate relevant documents that are to be deleted, document their findings, and delete these files from the live machine beyond any forensic retrieval. Using this method, we can fully log all the volume and nature of the documents deemed relevant.
Further to simply deleting data, upon request, we can also provide copies of said files to be shared with both sides of the matter to provide the organisation with their data back. This is in conjunction with our report detailing that the data is no longer resident on the devices provided to us.
Social media investigations involve the detailed analysis of an organisations or individual’s social media accounts. They are commonly used to provide information relevant to an investigation, court case, background checks or to establish an alibi.
When are Social Media Investigations required?
Social media investigations can be critical in providing admissible evidence within civil and criminal matters. Another growing requirement for these services is pre-employee screenings or internal investigations involving current or former employees within a business. This can be due to the need to ascertain specific evidence in relation to potentially fraudulent activity, data theft or gross misconduct.
Certcube Labs Forensic Readiness Plans are bespoke assessments written for your business needs. We will supply you with robust plans to ensure that you have a fully auditable trail for evidence collection in an incident, ensuring you are prepared. A plan contains recommendations to enable business continuity in the event of an incident whilst ensuring that vital evidence is retained so that a full forensic enquiry can be conducted. Reactive strategies can be slower and can eliminate vital evidence.
Certcube Labs recognise that it is essential that you are immediately able to recover in the event of an incident but you also need to be able to investigate what happened and how it happened so that you can eliminate the possibility of any further problems and for compliance purposes. Without implementing a Forensic Readiness Plan you risk losing vital evidence during the recovery process. This potentially means that your systems remain at risk.
Wearable Technology Investigations have become more prevalent in recent years due to the huge growth of the fitness tracker market. Purchased by individuals looking to improve their activity levels, wearable devices such as the Apple Watch, Fitbit and Garmin activity trackers are designed to monitor daily steps, calories, heart rate, and GPS movement. These devices can all be linked to smartphones where the data is transferred and displayed in a clearer fashion. As activity trackers are frequently worn 24/7, they collect and store a host of information.
Admissable Digital Evidence
The data generated and stored by these devices presents a new vein of digital evidence supporting the efforts of Certcube Labs digital forensic investigators, providing them with admissible evidence to support a civil or criminal fraud investigation.
By analysing the data retrieved from a fitness tracker, Certcube Labs digital forensic investigators can observe the activities and routines undertaken by the wearer. For example, walking distances and GPS movements could be offered as proof that an individual’s daily physical activities have altered since making a claim following an accident. Alternatively, analysed data could prove that a claimant was in a different location entirely. The activity data obtained can even be used to reconstruct a timeline of events.
As most activity trackers link to smartphones, Mobile Forensics can also be applied to further corroborate the findings of the digital forensic investigator. The flip side is that the analysis can ascertain any irregularities in relation to statements laid out in the fraud investigation, highlighting false statements, and exposing fraudulent claims.
Operating across the India and internationally, Certcube Labs digital forensic investigators are specialists in mobile phone investigations. We are instructed in numerous cases to preserve, extract, analyse and report digital evidence for use in corporate legal matters.
Adhering to strict forensic methodology and regulatory guidelines, Certcube Labs ensure that any data extracted during a mobile phone investigation is forensically sound and can be used as admissible evidence in legal proceedings.
Operating globally, Certcube Labs are the foremost computer forensics provider, assisting clients and law firms directly. Computer forensic investigations involve the extraction and analysis of electronically stored information (ESI) from devices such as desktop computers, laptops, tablets, and hard drives. The digital evidence recovered from these systems can be crucial to the outcome of corporate legal proceedings.
Our seasoned investigators are experts in the recovery, analysis and reporting of computer data, and adhere to CERT-IN & Cyber Law India guidelines. This ensures that any extracted data is forensically sound and can be used as admissible evidence in court.
CCTV networks, cameras, smartphones all have the ability to capture terabytes of potential digital evidence. However, in many instances, this audio-visual digital evidence in its native format lacks clarity for use as admissible evidence. Evidence of this nature is heavily relied upon in court but often needs enhancing to ensure that it is clearly presented.
Working with the latest audio-visual forensic technology, Certcube Labs provides a comprehensive enhancement service, allowing our experts to work from a variety of media to the highest possible standards.
Cell Site Analysis is a means of establishing the geographical location of a mobile phone when calls, SMS messages or data is sent or received.
With the prolific usage of mobile phones throughout the world, Cell Site Analysis has become critical within civil and criminal investigations. With many individuals carrying more than one mobile phone, being able to determine the movement and location of a handset, accurate to within a few meters, can be invaluable admissible evidence in court.
Evidence obtained from Cell Site Analysis can be combined with other evidence such as CCTV, call data records or observations. This can determine if the accused was in fact at the scene of the crime or to confirm an alibi. Alternatively, it can track the path of a mobile phone as it moves from location to location.
Using data from mobile phone service providers, our cell site experts can measure actual coverage utilising sophisticated data gathering, positioning and analytical tools. The information gathered is used to generate detailed coverage maps where the service areas of individual cell sites are shown as different colours. Maps are available in various formats including aerial photography, A-Z street maps and OS ranges.
Examples of evidence we can retrieve
Map out areas where a phone was at a specific time, where it frequents or has travelled. For example, this could be of use if the user is visiting a location they shouldn’t be, alleges they were not at a crime scene or has an alibi location that is trying to be confirmed. Detail when parties have communicated with each other and how often. This may be of use when parents are not meant to contact one another.
Whilst this information can be deleted from a phone, the network data is a “golden copy” and cannot be deleted. Network providers store this data for 12 months. Detail when any SIM swapping has taken place, so where someone is moving their SIM card between different handsets. This could be of use if you are trying to identify if someone is hiding a phone from interrogation by the local authority. Detail when more than one handset may be co-locating, for example, if two parents who should not be in contact, travel from one area to another to meet up.
As digital forensic professionals, we are frequently called upon by courts of law to provide expert witness testimonies within legally aided and civil dispute matters. In this capacity, we may be instructed by the defence or prosecution in criminal and fraud cases or, in the case of civil litigation, the legal team for the claimant or the respondent. There are also instances in which the court may instruct a Certcube Labs expert witness to act as the Single Joint Expert (SJE) in order to prepare a report on behalf of two or more of the parties.
Certcube Labs investigators are consummate professionals, providing independent and objective reports on whatever case they may handle. If required to support their investigation in a court of law, this professionalism is carried through to any evidence given. All Certcube labs investigators receive regular courtroom training provided by one of the leading companies in the India.