Computer Forensic Analysis

DIGIGUARD can help you recover damaged or manipulated data and evidence from computers. Our expert analysis will let you know if and how a breach occurred, how to mitigate and whether breach notifications are required. We will determine the nature and scope of data loss and compromise, and help your SMB get back to safe computer operations. Our consultants can also gather and prepare computer evidence for settlement negotiations, discovery or litigation of policy violations and security incidents. Strict cybersecurity industry standards and best practices are followed in our data collection and preservation methods.

Digital Forensic Services

We will work quickly to gather information and understand the objective and scope of the investigation. Our experts will determine if information should be collected when your system is operational or powered down. DIGIGUARD will analyze digitally stored metadata to locate time-based evidence of breach, theft, misappropriation, irregular usage patterns and other system anomalies. Here are some of the areas we investigate and analyze:

• File duplication and deletion
• Computer registry and log files
• Cache and website visit logs
• Email search
• Date decryption, compression and imaging
• Password recovery and deletion
• File media conversions
• META file

Computer Forensic Investigation

DIGIGUARD will investigate to locate evidence of wrongdoing or recover compromised or lost data from computer systems. When this information is physically located, our consultants follow carefully proscribed industry rules for the preservation of evidence and to establish a chain of custody for devices and hardware. Here is our process:

• Inspection – Determine the type of evidence, its condition, and relevant visually obtained information about the environment
• Duplication – Process of duplicating media before examination in order to work with a forensic copy rather than the original
• Examination – Actual forensic testing of media applications such as hard drives, RAM, SIM cards, or other items containing digital data
• Evidence return – Items are returned to the appropriate location, such as secured evidence facility or business owner

Forensic Data Collection

Data collection and acquisitions are highly technical and require specialized software, tools and actions. DIGIGUARD uses a variety of standard methods to capture, extract and verify data to be analyzed for comparison and to prevent modification of the storage media. We begin collection in order of volatility and include:

• Registers, cache
• Network state
• Running processes
• Kernel modules and statistics
• Main memory
• Temporary files on disk

Forensic Reporting

At the analysis conclusion, results are reported to you. DIGIGUARD will provide an immediate response in the event that a critical cybersecurity issue is discovered. Our detailed report overview is presented in clear non-technical language, and additional, verifiable technical details are included so that another investigator could replicate our results. Whether responding to a data breach or verifying suspicious network activity, our consultants will help you understand the consequences of an incident, and whether data protection regulations require your company to report privacy violations. The report will include information acquisition detail including:

• Examiner name
• Date of examination
• Tools and software versions utilized
• Original data hash
• Acquired data hash
• Examined media descriptions
• Photographs
• Analysis results
• Recommended and required actions

Forensic Expert Witness Service

DIGIGUARD can provide expert witness testimony for your SMB. Our team can be engaged to verify results or examine conflicting findings. We can speak on your behalf to law enforcement or legal representatives.

Contact DIGIGUARD today to learn more about computer forensic analysis.