The retrieval of digital evidence through remote and on-site investigations is crucial when involving the forensic imaging of computers and associated media. This is especially important in cases where further investigation or disclosure may be required. Capturing this data using a forensically sound methodology is vital if the integrity of any subsequent investigation is to be maintained.
Detailed in this case study, remote data recovery proved exceptionally useful during an investigation of a financial institution firm. The institution suspected a senior employee (who was apparently very tech-savvy) of remotely accessing and downloading large amounts of client data to his own devices, then attempting to delete the evidence. During the investigation, the login activity identified that this was occurring outside office hours, specifically in the early hours of the morning in an attempt to hide their malicious activity in system updates.
With the Pulsebox connected to the IT system, CYFOR’s experts were able to collect the digital evidence and identify what was being downloaded. From this, they then produced a court-admissible report which was used by the firm’s lawyers to make sure the individual was unable to use the data in their new business venture.
As digital forensic experts, CYFOR would identify the specific make and model of devices to be forensically imaged, and therefore bring the required equipment to image on-site. The length of time it takes to forensically image a device usually comes down to the amount of data on each specific device. The forensic examiner would attend on-site and forensically image the devices, acquiring the data whilst adhering to the ACPO Principles. The collected data is then transferred from an exhibited external media i.e., USBs or Hard Drives to an in-house secure server. The digital forensic team then process and analyse the acquired data through forensic software.
A recent enquiry revolving around a company under a potential Serious Financial Fraud (SFO) investigation. They were pre-empting a request for data. For business reasons, the two custodians of the devices could not be without their devices for any length of time. CYFOR sent two forensic examiners on-site to acquire all the data from multiple devices. The data is safely stored on our secure servers should it be required in any future investigation.
CYFOR were instructed under a serve and collect order as part of a major fraud investigation for a global company. Upon attending the individual’s home address, our experts forensically imaged all their personal devices. The acquired data was then uploaded onto an eDiscovery platform. The data was indexed to review client documents and is filtered for further analysis and identification.
CYFOR are specialists in capturing and collecting data from all types of media. Our team operates globally, often travelling at short notice to ensure that a complete set of onsite data is recovered, and have provided data collection services to assist clients in a variety of circumstances;
After submitting an enquiry, a member of our team will be in touch with you as soon as possible
Your information will only be used to contact you, and is lawfully in accordance with the General Data Protection Regulation (GDPR) act, 2018.