Computer Investigations: Remote Digital Forensics
by Jason Hare ExecutiveThere are many instances when forensic investigations need to be
conducted covertly. For instance, corporate internal investigations
where issues can include theft of IP, fraud and sabotage often require a
covert approach, to enable business to continue as usual and to ensure
that those under suspicion are not aware that they are being
investigated.
We have worked on a number of engagements where the
key requirement has been for the investigation to be conducted
covertly. Covert investigations can be conducted in two ways: dead box –
getting direct physical access to the device in question while the user
is away, and taking a forensic image of it for further investigation;
or remotely, over the network without physical access to the device.
The
dead box route may only prove to be partially successful. With more and
more employees now working primarily on mobile devices – laptops,
tablets, smart phones, remote investigations are becoming an
increasingly important method of investigation. Storming into offices at
the dead of night may not be as useful as it was 10-15 years ago where
the majority of people used a desktop.
We have conducted many
remote investigations for clients. Launching a remote investigation
involves implementing an investigative infrastructure within an organization corporate network, which then allows investigators to
remotely acquire data from custodians’ laptops, or other devices, when
they are connected to the corporate network.
This is achieved by
deploying what is essentially a ‘Trojan’ to the devices (a Trojan which
is secure and fully under our control), that we are able to access and
acquire data from user devices without their knowledge. This has proved
particularly useful when the suspects were remote workers, or even when
custodians are based in different countries.
Files, emails, web
browsing history…this can all be investigated without even touching (or
being anywhere near) the device itself. This data can subsequently be
examined through keyword searching to confirm suspicions or even
potentially uncover other avenues for investigation.
So while not
as action-packed as bursting into the swish offices of a mega-company
at the dead of night to take copies of the devices involved, and
sneaking around to make sure no one notices anything has happened,
remote forensics can be a useful method of investigation when physical
access to the device just isn’t feasible. Whichever approach – it is
important that it is done in a forensic manner, ensuring all possible
data and metadata is preserved and that the process is fully defensible
should the integrity of the evidence ever be questioned.
For more
information on social media investigations, computer investigations,
digital forensics, or any of CCL’s products and services, call us on
01789 261200, email info@cclgroupltd.com or visit
http://www.cclgroupltd.com/digital-forensics,
Author:
Sara is a digital forensics specialist at CCL Group - the UK’s leading supplier of electronic disclosure and digital forensics consultancy, including: computer forensics, mobile phone forensics and digital investigation services, for more information visit www.cclgroupltd.com
Sponsor Ads
Created on Dec 31st 1969 18:00. Viewed 0 times.