Home

Computer Forensic Investigations

First Response laptop - we find dataAt First Response we examine computers for evidence in cases of dispute; we extract data, analyse it and report the results in clear, jargon-free English. With access to some of the most experienced IT forensic investigators and computer forensic expertise in London & across the UK, we uncover all types of data, even when attempts have been made to delete or hide it. To establish the who, what and when of computer use, call us for a no-obligation and confidential discussion.

Insolvency investigations Employment/HR disputes Fraud investigations IP theft
We provide a cost effective and court admissible solution for searching through tens of thousands of emails, spreadsheets, databases and documents, helping shed light on what was happening at a company during the lead up to liquidation. Incidents of workplace harassment or email policy breaches will often benefit from careful analysis of computers, mobile phones and company servers to reveal what was done, when and by whom – whether it was printed, saved, deleted or forwarded. Fraud almost always leaves a digital forensic trail, with clear evidence left on PCs, laptops, servers and mobile phones. Forensic analysis of these devices helps organisations build a strong case against those who commit fraudulent actions. Digital forensic analysis of computers, servers and mobile phones can reveal emails, text messages and spread sheets that are often key to investigating theft of intellectual property including copyright, trademarks, patents and trade secrets.

Latest industry news

Fire-Eye today released their Advanced Threat Report summarising data from the second half of 2012 collected from more than 89 million malware events. FireEye blog. (4-April-2013)

An IT admininstrator pleads guilty to hacking into and spying on New Jersey mayor's email. Sophos Naked Security (22-March 2013)

Apple Enables Two-Step Verification to Thwart Account Hijacking. The improved security measure, which is aimed at preventing account hijacking, will be available in the United States, U.K., Ireland, New Zealand and Australia. eWeek (22-March-2013)

A US teenager has been charged with distributing child pornography he allegedly hacked out of minors' cellphones with a bogus mobile text ad that installed phone-controlling malware. Sophos (25-March-2013)

The UK Govt. has announced a new Anti-Cyber Threat Center, a joint collaboration between GCHQ, MI5 and selected businesses, BBC News reports. (27-March-2013)

A security researcher has used open and unprotected devices on the internet to build a distributed port scanner to scan all IPv4 addresses. The data recovered provides an interesting insight into the way that IPv4 is used. View the results. (27-March-2013)

Smooth Slider

Top 10 forensic dos

  1. Secure the device so that no unauthorised person has access to it
  2. If the device is off, leave it off
  3. If the device is on, leave it on
  4. If the device is on, unplug any network cable and turn off Wi-Fi and/or Bluetooth connections
  5. If this is not possible pull the plug (shut down if a server) or remove the battery
  6. Do not inform anyone other than necessary that an investigation is underway
  7. Makes notes; of people involved, allegations, evidence, dates and times, etc.
  8. Gather any item which you have legal access to that may contain evidence; e.g., USB drives, CDs, paperwork, laptops, cameras, etc.
  9. If possible, do not tell the subject that they are under investigation
  10. Seek advice of a computer forensic company on further steps on analysing the data

Top 10 forensic don'ts

  1. Don't be tempted to ‘have a look’ and operate the device at all
  2. Don't use your IT department unless they are familiar with electronic evidence handling
  3. Don't use your IT department unless they are familiar with legal admissibility standards
  4. Don't delay; the sooner you respond the better the chance of preserving evidence
  5. Don't arose suspicion; don't tell anyone about the investigation unless necessary
  6. Don't ignore your HR department in this process; they can advise on legal matters
  7. Don't guess about best actions; if in doubt call a computer forensic company
  8. Don't hesitate in contacting the police if you think a crime may have been committed
  9. Don't be tempted to destroy any data; this can usually be traced and has serious legal consequences
  10. Do not run anything on the computer or do anything which may modify it in any way

Top 10 tips for ensuring forensic readiness

  1. Ensure that every user has an individual user profile. Do not use generic accounts e.g. ‘admin’
  2. Every user profile should be protected by a password that is not shared
  3. All network devices should have sufficient logging/auditing switched on
  4. Event logs should be backed up to secure location
  5. Does your back-up procedure do what you thought it did? Verify it. Can it be restored?
  6. Ensure that all users have signed up to your computer/internet acceptable use policy
  7. Keep to hand the phone number of a reliable computer forensic company
  8. Ensure staff are familiar with the correct procedures; the top 10 forensic dos and don'ts is a good place to start
  9. Make sure all devices on your network are using the correct (and same) time and date
  10. Consider installing an intrusion detection system

The above lists offer general advice and may not necessarily be appropriate in your situation. For tailored advice call 020 7193 4905

Sitemap

Company

Services

Latest

Reviews

Copyright © 2012 First Response | Tel: 020 7193 4905 | Email: info@first-response.co.uk | Registered Office: 1 Heddon Street London W1B 4BD