“The typical response is to deny that they have accessed or copied information, believing that their actions can’t be traced. That tune changes, along with a newfound willingness to cooperate, when they are shown incontrovertible proof.”
You can’t escape the fact that business today is increasingly reliant on the use of technology. Most business-related information is no longer printed in hard copy – it is created and stored electronically. Communications between your staff and with customers and suppliers is also carried out electronically.
Knowing exactly what information was breached, by who, when, how and what people did with it, gives you significant leverage. You can recover data, bring the perpetrator to task and you gain actionable insights into your system’s vulnerabilities.
Forensic IT is the capture, analysis and reporting of information that may be contained on electronic systems – not just personal computers but also servers, laptops, external hard drives, USB drives, mobile phones, BlackBerry devices, PDA’s, iPods, iPads and other devices.
Cyber Risk is the risk of harm or damage to IT systems from both external and internal attacks. Cyber risk assessment is the assessment of that risk or exposure (from inside the business and external to the business) with the view to minimising that exposure. Behavior on line will potentially expose IT systems to risk due to the lack of IT skills by the person or the weak IT infrastructure built to protect the business.
Information & Technology (IT) systems are breached through technical or behavioral vulnerabilities, or a mix of both. However, even if you know who the perpetrator is, or have well-grounded suspicions, that is unlikely to suffice. When people are questioned, the typical response is to deny that they have accessed or copied information, believing that their actions cannot be traced. That tune changes, along with a newfound willingness to cooperate, when they are shown incontrovertible proof – expert evidence that can be substantiated in a formal hearing or in court.
Stopline’s team Forensic IT and Cyber Risk Assessment experts can provide that proof; identifying data breaches where your IP may have been stolen or compromised, uncovering instances of fraud – such as financial or document tampering – through to finding evidence of significant criminal activity that may have been undertaken through your technology systems. We can then help you to assess, stem and partially or fully unwind the damage, take steps to increase the security of your systems, and ensure that you are alerted sooner should future breaches occur.
In many cases, information is gathered during a forensic technology investigation that is not typically available or view able by the average computer user, such as deleted files and fragments of data that can be found in the space allocated for existing files – known by Forensic Technology practitioners as slack space. Specialist skills and tools are needed to obtain this type of information or evidence.
If you have an issue that potentially involves the use or misuse of a computer, electronic storage media or system – please contact us as soon as possible and we can provide some immediate practical advice on the steps to take to preserve the available electronic evidence.
Call Stopline on (03) 9882 4550 or 0487 333 099 or email us at firstname.lastname@example.org for more information or advice.
Forensic IT can be used in any matter where there is a suspicion that an incident has occurred and there is the possibility that a computer or other electronic storage device has been involved or that electronically stored files has been accessed in some way.
Our Forensic IT experts have experience in assisting regulatory agencies, legal practitioners, accounting firms, insolvency experts, private and public sector organisations as well as with individuals. We have been involved in such diverse matters as:
- Computer misuse/Intellectual Property theft allegations – When you suspect illegal or unethical actions have been undertaken by an employee or ex-employee. Examples can include theft, bullying, sexual harassment and misconduct, corruption.
- Data location/data recovery – It is possible to recover deleted data from electronic storage devices using forensic software. For example a computer can be reviewed to determine if there is any evidence of a particular file previously existing on that computer in the past.
- Cyber crime investigation – Reviewing available electronic sources for evidence of malicious internal or external activity aimed at disrupting business activity or other malicious actions.
- Forensic preservation of electronic evidence – Including preservation of data found on server systems, laptops, workstations, mobile phones, PDAs, and other devices.
- Electronic discovery – an important and sometimes essential step in the process of discovering documents and links between activity in emails and people. We can assist you in providing professional advice and expertise to help you in your investigation.
- Expert evidence for Court – our investigators are proven experts in the field of computer forensics. One of the most important elements of the investigation is to give evidence as an expert in Court. Many people claim to be experts but not many have been given the title of an expert in their profession – we have.
- Cyber security investigations and cyber threat assessments – we will assist you in minimising the risk of cyber threats by assessing your IT environment and providing you with advice and assurance about what improvements need to be implemented. We can also electronically monitor your systems to identify potential insider threats as well – do you know what your employees are using the Internet for? Do you know how long they surf the Internet during work time? We can assist you with these questions and more.
While specialist technological capabilities are essential, they are just one side of the coin. Stopline has wide-reaching investigative experience, with an emphasis on the workplace. Our investigators are able to assist in the execution of search warrants and civil search orders, and are qualified to conduct formal and informal interviews. These aim to uncover information of a different complexion. This includes finding links to related evidence, such as business, financial or personal relationships, and behavioural patterns that are out of the norm. All of which add support to the technical evidence and build an even more robust and multi-pillared case. Should the matter proceed to a formal third-party hearing or to civil or criminal court proceedings, our key investigators are classified as Experts in Computer Forensics and can provide expert evidence to the Court.
A key complexity in searching data is that just by accessing it, you change it. Even a basic search function leaves the equivalent of digital fingerprints that can muddy or wreck evidence. Stopline uses specialised technology that enables data to be searched and interrogated without changing its integrity. Our team can capture data stored on any fixed or portable devices, or that has been stored online, and conduct deep searches of that information: including encrypted, corrupted, hidden and deleted files. We identify documents, locate specific words and phrases (including those with coded or unintentional spelling errors), match associated or linked information and show the pathways between them.
We can document who accessed files, whether and how they copied or printed them, if they emailed them, from which email account and to whom, who was blind copied, and previous correspondence between the parties that establishes a pattern or intent.
- Awareness training
- Breaches by competitors and third parties
- Breaches, tampering and criminal activity by employees
- Data extraction
- Data recovery
- Cyber security assessments
- Expert reports
- Expert witness
- Financial and corporate investigations
- Fraud and misconduct investigations
- Integrate network security software
- Intellectual Property theft
- Forensic IT
- Litigation support
- Response to ransom ware (including data recovery options)
- Search & Seizure
- Vulnerability assessments