Windows and Mac forensics continue to evolve as the OS for these devices become more and more advanced. Law enforcement agencies typically handle criminal cases involving cyber crime, however, law firms and legal departments have depended on ProFile Discovery for years to support their litigation forensics.
What do most law firms need to collect or extract from mobile devices? Text messages, photos & videos, and call logs. Additional information can include GPS location, WiFi Locations, Website user history, Bluetooth Plist, Applications, Documents, Timeline, Voicemail, and more.
ProFile Discovery can help you collect your clients cloud based emails (with their permission of course). Many times your clients are using more than one email account or their personal email accounts while doing work related activities. Having a lack of strong cyber policy may harm your client, or even the employee when it comes to using personal devices and person email at work.
Facebook, Twitter, LinkedIn, and so on, all contain data that may become part of civil litigation. Having the right tools to collect for preservation and review is just part of our solution. You also need to know how to use those tools and how to defend those processes later in court.
Stopping an attack at any point before data leaves your system is a win! Network forensics play a special role in both litigation and cyber incident responses. ProFile Discovery works with highly skilled professionals to help you learn and detect malicious activity.
Remember the movie Planes, Trains, and Automobiles? IOT can be just about everything else in technology from Drones to household devices.
How about pulling the data from a wrecked car or security cameras. This list goes on and on. Because things are always being created, things need to be forensically figured out. That is what we love to do!
Step 1: Identify and preserve evidence- ProFile Discovery has forensically imaged hundreds of hard drives, including live acquisitions of data. In additional to collecting case evidence in a forensically sound manner to leave metadata undisturbed, ProFile Discovery can create a whole disk image to investigate at a later time for data theft, user activity, log on history, and many other required actions to assist in the matter.
Not all OS are the same, however our experience spans across multiple file systems such as Microsoft Windows and Apple systems. We offer free initial consultation to better guide you through the process.
There are so many challenges in the world of forensics, that many times we are asked to research and answer questions regarding the actions taken by a User. In some instances, we are called to appear in depositions, trials, or at minimum, provide a written affidavit that can be used in court.
The reason you want to work with ProFile is because we are going to help you understand the costs upfront. In many cases, we will tell you to create an image of the drive, generate a CSV file listing files collected for a quick review, and look for the obvious answers to your questions. Everything else will cost twice as much, so target the low hanging fruit until the case warrants further investigation. As long as we have the forensic copy of the device, we can always answer those tough questions you couldn't get answered through waterboarding (I mean deposing).
Over ninety percent of all mobile devices currently on the market consist of either Apple iPhones or an Android OS device. ProFile Discovery has been collecting mobile devices for over 10 years and can assist you with your collections and reporting needs.
Although many devices are the same make and model, user settings, such as encryption can make each device a different challenge. The majority of the cases ProFIle Discovery works on is specific to litigation. Most devices are acquired in only a few hours and can be back in the hands of your clients in no time.
The Pin or access code is a requirement for mobile device collections, especially for litigation projects. Typically your budget doesn't support "Hacking" into a locked device, but if you need,
"I know a guy who knows a guy"!
Prior to a mobile device collection, we encourage you and your client to "not" run any updates that pop up on your phone at 6 am in the morning. The industry software used often lags behind updates for weeks or even months, depending on the number of upgrades. This goes against basic cyber security practices, which suggest you run updates as they become available. Often these updates include security patches to newly discovered vulnerabilities. One easy suggestion is to place the device into Airplane mode.
Additionally, sometimes in additional to the PIN code, many devices can have a second password for the encryption option.
We often get asked to pull email from a mobile device. Email is an interesting thing when it comes to mobile devices. Email, and many other applications on a mobile device are stored in an encrypted location on the hard drive. In order to view, data is decrypted in the RAM of the device. Sound complicated? All you need to remember is that you need to target email in either the server location or the cloud based location. This also can apply to iMessages, that will sometimes be stored in the users iCloud account.
AOL, GMAIL, and any number of service providers may be storing the email you need to preserve to avoid spoliation of evidence. ProFile Discovery can assist you with the collection and processing of most types of cloud based email services. In many cases we can download a PST or MBOX file targeted to specific folders in the user account.
More and more clients are moving to Microsoft 365, which can come with different levels of access, capabilities and settings. Understanding the E-Discovery options within 365, along with understanding how to retrieve emails for litigation purposes often requires well trained ESI professionals. WE CAN HELP!
If you do not have the user email address and password, collection of emails will not happen unless you subpoena the email provider. Even with a subpoena, it is getting harder and harder to get emails from a provider, who will argue its not "their" data, they are simply providing the place for the individual to store data. In cases involving litigation, it is most often the client that will need to provide access information. With tighter and tighter security, often our professionals will be required to work with your client to navigate through two-factor authentication in order to collect emails.
Say what you want about social media, however, as soon as your clients start posting information that could be potentially part of civil litigation, they are required to preserve the information. With more and more forms of social media, special software and skills are needed to collect those targets in a forensically sound manner. ProFile Discovery has several tools in-house, and with specific partners that can assist you with your social media collection.
That is the estimated number of times someone touches their mobile device per day. What is going on with all that data? What is the risk of having your employees use their own devices at work?
What are the privacy concerns that come along with managing application data. Deep thoughts, right? Call us today to discuss risk management.
Call to discuss and learn who has or could get access to your network. Let us show you how to better defend yourself!
Every computer and server has event logs. These are the first places to look for significant data breaches. Who is monitoring your event logs? Need help managing yours? No problem, we have the solution that is right for you!
What is going in and out of your system? Do you have Wireshark, or some other packet sniffer? Screening data while entering or exiting your system is another fine step in cyber security.
We can help!
Yes, even sheep could be to subject of your litigation case. GPS tracking, remote access, sheep counting, you name it, someone is developing an app to manage it. We don't profess to have the experience to work with every single device known to man, but many of these applications are built off of the same code, so reach out to us the next time you find yourself dealing with a thing.
AccessData provided us with a very solid two part instruction on drone forensics. What if your neighbor is spying on your wife? Or worse yet, your kids. How about flying a drone into a prison yard to drop a payload. The more sophisticated drones track and store a lot of data that can be acquired to prove where is was, or how high it was flown. Many drones may also have an SD card with pictures or other evidence on it.
Artificial Intelligence is here! We currently use it to predict the responsiveness of legal documents, however the concepts are the same when we discuss AI over big data. Looking to use seed sets to train the software what to look for. My refrigerator should be able to tell when I am hungry by now!