Getting the most out of a computer forensic investigation

With the rise in white-collar cybercrime, companies cannot afford to let their guard down. Computer forensics investigation is needed when companies suspect a breach in data security. This includes many scenarios: from having their system illegally intruded to having staff leaking or intentionally deleting sensitive or confidential company information. Many a times, companies have no idea what steps to take when faced with a suspected breach in data security. Furthermore, they may even aggravate the situation and compromise data integrity when they try to carry out DIY investigations.

To ensure a successful computer forensic investigation, please note the following:

• If you ever suspect your employee of stealing information, much as it might seem like the instinctive thing to do, do not boot up and search for evidence on your own. This compromises the evidences like timestamp which may be critical for investigation.
• Browsing through the files on the suspected hard disk actually causes a loss of forensic trace every time you look at information, and would jeopardise the amount of information that can be retrieved during a forensic investigation. Never browse through folder or files on the suspected hard disk or computer.
• Instead, the first and most important action to take is to callin the forensic experts for advice. They are able to do a forensic capture, which is to freeze the disk image with a unique checksum. This is to ensure no one can tamper with the information and so the integrity of the data can be checked with the checksum to see if it had been altered from the original information.
• If you suspect the server has been compromised , you need to prevent further read / write activities in order to preserve evidence. It is very easy for someone to transfer  a big data file into the server and overwrite valuable evidence traces.  You should down the server immediately. If that is not possible, you should at least unplug the network cable to cut the server from the network.
• If you feel that you are likely to carry out forensic computer investigation, you should start documenting the chain of custody . The document should clearly indicate details such as (i) who keeps the data media now and previously, (ii) when the ownership begins, and (iii) where and how the media is being kept.

Through a detailed process, the professional investigators will be able to retrieve the consequential data. This could be in the form of web history, online transactions or system logs among others and can be retrieved from physically corrupted data media, files corrupted by a virus attack and even crashed hard disks.

Next time, if you lose your information, visit www.adrc.com or call us for a free consultation

About Adroit Data Recovery Centre (ADRC) Pte Ltd

Adroit Data Recovery Centre (ADRC) Pte Ltd is the first data recovery centre with its own “class 100” clean lab in Singapore, and has developed proprietary tools for data recovery. Headquartered in Singapore and Malaysia, ADRC is now the leading data recovery centre and computer forensics lab in South East Asia.

ADRC possesses the solution and technology on both the hardware and software aspects of data recovery. It provides full data recovery for all kinds of failures such as RAID Server or Network Attached Storage Failure (RAID 0, RAID 1, RAID 5, RAID 1 + 0), Operating System File corruption and Recovery, Data File Corruption and Repair, Password Recovery, Hard Disk Crashes and Recovery of Removable Media, and computer forensic solutions for all forms of data media. ADRC prides itself on maintaining data confidentiality and offering an unparalleled turnaround time. ADRC is also the first in Singapore to provide the status of customers’ data recovery online, 24 hours a day.

ADRC’s decade of experience and excellent service has earned glowing testimonies from clients including key executives from MNCs, government statutory boards and tertiary educations. A full list of testimonials can be found at www.adrc.com .