Hacking, Spying, Keyloggers and Data Theft

If you suspect that your device (phone or computer), network and/or communications security has been compromised by hacking, spying application use, keylogging, or by other means please contact Prudential Associates.  Do not attempt to remedy the issue yourself as you can make the process of our detecting the activity more difficult and ultimately you may actually help the responsible party successfully avoid detection and identification.

Prudential Associates can effectively examine the device or machine in an attempt to determine factually the level of compromisation, method by which it has occurred and potentially develop information identifying the party responsible.

Prudential Associates offers three levels of exam for this types of matter and some basic information about each is provided below.  Please contact us for a detailed Exam Levels and Rates document which will more completely describe each level and a cost range for each.  The information below is not the full service description:

Basic Examination

This level of examination provides a basic scan of the device using multiple forensic-grade tools and malware scanning programs. This level provides Prudential Associates the ability to scan the devices for active malware. However, if the malware/surreptitious program has been deleted, more exhaustive analysis methods would be necessary to identify it.

What you can expect to receive under the Basic Level

  • Scan of the computer/cell phone using numerous forensic-grade malware detection programs
  • Review of known system settings to determine if there is any apparent evidence of malware/surreptitious programs
  • A basic “summary” forensic analysis report (1-2 pages)

The Basic Level is recommended for:

  • Clients who have limited budget but wish to conduct a basic scan to see if malware/surreptitious access software is currently active on the system.
  • Cases in which a subject has likely used basic/rudimentary methods (i.e. remote desktop, other basic attempts) to access the system.
  • Cases in which the subject’s technical/computer abilities are equivalent to that of the average computer user.
  • Cases in which the subject has not gone through great lengths to delete/hide evidence of the surreptitious access/malware.
  • Clients who don’t intend to use the results in court.
Thoroughness

Standard Examination

This level of thoroughness is considered the standard for a properly funded keylogger/surreptitious forensic exam. This level of thoroughness provides sufficient examiner time to accomplish the objectives of the investigation with a high degree of thoroughness. In addition to those services described in the “basic level”, Prudential Associates will conduct numerous hours of analysis time to recover and identify data which may require manual/advanced recovery processes. This includes identifying files specifically associated with malware/keyloggers/surreptitious access software as well as identifying behavior that is indicative of these programs being currently or previously active on the examined device. This level of thoroughness ensures that there is sufficient examiner time to utilize “due diligence” and take necessary preparations/documentation to stand up to the scrutiny of opposing forensic experts. This level of thoroughness is considered the equivalent of a computer forensic exam that a police department or federal agency would undertake in a major criminal investigation.

What you can expect to receive under the Standard Level

  • Scan of the computer/cell phone using numerous forensic-grade malware detection programs
  • Review of known system settings to determine if there is any apparent evidence of malware/surreptitious programs
  • Detailed analysis of processes running on the system in order to identify legitimate processes from suspicious/malicious processes
  • Detailed analysis of inbound/outbound network connections and ports including investigation of any suspicious IP addresses
  • Detailed analysis of system logs (including deleted entries) to identify suspicious/malicious activity.
  • Detailed/exhaustive search of file system and unallocated space for evidence of malware files/data as well as malware behavior
  • Response to specific suspicious issues/symptoms described by the client
  • A detailed forensic analysis report
  • Certification of results/later expert witness testimony
  • A detailed forensic analysis report
  • Recommendations to mitigate risk of malware programs and improve your security
  • Turn-around time will be approximately 21-30 days.

The Standard Level is recommended for:

  • Clients who want a properly-funded, thorough forensic exam.
  • Cases in which the subject used an intermediate method to compromise the system (i.e. off-the-shelf keyloggers or other surreptitious access/remote access methods.

Cases in which the subject’s technical/computer abilities are more advanced than that of the average user.

Thoroughness

Advanced examination

This level of thoroughness is considered an advanced/comprehensive computer and network forensic examination. This level of thoroughness provides sufficient man hours for a team of forensic examiners to conduct exhaustive analysis of data, advanced recovery of deleted data, and utilization of advanced keylogger/surreptitious access methods beyond that of a “standard” forensic exam. As compared to the standard level, the advanced level will provide the ability to monitor ongoing computer and network activity over a period of time. With this level, Prudential Associates will retain the digital evidence/results for 1 year after the forensic examination’s completion date. This level of thoroughness ensures an exhaustive and comprehensive digital forensic examination, subsequent reporting, and expert witness testimony, exceeding that of a computer forensic exam that of most police departments or federal agencies.

What you can expect to receive under the Advanced Level

  • Ongoing analysis of the computer/network over a period of time.
  • Scan of the computer/cell phone using numerous forensic-grade malware detection programs
  • Review of known system settings to determine if there is any apparent evidence of malware/surreptitious programs
  • Detailed analysis of processes running on the system in order to identify legitimate processes from suspicious/malicious processes
  • Detailed analysis of inbound/outbound network connections and ports including investigation of any suspicious IP addresses
  • Detailed analysis of system logs (including deleted entries) to identify suspicious/malicious activity.
  • Detailed/exhaustive search of file system and unallocated space for evidence of malware files/data as well as malware behavior
  • Response to specific suspicious issues/symptoms described by the client
  • A detailed forensic analysis report
  • Certification of results/later expert witness testimony
  • A detailed forensic analysis report
  • Recommendations to mitigate risk of malware programs and improve your security
  • Turn-around time will be approximately 21-30 days.

The Advanced Level is recommended for:

  • Clients who want an exhaustive/advanced digital forensic exam.
  • Cases in which the subject used advanced methods to compromise the system (i.e. customized malware for a specific purpose, “zero-day” attacks, and techniques commonly associated with “hackers”).
  • Cases in which the subject’s technical/computer abilities are considered advanced.
  • Cases in which the subject has likely gone through great lengths to delete/conceal evidence of the surreptitious access.
  • Cases in which the subject has taken advanced steps to delete files and hide data; the subject has utilized specialized software to securely wipe/delete data from the computer, including reformatting.
Thoroughness