DIGITIAL FORENSICS

Cloud forensic is a subset of digital forensics based on the unique approach to investigating cloud environments. In the cloud, data can potentially exist anywhere on earth, and potentially outside of your law enforcement jurisdiction. This can result in control of the evidence (and the process of validating it) becoming incredibly challenging.

In cloud forensic, sometimes cloud service providers create obstacles to the collection of evidence. If the proper methods and procedures aren’t deployed, the chain of custody of evidence may be inadmissible in court. Prudential Associates is a digital forensics service provider. The company has experience working with multiple computing assets, such as virtual and physical servers, networks, storage devices, and applications.

If you suspect that your device (phone or computer), network, and/or communications security has been compromised by hacking, the use of spying applications, keylogging, or by other means, please contact Prudential Associates. We have a lot of experience on digital forensics.

Prudential Associates provides a wide variety of digital forensics services. We can examine a device or machine in an attempt to determine how compromised the device is, the method by which it was compromised, and to potentially gather information relating to the party responsible for the compromise.

Prudential Associates offers three levels of examination. Please contact us for details on services and costs.

Basic  Examination

This level of examination provides a basic scan of the device using multiple digital forensics-grade tools and malware scanning programs.

What you can expect to receive under the Basic Level:

• Scan of the computer/cell phone using numerous digital forensics-grade malware detection programs
• Review of known system settings to determine if there is any apparent evidence of malware/surreptitious programs
• Basic “summary” digital forensics analysis report (1-2 pages)

The Basic Level is recommended for:

• Cases in which a subject has likely used basic/rudimentary methods (i.e. remote desktop, other basic attempts) to access the system.
• Cases in which the subject’s technical/computer abilities are equivalent to that of the average computer user.
• Cases in which the subject has not gone through great lengths to delete/hide evidence of the surreptitious access/malware.
• Clients who do not intend to use the results in court.

Standard Examination

In addition to those digital forensics services described in the Basic Level, Prudential Associates will conduct numerous hours of analysis to recover and identify data, which may require advanced processes; this includes identifying files specifically associated with malware/keyloggers/surreptitious access software, as well as identifying behavior that is indicative of these programs being currently or previously active on the examined device. This is considered the equivalent of a computer forensics exam that a police department or federal agency would undertake in a major criminal investigation.

The Basic Level is recommended for:

• Cases in which a subject has likely used basic/rudimentary methods (i.e. remote desktop, other basic attempts) to access the system.
• Cases in which the subject’s technical/computer abilities are equivalent to that of the average computer user.
• Cases in which the subject has not gone through great lengths to delete/hide evidence of the surreptitious access/malware.
• Clients who do not intend to use the results in court.

Standard Examination

In addition to those digital forensics services described in the Basic Level, Prudential Associates will conduct numerous hours of analysis to recover and identify data, which may require advanced processes; this includes identifying files specifically associated with malware/keyloggers/surreptitious access software, as well as identifying behavior that is indicative of these programs being currently or previously active on the examined device. This is considered the equivalent of a computer forensics exam that a police department or federal agency would undertake in a major criminal investigation.

What you can expect to receive under the Standard Level:

• All services from Basic Level, plus:
• Detailed analysis of the processes running on the system in order to differentiate between legitimate processes and suspicious/malicious processes.
• Detailed analysis of inbound/outbound network connections and ports, including investigation of any suspicious IP addresses.
• Detailed analysis of system logs (including deleted entries) to identify suspicious/malicious activity.
• Detailed/exhaustive search of the file system and unallocated space for evidence of malware files/data, as well as malware behavior.
• Response to specific suspicious issues/symptoms described by the client.
• Certification of results and later expert witness testimony.
• A detailed digital forensics analysis report.
• Recommendations to mitigate the risk of malware programs and improve your security.
• A turn-around time of approximately 21-30 days.

The Standard Level is recommended for:

• Cases in which the subject used an intermediate method to compromise the system (i.e. off-the-shelf keyloggers or other surreptitious access/remote access methods).
• Cases in which the subject’s technical/computer abilities are more advanced than that of the average user.

Advanced examination

A team of digital forensics examiners will conduct an exhaustive analyses of data, advanced recovery of deleted data, and utilization of advanced keylogger/surreptitious access methods beyond that of a “standard” forensic exam. Compared to the Standard Level, the Advanced Level  provides ongoing computer and network monitoring . Prudential Associates will retain the digital evidence/results for 1 year after the forensic examination’s completion date. This level exceeds that of a computer forensic exam from most police departments or federal agencies.

What you can expect to receive under the Advanced Level:

• All services from Standard level, plus:
• Ongoing analysis of the computer/network over a certain period of time.

The Advanced Level is recommended for:

• Cases in which the subject used advanced methods to compromise a system (i.e. customized malware for a specific purpose, “zero-day” attacks, and techniques commonly associated with “hackers”).
• Cases in which the subject’s technical/computer abilities are considered advanced.
• Cases in which the subject has likely gone through great lengths to delete/conceal evidence of the surreptitious access.
• Cases in which the subject has taken advanced steps to delete files and hide data; this includes cases in which the subject has utilized specialized software to securely wipe/delete data from the computer, including reformatting.

Computer forensics is a part of digital forensics. If you or your client are looking for computer forensics investigative services anywhere in the United States, Prudential Associates can provide clients with the assurance that any data recovery or restoration work they need follows all best practices and regulations and is performed to the highest standards.

Additionally, our state-of-the-art forensically sound acquisition practices allow us to provide superior digital forensics services to our clients for presentation in a courtroom setting.

Our wide range of investigative services includes:

• Data Extraction
• Data Recovery
• Internet Forensics & Investigations
• Mobile Phone Forensics
• Fraud Investigations
• Digital Theft
• BYOD Security & Policies

Whether it’s a simple case of a cheating spouse, or a more complex case involving, for example, corporate theft, executive protection, or even government agencies, our investigative team has years of experience managing a spectrum of case types and is happy be of service.

Members of our team bring experience from a variety of backgrounds. They include, for example, former FBI special agents, former CIA officials, former U.S. State Department officials, and other experts in all aspects of international crime and terrorism.

What if my data is lost?

Working with any digital platform and/or browser, whether it is Windows or OS X, our team can assist with password recovery, recovering lost or deleted emails, analyzing metadata, and retrieving information on Internet activity through .
At Prudential Associates, we guarantee due diligence and perfection in the computer forensics process in order to provide you with the strongest possible case in a court of law.

Getting Started

Contact us today if you have any questions about our digital forensics services or if you’re ready to contract the best forensic computer experts to handle your needs.

What is eDiscovery?

The term ‘eDiscovery’ refers to the electronic facet of collecting, isolating, and producing electronically stored information (ESI) in response to relevant requests in a lawsuit and/or criminal investigation; such information includes, though is not limited to, web sites, electronic documents, video footage, computer-aided design files, digital images, audio files, and any other electronically stored information that may constitute relevant evidence in a lawsuit. It is also a part of digital forensics.

The Steps to Proper eDiscovery

1. Identification: The first integral step is the identification of relevant electronically stored information (ESI). The sources from which ESI may be obtained include, though are not limited to, web sites, electronic documents, video footage, computer-aided design files, digital images, audio files, etc. To ensure that all relevant information has been discovered, it is imperative that all relevant sources are thoroughly considered when attempting to identify ESI,
2. Preservation and Collection: Once data from appropriate sources has been identified, it is necessary to collect all electronically stored information applicable to the case at hand; this information should be subsequently, and promptly, isolated and stored in such a way as to render it legally defensible, as well as to ensure that the information cannot be altered or destroyed.
3. Processing, Review, and Analysis: In order to remove any excess or duplicate information, it is necessary to review and process the collected ESI. By analyzing the ESI obtained, one is able to identify that which is of the highest importance with regards to the case at hand, thereby facilitating the isolation of any superfluous, redundant, or unnecessary information.
4. Production: After filtering out all irrelevant, redundant, and superfluous information, one moves on to the production phase of eDiscovery, which simply involves preparing all of the collected ESI for use in court and delivering the ESI to those involved.
5. Presentation: At this point, those involved in collecting and producing the ESI will present their findings at trial, if the case hasn’t settled. The ESI collected will be displayed before all individuals present, especially in native forms, in order to authenticate existing positions, prompt further investigation, or persuade all individuals involved.

The Prudential Associates Method

At Prudential Associates, we understand the importance of thorough, accurate, and appropriately conducted research. We utilize a combination of the most recent, cutting-edge eDiscovery platforms, as well as numerous in-house developed programs designed to carry out very specific tasks otherwise not covered. The experts at Prudential Associates are able to tailor our technological capabilities in such a way as to meet, and exceed, the specific needs of each case we handle, thereby assuring top-quality eDiscovery results at an extremely competitive price.

Our digital forensics team provides the following litigation and eDiscovery services:

• Evidence Collection and Analysis
• Subjective document review;
• Early Case Assessment (ECA); and,
• Web-Based Matter Hosting (i.e. secure, web-based review of cases).

For more information regarding eDiscovery and how Prudential Associates can support you, please contact our corporate office in Rockville, MD.

Beyond individuals, companies, and law firms, our experience and team of experts routinely works with various law enforcement agencies (locally in Maryland as well as nationally) to provide support for with multiple types of criminal investigations. Often, our firm will act in a consultative manner to partner with law enforcement agencies by providing resources, equipment, and/or advice. Our state-of-the-art digital forensics lab has been utilized by multiple agencies in the past to assist with active investigations.

In addition to tactical and strategic support for agencies, Prudential Associates also has strong ties with agencies around the country by way of employing active, off-duty officers for specific protection services and projects.

The explosion of mobile devices, including phones and tablets, over the last two decades has produced an equal amount of data that is often critically necessary during litigation. Mobile device forensics has emerged as an important field of digital forensics.

The digital forensics process usually consists of three stages: acquisition and imaging of exhibits, analysis, and reporting.
For investigations requiring retrieval of data from a mobile device, various tools and methods such as SIM card imaging and app analysis can produce evidence that is often the difference in cases where crimes involve the use of a mobile device. Complicating this work are the evolving methods of locking phones (e.g. the use of biometrics) and the portability and synchronicity of data to cloud services that sometimes results in data not being saved to the device.

For more information about digital forensics investigations in Maryland, Washington DC, or Virginia and how Prudential Associates may help, contact us today.