Digital Forensics Expertise

Digital Forensics Expertise

  • Identify and preserve digital evidence stored on computer systems, cellular phones, digital storage media and other repositories of electronically stored information.
  • Conduct computer forensic examinations and high-tech investigations for corporate & government agencies and individuals throughout the India.
  • Detect and audit internal security threats for corporate clients; support employee relations investigations using the latest technologies and techniques.
  • Monitored network infrastructure and perimeter systems for evidence of compliance violations, internal threats, data leaks and rogue computer/network devices.
  • Responsible for conducting sound computer forensic analysis and maintaining strict media chain of custody using protocols and procedures in line with established guidelines and company policies. Acquire and preserve computer media in either a lab setting or through onsite data capture or seizure. This involves creating bit-to-bit forensic copies of original media for legal and investigative purposes.
  • Perform data recovery, including both file and email recovery, on electronic media to be analyzed during the course of a computer forensic investigation.
  • Interact with Project Management to provide the highest quality of output in order to meet the customer’s desired outcomes. This includes interaction with Managers, Case Managers and ESI Discovery Consultants.
  • Conduct investigations involving analysis of electronic media. Examination analysis conducted includes but is not limited to:
    • Searches for evidence of financial fraud and theft of trade secrets on computer media from desktops, laptops, and server platforms.
    • Searches for evidence of reformatting, dates of reformatting, and utilities used to wipe or copy data from electronic media
    • Locating evidence of improper removal, duplication, destruction, or transmission of e-mail messages or files.

Digital Forensics Research

  •  Cloud Forensics
  • Document Identity & Identification
  • Next3 File System

Encase v7 & Prodiscover incident response

  • Incident response – quickly investigate and positively determine if any compromises have been made to your systems as the result of an incident – without taking your system out of service.
  • System audits – effectively audit systems throughout the network to insure that they have not been compromised.
  • Internal investigations – investigate and monitor internal computer systems to insure compliance with the  corporate.
  • Computer forensics – thoroughly examines all data on a computer system, locate any evidence that is stored on that system and safely preserve that evidence for use in an auditors.
  • Digital discovery – find and produce evidence quality electronic documents for civil & corporate proceedings.

FINANCIAL FRAUD INVESTIGATION

  • Financial fraud investigation: – financial fraud investigation for one of the BSE listed financial institution. The scope of work includes analyzing financial vouchers of more than 50 different regions India. The investigation was carried out on pan India basis which covers almost 5 TB of data.
  • Fraud investigation: – forensics investigation of critical data loss, physical system theft in leading bpo company. Where scope of investigation was in admin & system department. Digital investigation using EnCase & PIR was carried on servers, inventory audit reports, video cameras & nas.
  • Financial fraud investigation: – the case was to investigate a tally server on which internal employee had created fake entry of company. On the behalf of this he has committed multiple financial transactions.
  • Insurance sector investigation: – the scope of work was to investigate voice samples for any wrongful alteration in it. The scope of work was to investigate 1000 call center voice sample.

 

CORPORATE INVESTIGATION

  • Espionage: – forensics investigation for leading manufacturing company, scope of work to investigate stolen design & analyze the case over active data. The scope includes nas device, 10 laptops. The challenge was to identify & map stolen design with mass storage devices.
  • Manufacturing sector investigation: – one of the leading manufacturing firm was suffering through a financial loss & it is because of internal resource of company was forwarding the vice presidents emails to competitor. The scope of work to identify data leakage source from senior management team. Entire investigation was carried out as covet operation. In this investigation i have carried out analysis on 15 laptops, one storage system of 3tb &, email server, firewall logs.
  • Investigation: – lead examiner for investigation of staff for medium-sized hr Payroll Company for fraudulent activities involving expense fraudulent client accounts and corporate issue. Scope of investigation was to find the financial & client data from suspected system.
  • Forensics data recovery over nas / backup storage: – performed data recovery on damaged digital storage devices like segate nas / iomega nas / next3 file system.
  • Data tamper analysis: – the case was for the investigation of tampered value with audited reports. The scope of investigation was to identify the internal resource who has accessed the curtail audit reports & tampered it for benefit of his/her duty. The technical scope of investigation covers workstations, network storage systems.
  • Breach of policy & data loss: – the scope of investigation was to identify the internal resource who has accessed the curtail project financial information & taken away from premises of company. The technical scope of investigation covers laptops, workstations, email server, network storage systems and smart phones. The data discovery carried out on 10 tb of space using EnCase, PIR & dtsearch , internet evidence finder.
  • Intellectual property disputes: – pune based leading designing & automobile company from which trusted resource of organization has stolen registered die design & he has started his own company by launching same kind of product in market.
  • Corporate sabotage: – forensics services provided for one software company for sabotage case. Where one of the team members of hr has knowingly destroyed crucial documents of employees.
  • Compliance breach: – consultation & forensics services for leading uk based healthcare bpo. Where auditor of the company found suspicious activity & crucial data of client was rested on one of the system. Investigation scope was to find as how much & what kind of crucial data rested within a team. Forensics analysis was carried out on 25 systems & 2 laptops. Whole investigation was carried out as covet operation.

INCIDENT RESPONSE

  • Incident response management: – consultation provided to for application hacking incident where the application was redirecting to some chine’s website for some instance. Scope of investigation was network traffic on router, firewall & proxies then the application & web server collecting all logs for next level analysis.
  • Forensics incident response & anti-forensics: – incident analysis of compromised Linux server for leading govt organization. Where scope of work was to provide incident response to issue which was occurred & malware analysis on 10 computers & 2 servers. With respect to anti-forensics wiping of system with minimum 3 level of pass.
  • Anti-forensics :-
  1. Anti-forensics activity carried out on NAS of 4 tb using encase for wiping specific digital traces of files.
  2. Identification & analysis of file signature trace, specific keyword based searching & respective wiping.

  Cyber forensics consultation & training

  • Consultation & training of digital forensics software & hardware to Bank of America & Merrill lynch head office India. End customer belongs to global information security team.
  • Consultation & training of digital forensics software & hardware to oracle financial services India. End customer belongs to information security team.
  • Digital forensics training of CEH & CHFI to international candidate. I have trained more than 100 cooperate candidates & 500 college students on digital forensics, cyber crime, vulnerability assessment & penetration testing. Special investigation training program conducted for pune university HOD /Sr.Professors.
  • Digital forensics investigation product deployment
  • Implementation & training provided to DFS lab.
  1.  Prodiscover incident response is incident verification and system auditing tool
  2.  Gargoyle malware analysis is designed for forensic laboratories and field Investigators.

Digital Forensics Implementation

  1. ICS im-solo4 is hard drive forensic duplicator, ics – sdl is super drivelock write blocker/write protector- hard drive write protection device. Software backbone steganalyzerss & investigation support for lea.
  2. Carry-a-lab is portable vehicle based digital forensics lab carry-a-lab is combination of 10 different sophisticated digital forensics software.