Digital Forensics
NXTKey has had a Digital Forensics Practice since 2010 when we started supporting a US Federal Agency with its investigations into computing and mobile devices. Initially this was done under the umbrella of our Cyber Security practice, however it was soon determined that this was a unique area with a need for focused skillsets and knowledge of specific tools.
Our Digital Forensics practice today supports multiple agencies with its Collection, Examination, Analysis and Reporting of data for Mobile, Tablet, Vehicle GPS, IOT and Drone Investigations. Our digital forensics practitioners have a wide variety of tools in their kit which gives you a sense of the sorts of tasks they can complete:
- Disk and data capture tools
- File viewers
- File analysis tools
- Registry analysis tools
- Internet analysis tools
- Email analysis tools
- Mobile devices analysis tools
The process model our digital forensics practitioners use can vary, however below are the four basic steps:
- Collection, in which digital evidence is acquired. This often involves seizing physical assets, like computers, phones or hard drives; care must be taken to ensure that no data is damaged or lost. Storage media may be copied or imaged at this stage in order to keep the original in a pristine state for reference.
- Examination, in which various methods are used to identify and extract data. This step can be divided into preparation, extraction and identification. Important decisions to make at this stage are whether to deal with a system that’s live or dead.
- Analysis, in which the data that’s been gathered is used to prove or disprove the case being built by investigators. For each relevant data item, investigators will answer the basic questions about it — who created it? who edited it? how was it created? when did this all happen? — and attempt to determine how it relates to the case.
- Reporting, in which the data and analysis are synthesized into a format that can be understood by stakeholders. Being able to create such reports is an absolutely crucial skill in digital forensics.