DIGITAL FORENSICS

Acquisition, preservation and analysis of digital evidence with judicial validity

WHAT IS DIGITAL FORENSICS?

Digital Forensics, or computer forensic investigation, is a specialised discipline involving the acquisition, preservation, analysis and presentation of electronically processed data stored on digital media.

When conducting forensic investigations, ASESORA follows the international standards ISO 27037, Guidelines for identification, collection, acquisition and preservation of digital evidence, as well as ISO 27042, Guidelines for the analysis and interpretation of digital evidence.

We also rely on best practice guidance issued by internationally recognised institutions such as NIST (National Institute of Standards and Technology), NIJ (National Institute of Justice) and ACPO (Association of Chief Police Officers). This documentary framework provides guidelines both for the collection, preservation and acquisition of digital evidence, and for its subsequent analysis and interpretation.

 

The chain of custody enables digital evidence to be presented with all necessary safeguards, preventing prejudice to the opposing party and unequivocally guaranteeing the identity of the data analysed and acquired.

WHO NEEDS A DIGITAL FORENSICS SERVICE?

Companies or private individuals affected by cyberattacks, malware, inappropriate email use or similar incidents who require a complete, authentic and reliable report documenting the event, as well as an assessment of the resulting impact on the business (financial losses, reputational damage, loss of profits, etc.), or who face potential civil liability claims arising from the loss or transfer of information.

Request Information

OUR WORKING PROCESS

Our interventions generally include the following stages:

Collection

At this stage, potentially relevant computer systems are identified and data acquisition is carried out using advanced non-intrusive techniques, meaning without altering the information stored on the device.

Acquisition is performed taking into account data volatility, collecting the most volatile information first (for example, RAM memory), while less volatile data such as external hard drives is acquired later.

Preservation

The acquisition stage gives rise to the concept of chain of custody, used to guarantee the preservation, integrity, authenticity and availability of the information.

This is achieved through the generation of digital signatures (hash values) for the acquired files, allowing the information obtained to be uniquely identified.

Analysis

This is the technical phase of the process, in which specialised hardware and software tools are used to examine the acquired evidence and locate relevant information connected to the matters under investigation.

 

Presentation

Throughout the analysis process, all actions undertaken are documented and compiled into a Forensic Expert Report setting out the most significant findings relating to the incident and the results of the examinations carried out.

EXPERT WITNESS BEFORE THE COURTS

Our experts are highly experienced forensic specialists, ensuring that all reports produced meet the standards required by the courts.

The methodology employed, supported by chain of custody procedures, provides the analysed information with all legal safeguards required for it to be admitted as evidence in judicial proceedings.

 

In addition to the specialist expertise of our computer forensic professionals, ASESORA’s team also possesses knowledge across other industrial and technical fields, strengthening and validating the expert opinions issued.

MOBILE DEVICE ANALYSIS

The information contained in mobile phones, tablets and similar devices has become a highly valuable source of evidence for investigations. However, due to the volatility of such data, recovery becomes more difficult as time passes.

These devices have become the preferred means of daily communication, whether through email, instant messaging (WhatsApp, Telegram, etc.) or social media (Twitter, Instagram, Facebook, etc.).

Rapid intervention is essential in order to prevent data loss inherent to these devices and to acquire the data contained within the mobile terminal while preserving the chain of custody for subsequent analysis.

Request Information

Manual and logical acquisition processes make it possible, in most cases, to obtain the information required to analyse relevant data such as:

  • Instant messaging conversations
  • Information from applications installed on the device
  • Text messages (SMS) and multimedia messages (MMS)
  • Wireless access data (Wi-Fi, Bluetooth)
  • Call logs
  • GPS locations
  • Multimedia files

DIGITAL FORENSICS SERVICES

    • Forensic acquisition of electronic devices, mobile devices, computers and servers
    • System recovery and forensic analysis
    • Email analysis
    • Recovery of deleted files
    • Technical expert reports
    • Forensic data analysis
    • Analysis of anti-forensic techniques

    The services provided also allow reports to be prepared for different purposes, including:

    • Fraud tracing (phishing, smishing, pharming, etc.)
    • Forgery of documents, photographs and multimedia material
    • Inappropriate use of email
    • Cyberattacks
    • Identity theft
    • Malware incidents

As a complement to digital forensic analysis, it is often necessary to assess the resulting damage or losses caused. For this purpose, ASESORA also offers its clients a Forensic Accounting service.