Computer forensic analysis for companies

• Types of Computer Forensic Analysis
  • Forensic analysis of operating systems
  • Forensic analysis of computer networks
  • Forensic analysis of mobile devices
  • Forensic Services Analysis Cloud
• Steps of a computer forensic analysis
  • SITUATION ANALYSIS
  • Reconstruction of evidence
  • Data study
  • Corrective actions

It is the set of techniques to rebuild the data structure of a file, either because it has been deleted or for finding hidden data within a computer system. The whole process makes it possible for the identification, preservation, analysis and presentation of the information collected, to be evidence that guarantee the validity of the data before a judicial process.

This whole process is carried out once the incidence has been detected and is available for all types of device that stores data. With this, we can collect all the information and find out everything related to the incidence, such as guilty, accomplices, causes ...

Types of Computer Forensic Analysis

To have an exhausted analysis, the best option is to divide the process into various types of computer analysis.

We must emphasize that all information collected will be guarded and filed by professionals where it cannot be modified by anyone so that it can be validated before judicial processes.

Forensic analysis of operating systems

It is the part of analyzing the computers involved, work stations or servers, with the aim of collecting all the information related to this type of forensic analysis.

In the analysis, both data that can be seen with the naked eye will be collected as well as the hidden data. Likewise, the systems will be analyzed in search of deleted data, through high level tools of forensic analysis.

Forensic analysis of computer networks

It is the process by which, all the information related to the computer networks of an infrastructure will be collected, monitoring all the activity that was carried out at the time of the precursor action of the forensic analysis and analyzed all the data collected.

All this exposed in a report where it can be discovered if any source of attack, such as viruses, intrusions from outside, within the network or traffic of the organization.

This analysis should not be carried out once the criminal act has been performed, but should be carried out continuously, so that the company or organization is safer in front of threats.

Forensic analysis of mobile devices

More and more, employees are equipped with mobile phones to facilitate work. Therefore, the forensic analysis of mobile devices has increased significantly.

The objective in this part is to collect and/or recover all the existing or erased information that is possible from a mobile phone or even a tablet.

To do this, the conservation of the criminal act must be collected through tools. These tools are quite expensive and the best option is to hire a forensic analysis of mobile devices.

These tools will make an exact copy of the entire phone or tablet to be able to analyze it later, safely.

Forensic Services Analysis Cloud

Currently the data is not only on computers or mobiles, more and more companies choose to have all the data in the cloud. Therefore, forensic analysts must be updated and adapt to new technologies.

Therefore, the forensic analysis of cloud services is the action of gathering all the information that can be stored in the cloud.

The forensic team must contact all existing suppliers of the organization that provide Cloud Service. Once the access will be achieved, all the existing information for the subsequent analysis will be collected.

Steps of a computer forensic analysis

SITUATION ANALYSIS

Collection of all the information that will constitute the foundations to rebuild a copy or replica of the data source. Within this step, detailed planning will be developed for the next steps or tests to be performed.

At this initial point, both existing data and those that could be deleted will be collected.

Reconstruction of evidence.

Once we have all the data, whether pendrive, hard drives, cloud files, password files ... Analyzed and organized for later diagnosis.

Data study.

At this point we will have the results where the tests that have been carried out with the data will be detailed. Detailed reports on the data obtained will be made, where the affected, material authors of the fact will be exposed clearly, if there were complicit, weaknesses ....

However, another report will be developed where recommendations or actions that will be carried out after the analyzed incident will be detailed, as well as vulnerabilities found.

Corrective actions

With the previous reference report, the necessary actions will be put into practice to avoid or minimize the impact of the incidence analyzed