Internet & Network Forensics

1. Computer forensics deals with the end-user operated computer devices. Whenever digital information is transferred from computer to another it utilises a network whether this be a Local Area network (LAN) or a wider area network such as the global Internet. For instance the pathway an employee’s email message travels is usually from their computer across a local network to the company email server. From here it travels out through the company router and up the line through the ISP’s routers and often on through several other routers and email servers till it arrives at a final email server. It is then collected by some persons device be it a computer, smart phone, or a multitude of possible devices.
   
   At every point be it a router or email server the email message leaves a ‘fingerprint’ and it is Internet and Network Forensics which must be engaged in order to recover vital evidence and explain what has transpired.
   
   Typical cases also involve unauthorised access.by Internet-located attackers into the internal network of a home or company. Once access has been gained through the network firewall router access is then gained to the local computer systems. This can result in a myriad of exploits with data being stolen, network performance hampered, functionality of the whole network brought to a halt or even worse toolkits placed on local computers for subsequent use by the attacker at a later date.
   
   Attacks can also commence from a computer located within an office by software being run on a local computer. Often this occurs through the clicking of links within emails, which download and install malicious code. In other cases trusted software laden with malicious code is downloaded from a website. Once a network has been compromised it is a very specialised task to locate and preserve evidence locating the local source of the attack, disabling the attack, identifying the origins of the infection, and implementing strategies whereby the same intrusion may not occur again.
   
   We are certified trained Ethical Hackers, to forensically gathering such evidence. We are trained in forensically collecting evidence of such intrusions, carrying out testing of networks to identify security vulnerabilities, and in the recommending of strategies and methods to increase security and harden networks.

2. Internet Investigations
   Many enquiries we receive on a daily basis relate to website-located information. Defamatory blog postings, threatening emails, illegal images, -all require digital investigation. Every action leaves a digital finger print, Emails and blog postings can be traced, ISP’s identified, and account holder physical addresses obtained.
   
   We assist in preserving the evidence (which may disappear at any moment) and then forming a strategy for the investigation. In the case of identification of the author of blog postings this may involve steps such as: viewing and preserving the blog post, searching for other web sites containing same content, identifying the host for the web site, identifying contact details and physical location, assisting in affidavit preparation, identification of IP addresses and ISP details in order to identify the person who placed the blog post.
   
   In any event we can guide and assist in all steps of the process of identifying and preserving evidence, identifying the various persons and entities requiring any legal action necessary to produce account holder information, and tracing back to the persons responsible for the particular incident.