Sentor
Home Managed Security Services Professional Services
Incident Management
IT Forensics
Security Analysis Security Advisory Service PCI DSS
News About Sentor Contact us
Sentor MSS UK
31 Museum Street
Bloomsbury
London WC1A 1LG

Phone: +44 75 00 88 64 36
E-mail: info@sentormss.com


Page in Swedish In Swedish

IT Forensics

We investigate crimes - quickly and successfully

plug When a company is victim to an IT-related crime, large resources, experience and attention to detail are required in order to correctly perform a forensic investigation. Digital evidence is easily corrupted, and many times well-meaning administrators have ruined the chances of a successful investigation by trying to solve the problem without expert assistance. In some cases the computers may also be “booby trapped” so that evidence will be destroyed if the computer is used by someone other than the perpetrator.

Proven methodology

We perform forensic investigations according to our well established methodology. First we track down, preserve and prepare all relevant evidence. Then all network activities are reconstructed around the time of the crime, step by step, with full documentation of dates and times.

The resulting evidence will clearly and simply show; what has happened, which actions have been performed by whom, and who is guilty of what.

Case: The recent intrusion into the network of the Swedish Social Democratic Party

The intrusion into the network of the Swedish Social Democratic Party in September 2006 is a recent example of our competence within the field of IT forensics. Sentor's forensics personnel secured evidence of the intrusion leading to the arrest of several suspects, all of which were prosecuted and brought to trial in April 2007.

Contact us

If you have, or think you have, been a victim of an IT-related crime, contact Sentor immediately so that we can initiate an investigation as soon as possible.

+46 8 545 333 00

info@sentormss.com

Please feel free to contact us regarding IT forensics in general.

Top of page
IT Security News
How a forensic investigation is carried out
  • Documentation of all equipment and software covered by the investigation, as well as documentation of any actions the investigator has performed to extract evidence. This is done in order to show that all material has been preserved in the same state as it was at the initiation of the investigation. This is called “to maintain a correct chain of custody”.
  • Collection and documentation of evidence from other data sources, such as backup tapes or log files.
  • Collection and documentation of other types of evidence, such as notepads, books, photographs, or other types of items that can be found at the desk of a suspect.
  • Determination of a method and course of action for finding evidence.
  • Collection and documentation of evidence.
Suggestions if you suspect that an IT-related crime has been committed

Preserving digital evidence requires planning and trained personnel. If you suspect that an IT-related crime has been committed against you, or through the use of your equipment, you should obey the universal rule of crime scene investigations: DO NOT TOUCH ANYTHING. If the computer is turned on, leave it on. If it is turned off, leave it off. Do not ever try to run any programs on the computer.

Any use of a computer that has been part of an IT-related crime, either as victim or attacker, may corrupt digital evidence, rendering the investigation useless, and limiting the possibility of a successful prosecution in a court of law.

© Sentor 2009