A Business Tool
Computer forensics has become an increasingly important part of IT security. A 2003 survey carried out on 201 companies by the National High Tech Crime Unit (in the UK) showed that computer related crime is costing an estimated 195 million nationally and within these figures over a third of this crime involved company employees. Given these statistics, many companies would not find it too difficult to make a compelling business case to make sure both data and systems are as secure as possible.
Computer forensics entails gathering and examining data from a range of electronic media not just computers - and this data can take the form of photographs, downloaded images, text, documents, emails, internet pages and any other information that is stored to a hard drive. This data or evidence can then be used in a court of law, employment tribunal or simply as a sample of evidence to present to an individual under suspicion.
Even with suitable software investigations can be time consuming, but can also produce some stunning and unexpected results.
Employee Misuse and Fraud
Employee misuse and fraud crimes are on the increase and can vary from the misuse of computer systems to the theft of corporate and financial data. These crimes can occur due to disgruntled employees taking revenge, underemployed employees looking to take advantage of their situation or simply employees engaging in criminal activity. The possibility that the employee sitting next to you could be committing offences while they work is certainly very real and one doesn't have to look very far in the local or national press to read cases of employees caught looking at pornography, accessing confidential company information or stealing data.
Combating these types of computer related crimes can be very expensive, particularly for small businesses; however, being proactive in spending the right amount on the security of systems and data is a good place to start. Effective and regular monitoring of systems is also a good idea in trying to make it more difficult for individuals to commit offences (and get away with them) in the first place. However, with all the security and prevention techniques in the world, businesses find it very difficult to be 100% successful in stopping employees taking part in these crimes whether they be misuse or criminal activity and this is where computer forensics is a very useful tool.
Computer forensics is usually required after an incident has taken place and is a very effective option in providing evidence of misuse or crime. Forensic work is effective in detecting or identifying suspect activity as the methods used focus on the individual's usage of equipment over a period of time. Computers automatically log when and how images, text and documents were last created, viewed or modified and together with physical time and date activity the investigator can match an activity to an individual.
Evidence and Data Gathering
Securing the continuity and validity of electronic data and evidence in proving computer misuse and criminal activity can be a real problem. Problems often arise inside companies when IT Staff or Senior Management fail to resist the temptation to investigate equipment themselves and this can have serious consequences. One of the most crucial elements of computer forensic investigations is the preservation of evidence and non experts can easily overwrite time and date information (the digital fingerprint) by accessing material themselves. This time and date information is vital in proving when data or images were modified or viewed. The time and dates stamp elements are particularly important in working environments where more than one person has access to a piece of equipment, e.g. a computer in an open office used by several members of staff during the day.
A computer forensics expert will be able to limit the potential for damage to data or evidence by following the ACPO (Association of Chief Police Officers) guidelines for retrieving electronic evidence.This should ensure that the investigator knows how and where to look for information without compromising any potential evidence hence it is very important for non-experts to resist the temptation to look at data or evidence without contacting an expert.
Employing Forensic Experts
Companies faced with a suspected criminal or misuse case need to know how to go about making sure that they follow the right steps in order to preserve evidence and avoid alerting the individual in question. The good practice ACPO guidelines are what most UK computer forensic investigators rigorously follow, but for the non-expert a few simple rules are important for preserving data for evidence purposes:
(Note: Once a suspect or suspicious activity has been identified it's a good idea to start making notes on the dates and times that an individual has been using the computer or equipment in question. This narrows down and identifies all possible users and the times at which a suspect may have had access.)
The advisable steps to follow are:
- Call in an expert to advise on possible courses of action
- Do not alert the individual or anyone else
- Do not tamper or attempt investigation yourself, you may interfere with evidence
- Do not switch the machine on or off, isolate the power source instead
- Make sure all ancillary equipment, CD's, floppy disks, thumb drives and PC equipment are stored securely
Computer forensics experts are specialists and may also be able to provide advice on security issues. Computer misuse has become so common that detection and effective monitoring of electronic activity, as part of a solid computer usage and monitoring policy, should now be a cornerstone of any IT or personnel policy. All employees need to know that they are subject to computer usage policies and be made aware that the employer has some right to monitor this usage (data protection and privacy laws are involved here and the subject needs to be approached with caution).
An example of computer forensics in action
A senior operations manager became suspicious of an individual who often worked late without producing results of increased productivity.
The manager decided to ask his IT Manager to look at some of the activity on the network in general outside of normal office hours to see if there were any irregularities. This network analysis showed some high volume email activity during the hours that the individual was working.
Without alerting the individual, the business manager called in a local computer forensics expert to assess the situation. The expert took an image of the individual's computer (outside of office hours) and then worked over the next day to look at the data. The results were compelling.
The expert found emails and documents that were sent to a rival company in relation to a new job offer. Subsequently the individual had begun to send information to the rival on sales, budgets and marketing plans.
A formal report on the data was asked for from the expert and this was presented to the employee who, unsurprisingly, was shocked that he had been found out and was dismissed on the spot.
On this occasion, having assessed the information that had been sent to the rival, the company decided not to take the matter any further though could have gone to court to sue for theft of company information. The company did however undertake a complete review of its systems, procedures and permissions policies to look for where improvements could be made (with the help of the computer forensics expert).
Focuses on five priorities:
• Developing a Cyberspace security response system
• Establishing a Security threat and Vulnerability reduction program
• Improving security Awareness and Training
• Securing the Government's use of cyberspace and
• Seeking International Cyberspace Security cooperation especially with respect to information sharing regarding vulnerabilities, warnings of new threats, and co-ordination of response efforts.
• Data Recovery
• Data Safety
• Ethical Hacking
• Diversified Open Source Solutions -- IPtables, Squid, Apache Web servers, Domain Migrations, Mail Server, etc..
• Cyber Laws and Indian IT Act
• Computer Forensics
• Enterprise PKI Solutions
• Network Administration
• Cryptography systems
• Social Engineering & psychology
• Access control systems & hardware
• Exploitation & Denial-of-Service
• Operating systems including Windows95/98/ME, WindowsNT, Windows2000, Windows XP, DOS, UNIX/Linux.
• Mail Servers
• Post-Graduate level Computer Science
• Network architecture & topology
• Information Technology systems
• CISA, CISSP, CCSA, CCNA, CCNP, NCQE, MCSE, MCP.
• Programming & coding
• Telecommunications, electronics & phreaking
With the aim of being a one place for all security related issues, the services offered by us are Penetration Testing, Vulnerability Assessment, Enterprise PKI Solutions, Computer Forensics, Open source solutions, Incident Response service, Anti-Virus Solutions, Security Auditing, Biometric Solutions, Wi-Fi security and Training & Consultancy. Our services are custom made and tailored to suit to the wide array of different clients such as a Government Organization or a Corporate Business environment which engage us for their security needs.
Penetration Testing (Ethical Hacking)
An in-depth, comprehensive penetration testing service that tests your systems from an external (or internal) perspective. Our Penetration Testing service employs a combination of proprietary and public domain tools that contain checks for recently released vulnerabilities and custom attacks.
Using our Security Defense Appliance, we are able to execute scans on your Internet-facing perimeter devices and your DMZ or internal networks. All scan results are made available to you via our secure, 24x7x365 web-based Client Resource Portal. The benefits of penetration testing are Simple to arrange, Fast & cost-effective, Scalable - only pay for what you use, Conducted by experienced security professionals and Unobtrusive - tested from across the Internet.
Vulnerability Assessment expands upon Penetration Testing by providing the most in-depth view of the vulnerabilities in your networks and systems through the use of more advanced manual techniques. We map out your network, just as an attacker would, to identify the areas most likely to be vulnerable. Our Vulnerability Assessment Team reviews your automated scan results to filter out false positives and to develop and perform specific manual tests for obscure and emerging vulnerabilities, which may have escaped detection via automated testing. This combination of automated and human effort ensures an optimal blend of speed and accuracy with quality results.
The basic idea behind open source is very simple: When programmers can read, redistribute, and modify the source code for a piece of software, the software evolves. People improve it, people adapt it, people fix bugs in it and this can happen at an astonishing speed.
We take a look at the Enterprise level Anti-Virus protection in place, reviews the existing configurations and protection levels, threat coverage, and compliances with baseline standards. We provide practical recommendations for cost-effective improvements & enhancements and ideas for future direction. We also take a look at clients Anti-Virus policies, review existing policy guidelines and compliance for the best antivirus protections.
Incident Response Service
Information is the most valuable asset of the modern organization. The ability to quickly respond to security incidents and follow through with an investigation can mean the difference between acceptance of a major loss and apprehension and prosecution of any intruder, with the accompanying deterrent effect. For most businesses and organizations, there is no option: apprehend and deter.
We have the latest tools, techniques and equipment to investigate and conduct for digital evidence during internal forensic audits, compliance audits, and general civil/criminal investigations involving electronic discovery requests.
Wireless networking is one of the hottest new technologies in the field of computer networks. This is also a cost effective implementation of the networks without much fuss of the cabling. In this scenario a intruder can hack into network just by sitting near an access point or he can even hack during in drive or a journey which is noting but a 'drive-by hacking'. We help you mitigate such risks by implementing the WEP and wide array of security techniques.
Training and Consultancy
We offers training for computer professionals who would like to gain an overall understanding of different issues that surround the subject of computer security and computer crime. We offer state of the art training on a host of Web Security related subjects such as Ethical Hacking, PKI, Computer Forensics, Biometric Solutions, and Steganography. These programs are designed to give an in-depth inside into various aspects of Security related to IT enabled services.
Public Key Infrastructure (PKI) is a rapidly emerging technology for conducting communications and transactions over public networks that are authorized, confidential and binding. E2 Labs helps its customers plan, select and implement certificate authorization systems and provides technical support including:
Key and certificate management for the entire environment
User account management
Maintain Web site that provides user information
Database and directory server management
Level one support
Remote systems monitoring and management.
We specialize in integration of public key technologies to support transaction confidentiality, integrity and non-repudiation, including the deployment of enterprise-wide Public Key Infrastructures.
If u have an existing security policy in place, the Security Auditing will help you to verify that its components are in use. Our team will review your policy (and develop it if needed) and then observe your organizations compliance with the policy guidelines. This is a valuable service for any client that demands adherence to defined standards. Our report will outline the audit results, explaining the reasons each area passed or failed.
Biometrics is one of the finest way of implementing physical security. Traditional methods of authentication is done by 'what you know 'and 'what you have', while biometric authentication authenticates by 'what you are' This is a science through which a person is authenticated not just by password, but by fingerprint scanners and others.