“Digital Forensics” means the use of scientific methods (identification, collection, validation, preservation, analysis, interpretation, documentation and presentation of digital evidence derived from “digital sources”) implemented to facilitate the reconstruction of unauthorized actions, harmful, or criminal events perpetrated against IT structures, PCs, mobile devices, networks or data.
Our services are applicable both in the public sphere (consultancy at courts) and in the private sphere, in cases of policy violations, data theft and access to confidential information.
The areas of analysis that Proconsul guarantees are:
- Computer Forensics
- Network Forensics
- Forensic data Analysis
- Mobile Device Forensics
Our Digital Computer Forensic Expert’s advice, will allow you to:
- analyse any windows station or mobile device;
- recover or analyse data on a “switched off” machine, using live Forensics techniques using an active machine;
- recover data or files deleted from any type of medium (data recovery) through post-mortem forensics operations.
Proconsul Group, through qualified and certified experts’ advice on the subject, guarantees the execution of operations such as:
- File Analysis (for the comparison and analysis of the source code and the security code to find copyright infringement and theft of trade secrets).
- Document Metadata Extraction (extract metadata composed of date and time from the OLE format, including the content of the text in UTC format).
- Memory Imaging (analyse the physical memory of a computer using different tools to ascertain the state of the system, extract any artifacts, and check that the image of the memory that has been created correctly and accurately reflects the system from which it was taken).
- Memory Analysis (tools for capturing and analysing the physical and virtual memory of a system).
- Network Forensics (to understand network events “before and after” a specific event).
- Logfile Analysis (to analyse the log files used to keep the log of the operating system or application activities.
- Highlight the presence of hidden partitions on your computer, or encrypted folders, and access their contents.
- Find files whose content does not correspond to its extension of use with Mismatch File Search techniques. The presence and adoption of techniques aimed at hiding files with a false name and extension will be verified, checking if the actual format of the file corresponds to its original file format.
- Perform a comparison between disk or folder signatures. Signature Comparison techniques are used to compare two previously created signatures in order to identify differences in directory structure between two points in time. Differences include new files, modified files and deleted files.
- Provide you with a complete list of all the supports that have been inserted in the analysed computer with dates or times of their last use.
- Reconstruct all the activities carried out by the user on a windows computer. Such analysis will allow you to know all the times and days of access, identify the emails sent if a local mail client has been used, identify online activities, recognise modified and / or copied files, analyse the operating system logs and offline / online programs and / or services used by the user and thus trace the flow of all available data).
- Make a “bit a bit” forensic copy of the analysed disks, via write blocker or via “mount” of linux. The forensic copy not only copies the files stored in the hard disk space marked as occupied but also all the space defined as “free space” since it could contain important and sensitive data that can be recovered for analysing. Recovering data from areas of free space is part of the process called file carving.
- Verification of image counterfeiting or image forensics to determine if one or more digital images have been counterfeited or not or if data has been hidden inside with shorthand techniques applied to digital images.