Computer And network forensics

EWA-Canada provides forensic computer acquisition, examination and analysis services covering a broad range of areas, including:

  • Intellectual Property theft;
  • unauthorised access to information;
  • Inappropriate Use of computing resources;
  • criminal investigation support;
  • Electronic Document Discovery (eDiscovery) in support of civil and criminal litigation;
  • Advanced Persistent Threat (APT) and Malware infection analysis;

 EWA-Canada's forensic examiners have the depth of experience and extensive training in Computer Forensics that is required to ensure accurate and complete analysis of events.  Our examiners also have strong backgrounds in computer security areas such as intrusion detection and analysis, vulnerability assessments and penetration testing.  These skills greatly assist our examiners in detecting and correctly interpreting the forensic artifacts that result from malicious user activities, malware infections and APT.  EWA-Canada’s forensic investigations have been proven to withstand legal evidentiary requirements and EWA-Canada forensic investigators have been successfully employed as expert witnesses.

 

Computer Forensics

Successful forensic computer examination requires the use of reliable tools that can demonstrate a history of accuracy and reliability.  The complexity of the computer metadata that can provide evidence relevant to an investigation can easily be misinterpreted and significant data can be missed.  EWA-Canada uses a diverse set of industry accepted tools that have received extensive peer review in order to ensure the accuracy of retrieved evidence.  Whenever possible multiple tools are employed to provide assurance of complete and accurate data discovery and analysis.

 

Forensic examinations typically involve the collection and analysis of data from computer media such as hard drives, SSDs, USB sticks, and optical disks.  Careful attention is paid to maintaining the "Chain of Evidence" when handling client hardware such as computers and hard drives.  The data contained on these devices is captured in a forensically sound manner using purpose-built hardware that ensures the preservation of the original media.  A written record is made of all activities involving the devices and access to these devices is strictly controlled.

 

Where possible live computer memory is captured, or retrieved from hibernation files.  Analysis of computer memory provides a wealth of information that may be otherwise unavailable.  Lists of programs that are or were running, active and inactive network connections, IP addresses, running malware, open files, passwords, encryption keys, and transient metadata are among the many artifacts that may be retrieved from system memory.

 

Network Forensics

In addition to computer media and memory analysis, network traffic analysis can be helpful, particularly when responding to malware and APT incidents.  EWA-Canada has an extensive background in conducting network forensic examinations. On a daily basis, we collect, review, analyze and categorize malicious network traffic and security log files as part of our managed security services. EWA-Canada uses these same trained individuals and techniques to perform network forensic investigations.

Please Contact Us for further information.

 

Please Contact Us for further information.