Wednesday, 21 October 2015

What is a forensic audit, and why do they require digital forensic services?

Here at DLA, some of our top clients include forensic auditors, as they require our digital forensic services for their forensic audits. But what exactly is a forensic audit and what does it mean?

Read on to explore and find out what a forensic audit is, when they are used and how they are used in court…


A forensic audit may sound like something quite exciting that you’ve probably heard on crime dramas like CSI and Law and Order, but the truth is, it is a little more boring.

A forensic audit is the process of reviewing person’s or companies financial statements to determine if they are correct and lawful. Forensic accounting is most commonly associated with tax audits, but can also be commissioned by private companies for digital forensic investigations.

So, when are forensic audits used? Forensic audits are used wherever an entity’s finances present a legal concern. For example, it is used in cased of suspected embezzlement, fraud, to investigate a spouse during divorce proceedings and so much more. This is where digital forensics comes in; our services are specifically designed to help forensic auditors in these cases.

Forensic audits are performed by a class of professionals with skills in both criminology and accounting, so they specialize in following a money trail, keeping track of fraudulent and actual balance sheets and checking for mistakes in income reports and expenditures. If they find any discrepancies, it may be the forensic auditor’s job to investigate and determine the reason for it, with the help of a digital investigator if digital evidence is needed!


How are forensic audits used in court? They are presented as evidence by a prosecutor or by a lawyer representing an interested party. Because finance is so complicated, the way a forensic auditor will describe a company’s financial position is often very precise. Because of this a prosecutor or lawyer will call an expert witness to explain the forensic audit in simpler terms in order to build a case.

Forensic audits cover a wide range of activities, and they can be a part of many different investigations, digital forensic investigations being one of them.

Wednesday, 14 October 2015

Uncover the truth about your data with cellular forensics

A few years ago, the main source of truth came from email servers. These days, work communications have elvolved and are not limited to just laptops and PCs. They have burst onto the scene with WhatsApp messages, instant messaging and mobile sharing apps.

So, where is your data going? And where is it stored?

79% of business users use SMSs or WhatsApp messaging for business communications. Those text messages can pose a significant risk.

60% of those that allowed SMSs or WhatsApp messaging had minimal or no confidence in their ability to produce messages if requested.

Outside of audits, litigation and e-discovery requests are the #1 reason digital communications data is leveraged.

Standard questions legal has for IT during discovery of data:

- Where is the backed up data stored?
- What are our retention and archival policies?
- How is the company currently backing up the data stored on laptops, PCs and mobile devices?
- Which devices (WindowsiOS, Android, Linux) are in use?
- How do we manage data belonging to ex-employees?
- How does our existing software handle and implement data privacy and confidentiality policies?
- Can we collect and preserve delete messages?
- How can I monitor messaging communications on mobile devices for adherence to regulatory mandates or internal compliance policies?

With cellular forensics, IT can:

- Give legal information about the company’s data assets
- Educate legal on all the software IT uses to manage data
- Look for opportunities for IT to identify and collect data that can facilitate repeatable collections and reduce spoilage risk.


SMSs and instant messages are increasingly an issue in investigations. But by extracting them from cellular devices can be expensive and time consuming if you don’t know what you’re doing. Contact DLA Cellular and Digital Forensics and we can follow the digital trail on your cellular or digital device to get the evidence that you need.

Wednesday, 7 October 2015

The Different phases of a Computer Forensics Investigation

Here are the following steps investigators should follow to retrieve digital evidence…


1. Secure the computer system to ensure that the equipment and data are safe. This means digital investigators must make sure that no unauthorized individual can access the computers or storage devices involved in the search.

2. Find every file on the computer system, including files that are encrypted, protected by passwords, hidden or deleted, but not yet overwritten. Digital investigators should make a copy of all the files on the system. This includes files on the computer’s hard drive or in other storage devices.

3. Recover as much deleted information as possible using applications that can detect and retrieve deleted data.

4. Reveal the contents of all hidden files with programs designed to detect the presence of hidden data.

5. Decrypt and access protected files.

6. Analyze special areas of the computer's disks, including parts that are normally inaccessible.

7. Document every step of the procedure. It's important for digital investigators to provide proof that their investigations preserved all the information on the computer system without changing or damaging it.

All these steps are incredibly important in a computer or digital forensics investigations, make sure you follow them all to ensure an effective investigation.

DLA Digital and cellular forensics can provide you with the digital evidence that you need! Let us follow the electronic trail to find and protect the evidence that you need.