Avoid Cyber-Fraud this Holiday Season

Getting your Christmas shopping done online is becoming the norm these days. Not only is it easy and convenient, but you also won’t have to deal with the horrible crowds, traffic and crazy long lines!

However, it also excites criminals who are lurking online, waiting to scam people.

DLA has put together five tips to keep you safe this holiday season:

>> know the scams

Never open links or emails from strange email addresses. It’s always best to question emails and double check if they are actually legit, such as your bank.

Stay safe online by reading up on the latest scams and avoid becoming a victim of cyber-fraud.

>> install a firewall

A firewall isn’t always 100 percent safe, but it is a much-needed layered security.  The software filters and keeps you safe from malware and downloads.

Windows offers a built-in firewall, but if you are looking for something else there are some great free firewall software suites online.

>> choose a strong password

If you use the most commonly known passwords out there – password, qwerty, 123456789 – then don’t be surprised when hackers take control.

It is best to try add numbers, capital letters, special characters and always use different passwords for different accounts.

>> check the URL

When shopping online, always check the URL of the website you’re on. Safe online sites will have a little green lock in the address bar which shows you that your personal data will be protected.

Always keep an eye out for the green padlock to ensure your safety online.

>> back up your data on a regular basis

Ransomware can be vicious and aggressive, so regular data backups should always be a part of your cyber-security strategy.

It is easier to restore your device to a previous backup, than pay an exorbitant ransom amount to unlock your data, which most of the time doesn’t even work!

Cyber-fraud is a global problem with attacks happening daily and Christmas is no exception. Identity theft, banking fraud and malware are common place in today’s digital society. Criminals seek out opportunities every day of the year to defraud you, so be vigilant this festive season and keep an eye out for any fraudulent behaviour online!

How to Keep your Smartphone Secure

Your smartphone is no different to your property or house when it comes to safety – you have to use common sense!

Here are eight easy tips on how to keep your smartphone safe and secure:

      1.       Use a password

Always set up a password, pin or pattern to be able to access your phone. For Android: go to Location & Security. For iOS: go to Settings -> Touch ID & Passcode.

      2.       Only download from trusted stores

Use places like Google Play and the App Store to download your games and apps. Also make sure to always read the ratings and reviews if they’re available.

      3.       Back up your data

Protect your information in case an attack happens by backing up your data. If your data ever gets lost, we can recover it. Contact the experts at DLA to get your data back!

      4.       Update your OS and apps

Most updates are just for new features, but sometimes they are also to up the security.

      5.       Log out!

If you do your banking or online shopping on your cellular device, always make sure to log out afterwards. Never keep your passwords and usernames on your phone and try to avoid using public Wi-Fi.

      6.       Turn off Wi-Fi and Bluetooth

You may think it’s just a way to connect to free Wi-Fi, but hackers can also use it to access your device and data.

      7.       Don’t give out personal info

That email you received that looks like it’s from your bank may be spam. If you get SMS’s or emails asking you to fill in your private info and login, always contact the business and confirm it is actually legit. 

6 Easy Steps to Keep your Data Safe

These simple steps can keep your data safe, whether it is on your work computer, personal laptop or smartphone. Malfunctions, cyber attacks and viruses can happen to anyone – if you’ve lost your precious data, we can recover it! Contact the experts at DLA today!

>> Use the right software to protect your data. Anti-malware is a must if you want to protect your computer!

>> Prevent viruses from attacking your PC and destroying your data by installing virus and spyware protection.

>> Stop viruses and malware from getting into your system by using a firewall to block dangerous programs.

>> Be wary when you receive emails from unknown sources. Never open an email attachment or clink on a link if you don’t know where the email came from.

>> Stay away from dodgy websites that might contain viruses.

>> Always keep your operating system up to date by installing any recent updates or fixes.

How a digital device becomes involved in a crime

Crimes committed using a digital device essentially employ a hi-tech method to carry out what is usually a traditional crime. Thus, crimes such as blackmail which traditionally evoke images of newspaper cuttings collaged together to create the archetypal ransom note nowadays employ computers to produce the ransom note, be it a printed document or an email.

Examples of other traditional crimes where a digital device has been applied include instant messaging, which can used to commit harassment; email, which is applied to commit fraud though 'phishing' scams; mobile phones to record assaults in what has come to be known as 'happy slapping' and then there are the peer to peer file sharing programs which have been used extensively to download and distribute pictures portraying pedophilia.

The list, it seems, is endless and so is the workload on any hi-tech crime unit to deal with such cases.

Not all crimes committed using a digital device use it as a means to an end. Hacking a computer system without authority is a crime targeted at the computer system itself. So to is a denial of service (DOS) attack on a websites or the intentionally distribution of a virus.

At DLA Digital Forensics, we combine the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to achieve the results that you require. From data recovery, recovery of chat history, digital suspect profiling and so much more - contact DLA today!

The Importance of a Strong Password

Too many people come to us in a frenzy complaining that either their data has been lost or stolen OR they simply cannot remember their password. When you don’t have a password you cant access or protect your files, on the other hand even if you do have a password you need to ensure it is 100% foolproof so you don’t end up being the victim!

DLA offers password recovery services for businesses and personal computer users, using only the latest technologies to achieve the password recovery results you need. Our forensic recovery service includes recovering passwords from zipped files, word documents, excel files and of course logon profiles on computers.

We are able to access what cannot be seen using the latest forensic technology. Using state of the art cellular forensics tools we are also able to bypass 98% of device passwords to read the device directly without needing to know the handsets logon or password. 

We can also perform cellular forensics as well as data recovery from laptops, computers, cell phones and media devices such as tablets.

Do not hesitate to contact DLA for professional and affordable services in Cape Town and the surrounding areas!

How Digital Devices are collected on a Crime Scene

As anyone who has dropped a cell phone in a lake or had their computer damaged in a move or a thunderstorm knows, digitally stored information is very sensitive and easily lost. There are general best practices, developed by organizations to properly seize devices and computers. 

Once the scene has been secured and legal authority to seize the evidence has been confirmed, devices can be collected. Any passwords, codes or PINs should be gathered from the individuals involved, if possible, and associated chargers, cables, peripherals, and manuals should be collected. 

Thumb drives, cell phones, hard drives and the like are examined using different tools and techniques, and this is most often done in a specialized laboratory.

First responders need to take special care with digital devices in addition to normal evidence collection procedures to prevent exposure to things like extreme temperatures, static electricity and moisture.

- Devices should be turned off immediately and batteries removed, if possible. Turning off the phone preserves cell tower location information and call logs, and prevents the phone from being used, which could change the data on the phone. In addition, if the device remains on, remote destruction commands could be used without the investigator’s knowledge. Some phones have an automatic timer to turn on the phone for updates, which could compromise data, so battery removal is optimal.

- If the device cannot be turned off, then it must be isolated from its cell tower by placing it in a Faraday bag or other blocking material, set to airplane mode, or the Wi-Fi, Bluetooth or other communications system must be disabled. Digital devices should be placed in antistatic packaging such as paper bags or envelopes and cardboard boxes. Plastic should be avoided as it can convey static electricity or allow a build-up of condensation or humidity.

- When sending digital devices to the laboratory, the investigator must indicate the type of information being sought, for instance phone numbers and call histories from a cell phone, emails, documents and messages from a computer, or images on a tablet.

Computers and cellular devices have had an increasing role in modern crime, let the digital forensic experts at DLA follow the electronic trail to find and protect the digital evidence that you need.

What is Ikena Forensic and what can it do for you?

Would you like to see a video more clearly? Perhaps you need to clear up a video to see a criminal’s license plate number, or maybe the face of a thief you captured?

Here at DLA, we are now an Africa Exclusive Agent for Ikena Forensic, meaning that all those valuable details that you’ve been missing will now be revealed!

Unlike all the other video clarification software out there, Ikena Forensic applies multiple advanced algorithms to fix any issues that destroy the quality of the video.

Here are several of the patented algorithms that will help you get the most out of your video...

Super Resolution – Multiple frames of video are combined to recover details and remove noise.

Deinterlacing – 2x resolution is recovered with kernel regression deinterlacing.

Light & Contract – Uncovers details that you may have missed in your video.

Stabilization – Stabilizes shaky video from the most extreme cases with multiple frame stabilization.

The difference when we use the Ikena Forensic is clear – all the critical information that you were missing before is revealed!

Take a look at the videos below...

Contact us here for more information... info@cellularforensics.co.za or 082 886 8327 / 021 551 6222

Forensic Video Enhancement Techniques

The objective of Forensic Video Enhancement is to clarify or enhance the events as they occurred. This is done using non destructive techniques to preserve the video evidence integrity, and pixel quality.

As DLA, the digital forensics experts are often asked to enhance CCTV Surveillance video recordings for court. Often times they are asked to provide video image enhancement as well for identification purposes.

A variety of video enhancement techniques can be applied in different arrangements on CCTV Surveillance video evidence. The most important ingredient to this forensic process is maintaining the highest quality of the video evidence. This yields the highest success possible throughout the investigation.

DLA will now be an Africa exclusive agent for Ikena Forensic Software. Not only does Ikena offer some of the best software programs available today, but full enhancement of your videos and images will always be possible!

Scaling/Pixel Interpolation: Re-size, or scale an image or video to a larger resolution to further identify suspects.

Sharpening: Enhances the edge contrast of an image or video.

Stabilization: This is most common today with smart phone video evidence. It reduces the amount of movement from the user that created the video evidence.

Frame Averaging: Increase the quality of the image by combining data from surrounding frames as well as a better signal to noise ratio in your images or videos.

Speed Reduction: Decrease the original playback of video evidence to view the events as they occurred in more detail. 

If you have a video that you question or need help understanding, please give DLA a call!

Take a look at the Ikena software at work:

http://cellularforensics.co.za/component/allvideoshare/video/01-enhancing-security-camera-video-evidence-of-a-license-plate

How to Extract Clear Facts from Bad Video

There are hundreds of programs out there claiming to be able to improve video quality, but most don't have the magic answer to your situation.

Limited time and budgets prevent the application of the best software solution. To address this, DLA Digital Forensics has become an Africa exclusive agent for Ikena Forensic Software.

The Ikena Software gives digital forensic experts the tools to enhance videos from anything, including security cameras, mobile phones and body cams. Your video can be enhanced to allow you to see important details, like the face of a criminal or the license plate of a getaway vehicle.

Do you want to see how the Ikena Forensic Software works? Take a look at the video below...

This powerful forensic tool delivers clear evidence and a greater understanding of how and why each process works.  The digital forensic experts at DLA can optimize and automate nearly every step, thus reducing working time, eliminating judgment-based errors, and ensuring an accurate reproducible set of facts.  That is what the industry is all about!

Video Enhancement: What is and is not possible

Digital forensic and video enhancement specialists are asked on a regular basis to enhance images that have been recorded.

One of the goals of video enhancement, in some cases, is to be able to see persons faces better than they are when viewing the video under normal circumstances. Other times they are asked to enlarge and clarify a video in order to identify, for instance, the license plate on a car that is alleged to be involved in criminal activity.

With video enhancement, forensic experts can only do so much. In a lot of cases, the video that has been exported from the surveillance system is small and when enlarged, or zoomed in on the objects of interest they become very blurry and distorted.

BUT, we are proud to announce that our forensic experts at DLA will now be an Africa exclusive agent for Ikena Forensic Software! Not only does Ikena offer some of the best software programs available today, they also insist that full enhancement of your videos and images will always be possible!

Now you no longer have to stress about not having the highest possible quality surveillance system and video – Take a look below to see Ikena video enhancement in action...

Digital Evidence – How It’s Done

Computer documents, emails, text and instant messages, transactions, images and Internet histories are examples of information that can be gathered from electronic devices and used very effectively as evidence. 

For example, mobile devices use online-based based backup systems, also known as the “cloud”, that provide forensic investigators with access to text / messaging app messages and pictures taken from a particular phone. These systems keep an average of 1,000–1,500 or more of the last text messages sent to and received from that phone.

In addition, many mobile devices store information about the locations where the device travelled and when it was there. To gain this knowledge, investigators can access an average of the last 200 cell locations accessed by a mobile device. Satellite navigation systems and satellite radios in cars can provide similar information. Even photos posted to social media such as Facebook or Instagram may contain location information. 

Photos taken with a Global Positioning System (GPS)-enabled device contain file data that shows when and exactly where a photo was taken. 

Investigators can collect a great deal of history related to a device and the person using it!

DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to achieve the results that you require.

Your deleted WhatsApp messages might not be as 'deleted' as you thought

Sometimes, the delete option is your best friend.

WhatsApp brought you the two-tick (so you can’t hide the fact that you’ve received a message) and then the blue ticks (so you can’t hide the fact that you’ve read a message).

In April - despite much controversy following the San Bernadino attack, in which the FBI had paid almost £1 million to unlock the iPhone used by one of the shooters - WhatsApp went ahead with end-to-end encryption.

This means that while you can’t hide your ghosting antics from the person in question, you can hide your messages from third parties.

But according to a new blog post, an iOS device might actually still store your "deleted" messages.

The data works similarly to your laptop’s hard drive: you might be able to delete the WhatsApp messages, but deleting it doesn't overwrite the data, which means it can still be retrieved.

When you backup your iPhone with iCloud the data gets copied to a less secure forum.

While the information can’t necessarily be accessed by a third party, it is still stored locally on your device which means that the only real way to get rid of it is by deleting the app.

Even then, the police can still potentially access it.

Law enforcement can potentially issue a warrant with Apple to obtain your deleted WhatsApp chat logs, which may include deleted messages.

Basically, the delete option may not be that great friend after all.

DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to achieve the results that you require.

What Exactly is Computer Forensics?

The field of computer forensics has grown to become a science in itself. Computer forensics is also known as cyber forensics. It involves applying computer investigation and analysis techniques to solve a crime and provide evidence to support a case. Investigators often use proprietary forensic applications and software programs to examine computer hard drives, extract certain types of data from files and folders, and also to recover information from encrypted files. This digital information must be organized and documented into an official report form to be presented in a court of law.

Computer Forensics Defined

The computer forensics definition can be broken down into several technical aspects of the actual science of computer forensics. The general definition of computer forensics is the processes and investigative methods used to find digital evidence and prepare it for legal proceedings. The more in-depth definition includes the preservation of media and data, identification of computer-related evidence, extraction of the data and interpretation. Interpretation is perhaps the most important element of the computer forensics definition because this is where forensics experts must draw conclusions from a formal forensic analysis.

Throughout the process of data gathering and interpretation, the computer forensics specialist must document everything in a structured fashion. They must report exactly what types of investigations were performed and document all of the steps taken to retrieve various files, folders and data. The courts can then apply various types of methodology and testimonies in order to determine whether evidence presented can actually be used in the legal proceedings. This is why computer forensics specialists must learn about the different legal processes involved in an investigation and make sure that there is always a high level of integrity of evidence.

Why the Computer Forensics Definition Can Change

It's important to recognize that there are two main types of computer forensics investigations so the computer forensics definition can change. The first involves investigations where a computer or digital technologies were used to perform the crime (cybercrime). The second is when a computer is used as the target of a crime, such as when a hacker retrieves sensitive information or someone has their identity stolen online. In both of these situations, the computer forensics definition may change slightly because the investigator uses different techniques and methodologies to solve the crime.

The digital forensic experts from DLA use their knowledge of investigation and forensic software to find and reveal the computer or mobile forensic evidence that your require.

Straight Talk About Cyberstalking

Cyberstalking includes (repeatedly) sending threats or false accusations via email or mobile phone, making threatening or false posts on websites, stealing a person’s identity or data or spying and monitoring a person’s computer and internet use. Sometimes the threats can escalate into physical spaces.

There are just as many predators on the internet as there are in real life. Anyone can be stalked online but the majority of victims as in life offline are female. Stalking estimates show that 80% of stalking victims are women.

And the perpetrators are not just strangers. They can also be former, estranged or current partners, boyfriends or husbands. Domestic violence victims are one of the most vulnerable groups to traditional stalking so it’s no surprise they are vulnerable to cyberstalking as well.

As in other types of violence against women, cyberstalking is about power relations, intimidation and establishing control. If you are being stalked, know first and foremost that you did NOT “provoke” this harassment.

How can I prevent someone from stalking me online?

- Be careful what personal information you share online including in email, on social networking sites like Facebook, Twitter, Instagram, etc. It is very easy to glean information about where you live, the places you love to go to in your area and the people you care about from posts and pictures.

- Create a different email account for registering in social networking sites and other online spaces. It will help avoid spam and your personal email won´t be revealed if the online service doesn’t have a good privacy practice.

- Do not feel obligated to fill out all fields when registering online or provide identifying information such as birthdates and place in required fields.

- In your online user profile, use a photo that doesn’t identify you or your location, so you can’t be recognised.

- Consider using a name that is not your real name or a nickname as your email name, screen name or user ID. And try not to use common dates such as your birthday as the digits in your email name or password. Instead, pick a name that is gender- and age-neutral. Treat your email and/or internet account like you would your credit card, ID or passport number – very carefully.

- If you are breaking up with an intimate partner – especially if they are abusive, troubled, angry or difficult – reset every single password on all of your accounts, from email and social networking accounts to bank accounts, to something they cannot guess.

- Services such as Facebook change their privacy policy all the time, so it is a good idea to check your privacy settings to make sure you are sharing the information you want to share with people you trust and not the general internet public. Some sites have options for you to test how your profile is being viewed by others – test and make sure you only reveal what is absolutely necessary.

- What information are family and friends posting about you? Let them know your concerns about privacy and help them learn better privacy settings.

- Do an internet search of your name regularly and monitor where you appear online. If you find unauthorised info about yourself online, contact the website moderator to request its removal.

- Make sure that your internet service provider (ISP), cell phone service, instant messenger (called internet relay chat, or IRC in some terms of service) network and other services you use has an acceptable privacy policy that prohibits cyberstalking. If they have none, suggest they create one and/or switch to a provider that is more responsive to user privacy concerns and complaints.

Digital forensics takes much more than an average knowledge of all things digital, it requires a thorough understanding of investigative process, the law of evidence and of naturally the appropriate background to criminal and civil investigations.

Contact DLA today and let us follow the digital trail to find the evidence you need!

When should you consider using computer forensics?

If any form of digital information is even remotely involved in a case or legal situation, a computer forensic examination will be required. Digital information has invaded virtually every aspect of our day-to-day existence, having become a basic component of our lives, from computers, to smartphones, to social networking, digital information plays a crucial role in almost every case.

Computer forensics differs from data recovery, which is, recovery of data after an event affecting the physical data, such as a hard drive crash. Computer forensics goes much further. Computer forensics is a complete computer examination with intricate analysis of digital information being the ultimate goal.

For a successful forensics examination, you must have all the information relevant to a matter, not only to construct effective legal strategies, but also to focus your expectations and efficiently budget your services. There is nothing more difficult to address than a case which has become complicated by new facts, where you once expected the matter to proceed smoothly and without significant cost. Knowing all the facts early in a matter, allows you to better prepare for those cases that will require significant legal expertise to manage.

In response to pending litigation, analysing your relevant ESI is an excellent way to discharge your duties to preserve evidence and avoid spoliation, while also acquiring all relevant information essential to your legal theories and strategies. Similarly, as part of critical business decisions, forensically analysing relevant computers and devices can provide essential information. For example, analysing the computers of corporate officers or employees as part of the termination process can alert you to possible litigation issues such as violation of non-compete agreements, improper copying of intellectual property, etc.

To prepare for litigation, an attorney ought to determine whether a Request for Production of Documents will obtain all relevant evidence. A simple question to ask is whether you want to discover part of the relevant information (i.e. visible by your opponent’s operating system) or all of it (deleted, hidden, orphaned data, etc). It is not unrealistic to anticipate that information contained on a computer system which is helpful to a matter would be saved, while that which is harmful would be deleted, hidden, or rendered invisible. For example, in sexual harassment cases, it is not unusual to discover deleted emails and other data invisible to the operating system that significantly impacts the case. Computer forensic analysis extracts all the emails, memos, and other data that can be viewed with the operating system, as well as all invisible data. In many cases, the invisible data completely changes the nature of a claim or defense, often leading to early settlement and avoiding surprises during litigation.

In any situation in which one or more computers may have been used in an inappropriate manner, it is essential to call a forensic expert. Only a computer forensic analyst will be able to preserve, extract, and analyze the vital data that records the “tracks” left behind by inappropriate use. Taking the wrong steps in these circumstances can irrevocably destroy the vestiges of wrongful use that may result in litigation or criminal prosecution.

Digital, computer and mobile forensics requires much more than what you may think. At DLA, our seasoned investigators use a special set of skills and tools to recover or find the digital data that you need!

How Computer Forensics Works - Standards of Evidence

If the investigators believe the computer system is only acting as a storage device, they usually aren't allowed to seize the hardware itself. This limits any evidence investigation to the field. On the other hand, if the investigators believe the hardware itself is evidence, they can seize the hardware and bring it to another location. For example, if the computer is stolen property, then the investigators could seize the hardware.

In order to use evidence from a computer system in court, the prosecution must authenticate the evidence. That is, the prosecution must be able to prove that the information presented as evidence came from the suspect's computer and that it remains unaltered.

Although it's generally acknowledged that tampering with computer data is both possible and relatively simple to do, the courts so far haven't discounted computer evidence completely. Rather, the courts require proof or evidence of tampering before dismissing computer evidence.

Another consideration the courts take into account with computer evidence is hearsay. Hearsay is a term referring to statements made outside of a court of law. In most cases, courts can't allow hearsay as evidence. The courts have determined that information on a computer does not constitute hearsay in most cases, and is therefore admissible.

If the computer records include human-generated statements like e-mail messages, the court must determine if the statements can be considered trustworthy before allowing them as evidence. Courts determine this on a case-by-case basis.

DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to follow the electronic trail and find the digital evidence you need!

How Computer Forensics Works - Phases of a Computer Forensics Investigation

The experts at DLA listed the following steps every digital forensic investigators should follow to retrieve digital evidence:

1. Secure the computer system to ensure that the equipment and data are safe. This means the detectives must make sure that no unauthorized individual can access the computers or storage devices involved in the search. If the computer system connects to the Internet, detectives must sever the connection.

2. Find every file on the computer system, including files that are encrypted, protected by passwords, hidden or deleted, but not yet overwritten. Investigators should make a copy of all the files on the system. This includes files on the computer's hard drive or in other storage devices. Since accessing a file can alter it, it's important that investigators only work from copies of files while searching for evidence. The original system should remain preserved and intact.

3. Recover as much deleted information as possible using applications that can detect and retrieve deleted data.

4. Reveal the contents of all hidden files with programs designed to detect the presence of hidden data.

5. Decrypt and access protected files.

6. Analyse special areas of the computer's disks, including parts that are normally inaccessible. (In computer terms, unused space on a computer's drive is called unallocated space. That space could contain files or parts of files that are relevant to the case.)

7. Document every step of the procedure. It's important for detectives to provide proof that their investigations preserved all the information on the computer system without changing or damaging it. Years can pass between an investigation and a trial, and without proper documentation, evidence may not be admissible.

8. Be prepared to testify in court as an expert witness in computer forensics. Even when an investigation is complete, the detectives' job may not be done.

All of these steps are important, but the first step is critical. If investigators can't prove that they secured the computer system, the evidence they find may not be admissible. It's also a big job. In the early days of computing, the system might have included a PC and a few floppy disks. Today, it could include multiple computers, disks, thumb drives, external drives, peripherals and Web servers.

Computer Forensics Basics – How it works

The purpose of computer forensics techniques is to search, preserve and analyze information on computer systems to find potential evidence. Many of the techniques detectives use in crime scene investigations have digital counterparts, but there are also some unique aspects to computer investigations.

For example, just opening a computer file changes the file -- the computer records the time and date it was accessed on the file itself. If detectives seize a computer and then start opening files, there's no way to tell for sure that they didn't change anything. Lawyers can contest the validity of the evidence when the case goes to court.

Some people say that using digital information as evidence is a bad idea. If it's easy to change computer data, how can it be used as reliable evidence? Many countries allow computer evidence in trials, but that could change if digital evidence proves untrustworthy in future cases.

Computers are getting more powerful, so the field of computer forensics must constantly evolve. In the early days of computers, it was possible for a single detective to sort through files because storage capacity was so low. Today, with hard drives capable of holding gigabytes and even terabytes of data, that's a daunting task. Detectives must discover new ways to search for evidence without dedicating too many resources to the process.

What are the basics of computer forensics? What can investigators look for, and where do they look? Find out when the digital forensic experts from DLA discuss the steps in collecting evidence from a computer?

Four ways to protect your PC data

A modern PC leads a kind of dual life. On the one hand, it serves as an entertainment centre, offering access to games, online videos, and the entire Internet. On the other hand, it acts as a tool for collecting, creating, and storing important information of all kinds.

If your computer is lost, broken, or stolen, switching to a new one has little effect on the entertainment side. But unless you've properly protected the personal data on that system, a theft or loss could become a data disaster.

The digital forensic experts at DLA use state-of-the-art techniques and software to recover your precious data, whether it was accidentally deleted or even stolen.

But, how can you head off such a disaster? Here are some hot ideas:

1. Hide Your Valuables
If a burglar breaks into your house, will she find your valuables lying around in plain sight? Or have you hidden them away safely? By the same token, even though your security suite or antivirus really should fend off data-stealing Trojans, protecting your personal data on the chance one might get through is just common sense. Having your data locked down will also help if that burglar makes off with your laptop.

2. Skip the Recycle Bin
When you need to dispose of papers that contain private information, you don't toss them in the recycling bin with the newspapers. Rather, you put them through the shredder. When deleting sensitive files, you should likewise avoid Windows's Recycle Bin.

3. Encrypt It!
A data-stealing Trojan will grab what it can get easily. Unless you're the target of a personally directed hack attack, you can figure that even simple encryption will defeat the Trojan. Got a sensitive file you need to keep, rather than shred? At the very least, copy it into an encrypted ZIP file and then shred the original.

4. Keep It Offsite
PCs break down, laptops get stolen, files get lost. A backup copy is the ultimate security for your data, but if you keep the backup with the computer a single disaster can take out both at once. A hosted online backup service encrypts your data and keeps it in a safe location far, far away.

Unless your PC functions as nothing but an entertainment centre, its loss or theft will have an impact far beyond the cost of a replacement. By taking steps to protect the important data on the PC you can keep that impact to a minimum.

Hide personal data, securely delete outdated sensitive files, and encrypt sensitive files that you're still using. That will keep a thief from stealing both your PC and your identity. Maintaining an offsite backup copy will ensure you don't lose access to the data files you really need to keep. A little effort now can save a huge headache later.

How to protect the private data on your phone

Your mobile phone carries all sorts of details that could damage you in the wrong hands. Here's how you can protect it from prying eyes.

• Register your IMEI number

The International Mobile Equipment Identity is used by police to trace a lost phone. Network providers use it to block a stolen phone. It's usually found under the battery, or via the phone's settings. Register it at a site such as immobilise.com.

• Remotely wipe all data

If you have lost your phone, you can clear the data before thieves download it. Android devices can use Google Sync along with Google Apps Device Policy to clear data remotely. Have you cleared your data and you want to get it back? Contact the digital experts at DLA and you can get your precious data back quickly and easily!

• Get antivirus protection

Now is the time to protect against malware and viruses, particularly on Android phones. There are subtle ways for developers and fraudsters to get to your data. Most computer antivirus-software companies provide apps to keep out malware and viruses that grab data.

• Download a phone-Finder app

Most smartphones now have GPS tracking -- which you can use to locate a lost phone. Apple's Find My iPhone app has been free since the introduction of iOS 4.2. Android users should try Theft Aware.

The 5 cyber-attacks you're most likely to face

The fact is most companies face the same threats and should be doing their utmost to counteract those risks. However at some point you may lose your precious data to a vicious cyber-attack, if you’re ever in this position, contact the experts at DLA for assistance!

Here are the five most common successful cyber-attacks.

Cyber-attack No. 1: Socially engineered Trojans

This is the No. 1 method of attack. Usually, a website will tell users they are infected by viruses and need to run fake antivirus software. Also, they're nearly out of free disk space and need a fake disk defragger. Finally, they must install an otherwise unnecessary program, often a fake Adobe Reader or an equally well-known program. The user executes the malware, clicking past browser warnings that the program could possibly be harmful. Voilà, exploit accomplished!

Cyber-attack No. 2: Unpatched software

Coming in a distant second is software with known, but unpatched exploits. The most common unpatched and exploited programs are Java, Adobe Reader, and Adobe Flash.

The best countermeasure is to stop what you’re doing right now and make sure your patching is perfect!

Cyber-attack No. 3: Phishing attacks

About 70% of emails are spam. Even though there are anti-spam vendors, you will probably receive several spam emails each day, and a least a few of them each week are darned good phishing replicas of legitimate emails.

Cyber-attack No. 4: Network-traveling worms

Computer viruses aren't much of a threat anymore, but their network-traveling worm cousins are. We don't see the massive outbreaks of the past with email attachment worms, but the network-traveling variety is able to hide far better than its email relatives.

Cyber-attack No. 5: Advanced persistent threats

APTs usually gain a foothold using socially engineered Trojans or phishing attacks.

A very popular method is for APT attackers to send a very specific phishing campaign -- known as spearphishing -- to multiple employee email addresses. The phishing email contains a Trojan attachment, which at least one employee is tricked into running. After the initial execution and first computer takeover, APT attackers can compromise an entire enterprise in a matter of hours. It's easy to accomplish, but a royal pain to clean up.

Never forget the victim (and their device)!

Regardless if your case involves computers, tablets, iPhones, Android devices or all of the above, one thing the investigative community can agree on is, every case is different.  

Sure, certain cases will follow a workflow pattern, but the circumstances of every case, the suspects/targets, investigators and victims all take on different faces, which can alter your approach to conducting digital forensic analysis in the case slightly or dramatically.  We’ve all seen a surge in criminal (and civil) cases involving smart phones and other mobile devices and with that comes the mountain of evidence that is contained on a those powerful pocket computers that can store up to 128 GB of data (or more).

But consider this: You may only be getting half of the story if the only device you seize and analyze is that belonging to the target of your investigation.

The digital forensic experts at DLA encourage anyone who needs data, SMS, WhatsApp, password recovery, and so much more, to contact them today!  

• Case Application 

The best case example we can use to illustrate this point is the investigation of a rape allegation.  Rape doesn’t happen in a bubble, it takes two people (or more) for a rape to occur.  And virtually everyone involved in these incidents owns & uses a smart phone on a daily basis.  Frequently, rape occurs when the alleged perpetrator knows the victim, either in some sort of early-stage relationship, a family friend, relative, etc.  Because experienced investigators know this to be true and many reports will validate this, it is your investigative responsibility to prove or disprove the claim.  In order to help do that, you need to seize not only the target’s phone data, but also the alleged victim’s phone data – all as soon as possible.

The best (and sometimes worst) thing about mobile device forensics is, once the data is extracted, it belongs to the digital forensic examiners. It is a digital snapshot of whatever was present on the device at the time the extraction took place and, depending on the device, may also give us access to deleted information.  So in the interest of conducting a thorough investigation, I put forth that when an alleged rape victim makes the report, investigators should make it a regular and common practice to ask for consent to perform a data extraction on his/her phone.  It is simply the easiest way to get a 360-degree view of the case.

• A More Holistic View of the Data

Consider also what happens in the mind of the target after they know they may have committed a crime.  Text and chat messages are deleted.  Pictures of the alleged victim get erased from the device.  They may even dispose of the device altogether and replace it with a new, fresh phone that has virtually no useful evidence contained on it.  

Wouldn’t it be nice if the other side of those conversations still existed on another device?  What’s more, by grabbing the data from the alleged victim’s phone, you work toward a more complete investigation of the allegation.  It is an unfortunate reality that there are often false reports of serious crimes.  This certainly doesn’t mean that we automatically assume the victim may be lying, but it is our responsibility to fully investigate the case to determine what actually happened.  Victims and eye witnesses are notoriously unreliable for different reasons.  When victims are subjected to trauma, their accurate recollection of the incident can suffer to a degree, so that puts even more oneness on the investigator to try and piece the puzzle together.

The best part about the data is it doesn’t lie.  It has a perfect memory and it’s all documented, complete with date and time stamps, GPS coordinates, network activity and other great pieces of evidence that are very hard to spoof or fake, if not nearly impossible for most mobile device users. 

Never forget there is always more than one person involved in the investigation. Grabbing the alleged victim’s cell phone data in this circumstance could mean the difference between an innocent person being convicted of a serious crime or being exonerated fully.  When all the facts have been completely uncovered, the truth must remain and will have to hold up in a court of law. 

The Anatomy of a Mobile Attack

A mobile attack can involve the device layer, the network layer, the data centre, or a combination of these. Inherent platform vulnerabilities and social engineering continue to pose major opportunities for cyber thieves and thus significant challenges for those looking protect user data.

If you’ve been the victim of a mobile attack, don’t hesitate – contact the digital forensic experts at DLA and we can help you recover your precious cellular data quickly and effectively.

ATTACK SURFACE: DEVICE

Browser

- Phishing
- Framing
- Clickjacking
- Man-in-the-middle
- Buffer Overflow
- Data Caching

System

- No Passcode / Weak Passcode
- iOS Jailbreaking
- Android Rooting
- OS Data Caching
- Passwords & Data Accessible
- Carrier-Loaded Software
- No Encryption / Weak Encryption
- User-Initiated Code

Phone / SMS

- Baseband Attacks
- SMishing

Apps

- Sensitive Data Storage
- No Encryption / Weak Encryption
- Improper SSL Validation
- Config Manipulation
- Dynamic Runtime Injection
- Unintended Permissions
- Escalated Privileges

Malware

ATTACK SURFACE: NETWORK

- Wi-Fi (No Encryption / Weak Encryption)
- Rogue Access Point
- Packet Sniffing
- Man-In-The-Middle (MITM)
- Session Hijacking
- DNS Poisoning
- SSL Strip
- Fake SSL Certificate

ATTACK SURFACE: DATA CENTRE

Web Server

- Platform Vulnerabilities
- Server Misconfiguration
- Cross-site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Weak Input Validation
- Brute Force Attacks

Database

- SQL Injection
- Privilege Escalation
- Data Dumping
- OS Command Execution

The Profile of a Cyber Criminal

The original cyber criminal is typically seen as a smart, lonely deviant – a teenage or adult male who’s long on computer smarts, but short on social skills. But like most stereotypes, it doesn’t begin to tell the whole story.

The digital forensic experts at DLA have provided interesting facts and statistics to identify the exact profile of a cyber criminal.

- Every day over 105 million worldwide are victims to cyber crime.

- 65% global internet users have been victims of cyber crime.

So, who exactly are these cyber criminals?

Ageless Society

• 50+ years old – 11%
• 35+ years old – 43%
• Under 25 years old – 29%
• 14 - 18 years old – 8%

Gender

• Male – 76%

Work in Packs

Cyber criminals work in groups as part of larger organisations…

• 25% active cyber criminal groups have operated for 6 months or less
• 50% cyber criminals groups have 6 or more members

Located in

• North & South America – 19% of global attack traffic
• Europe – 28% of global attack traffic
• APAC – More than 49% of global attack traffic
• Indonesia – Highest in APAC with 14%

Highly Organised

• Full-fledged businesses with execs, middle managers and workers.
• Underground chat rooms, web portals + market places for hiring hackers, buying malware + other illegal information are supporting these “businesses”.
• Invitation-only, help wanted portals specifically for cyber criminals, most originating from Russia.
• Hosting providers are key to success of cybercriminals who need servers to store illegal code, malware + stolen data, most of these providers are in Russia and China.

FIGHT BACK!

Always

• If buying merchandise or making a payment online, make sure it is a reputable, secure source.
• Track your online credit transactions often for fraudulent activity
• Shred, don’t throw away any bank or credit card statements

Caution

• Be wary of providing credit card information through email.
• Be cautious when dealing with individuals from outside your country.
• Be cautious when money is required up front for any job lead.

Never

• Never provide unknown prospective employers with your social security number.
• Never give your credit card number out over the phone unless you made the call to the known business.
• Never open or respond to spam emails.

We can’t stop cyber criminals from attempting their crimes, but we can stop them from getting our identities and precious information online.

When the Trill of a Cell phone Brings the Clang of Prison Doors

It was a crucial moment in 2007 during the trial of Paul Cortez, an actor and yoga teacher who was ultimately convicted of killing his former girlfriend Catherine Woods, a dancer who was working as a stripper.

After weeks of testimony and a parade of witnesses, the case against Mr. Cortez boiled down to this: a bloody fingerprint and data collected from a cell phone.

A record from a T-Mobile cell phone transmission tower on the day Ms. Woods was murdered showed that Mr. Cortez called her 13 times in the hour and a half before her death, and then never again. He had told the police in a written statement that he made the calls from his home.

But as he called, the record showed his cell signal hitting a tower near his apartment, and gradually shifting to towers near Ms. Woods’s apartment. At trial, when the prosecutor questioned him about the discrepancy, Mr. Cortez changed course, saying he had made some of the calls from a Starbucks.

Examining cell phone data is a technique that has moved from being a masterful surprise in trials to being a standard tool in the investigative arsenal of the police and prosecutors, with records routinely provided by cell phone companies in response to subpoenas. 

Its use in prosecutions is often challenged, for privacy reasons and for technical reasons, especially when the data comes during the morning or evening rush, when circuits are crowded and calls can be redirected to other towers. But it is often allowed and is used by both prosecutors and defence attorneys to buttress their cases.

DLA combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies for the best results.

We may never know how the FBI unlocked the shooter’s iPhone

We know now that the FBI was able to gain access to an iPhone 5C belonging to the San Bernardino shooter thanks to an outside security firm. What we don’t know is how it was done or even who did it. We may never know, thanks to the nature of the agreement between the FBI and the unnamed firm.

The government has what is known as the Vulnerabilities Equities Process, which is used to evaluate whether security flaws known by the government should be disclosed so they can be fixed. In this case, the exploit used to bypass the PIN lock on the shooter’s iPhone 5C is considered proprietary information by the company. Meaning, it’s not a publicly available exploit. It was either discovered by the firm, or more likely purchased from whoever uncovered it in the first place.

Having exclusive knowledge of an exploit allows a company to build a tool for bypassing security features, a hot commodity in law enforcement. These undisclosed exploits can sell for thousands, or even millions of dollars. For its part, the FBI probably couldn’t disclose the specifics of the hack even if it was permitted — it doesn’t know anything about the process.

Apple has said it would be interested in fixing the exploit, but it’s unlikely it affects newer iOS devices with hardware security features. The FBI isn’t likely to do Apple any favors even if it did have specifics. After getting a court order compelling Apple to assist with unlocking the phone, the company decided to fight it out in the courts. Virtually all tech firms rallied behind Apple, and the FBI eventually dropped the case and sought outside help. And the end result?Nothing significant has been found on the iPhone.

Digital and cellular forensics is much more than you may think. It requires a thorough understanding of investigative process, the law of evidence and of naturally the appropriate background to criminal and civil investigations. The forensic experts at DLA will follow the electronic trail to find the evidence that you need.