All you need to know about Digital Forensics and Information Security

Before we get into the differences between digital forensics and information security, let’s stop and take a look at how they are alike.

Both digital forensics and information security are aimed at protecting your digital data, goods and valuables as well as digital resources. People who are involved in digital forensics or information security can work in a range of industries, including private businesses and organisations. Why can people in the digital forensics and information security work in so many different industries?  Because, companies know that as the world becomes more digitally dependant so does the need to keep their technology and systems properly secured. Digital forensics and information security specialists are becoming more and more popular as the demand for their skillset grows.

But, just because digital forensics and information security are both focused on digital goods and resources doesn’t mean the two are both closely associated with each other doesn’t mean they are the same.

It is best to think of digital forensics and information security as two different sides of the same thing, so the services and work that is done is very much the same, but it does have differences.

So what is the difference between digital forensics and information security? To put it into simple terms that everyone can understand, information security is about preventing and protecting against online and digital threats. On the other hand digital forensics is about the response that comes after.

Let’s look at it like this – information security is the team that executes and supports the information security system with the aim being to protect individuals and businesses against cyber threats. If information security fails to protect the users and the systems are broken, then this is where the digital forensics experts come into the picture – they will put their skills to use by singling out the threat, understanding it and trying to recover all the data that was lost and/or stolen.

At TCG Digital Forensics, we offer all our clients clean, professional and affordable digital forensics services as well as information security – all supplied by our team of skilled digital forensics experts. Do not hesitate to contact us to discuss your requirements; simply give us a call on 021 110 0422 or email contact@tcgforensics.co.za

How to protect yourself against SMS Phishing Attacks (SMiShing)

Everyday scammers are coming up with new ways to target people and trick them into parting with their money. Nothing digital is safe anymore – social media networks, emails and now even SMSs.

SMS phishing, otherwise known as SMiShing, are phishing scams that are sent out on SMSs!

Here are some helpful tips on how to spot a SMiShing scam SMS…

Always double check SMSs from your bank. If your bank does send you SMSs, then be sure to find out what number they use so if you receive an SMS you can compare it and find out if it’s legitimate. If you do now know the number, call your bank’s customer service number just to be sure.

Be wary of suspicious-looking numbers & links. Scammers are likely to mask their identities so they will use a variety and different phone numbers as well as unusual links in SMS scams – if you receive any SMSs from strange numbers that you do not recognise always double check with whoever sent it and NEVER link on a link you do not recognise.

Report threats. Should you ever receive regular SMS scams, any threatening or potentially dangerous SMSs always report it to the local authorities, cybercrime centre/website or get in touch with a professional digital or mobile forensics expert from www.tcgforensics.co.za in South Africa – call 021 110 0422 or email contact@tcgforensics.co.za

Always stay vigilant and be aware of the common techniques that SMS scammers use when they’re SMiShing – this will go a long way when it comes to keeping yourself and your money safe!

Cellular Forensics and Radar Analysis help find Plane Crash Site in Record Time!

Did you know that involving experts in the cell phone and radar analysis fields can not only save time in finding a crash site, but also save lives! By using cellular forensics and radar analysis, the search area is made smaller and urgent matters, such as saving the lives of those who were involved in the crash, can be resolved.

On the 19^th of November 2019 in North Dakota, a Medevac plane was reported missing. By using the power of cellular forensics as well as radar analysis, the Civil Air Patrol’s National Radar Analysis Team and the National Cell Phone Forensics played a massive part in saving the day. These two teams were able to aid the rescue team in finding the terrible plane crash site.

So how did the two teams manage to identify the precise spot where the plane went down? Well, using cellular data forensics and partnering with the power or radar data forensics, they prepared a detailed map showing where the plane crash was located. After they supplied the map to the CAP’s North Dakota Wing, state and local authorities, they were able to then discover the passengers who were all fatally injured.

Details from the cellular forensics data and the radar analysis show that the plane may have been destroyed while it was still in the air; however nothing has been confirmed yet.

The cellular devices of the three deceased plane passengers were used by the cellular forensics experts to detect, to the meter, exactly where the plane had gone down.

Although the outcome of the search was not what the cellular forensics team, the radar analysis team and the authorities had hope for, it is amazing to see that when these two teams joined together they were able to give detailed information on exactly where the plane crash site was – all in record time!

At TCG Digital Forensics we offer reliable and affordable cellular forensic analysis services in Cape Town as well as Johannesburg - do not hesitate to contact us today on 021 110 0422 | 087 001 0523 or email contact@tcgforensics.co.za

Digital Evidence – How It’s Done

Computer documents, emails, text and instant messages, transactions, images and Internet histories are examples of information that can be gathered from electronic devices and used very effectively as evidence. 

For example, mobile devices use online-based based backup systems, also known as the “cloud”, that provide forensic investigators with access to text / messaging app messages and pictures taken from a particular phone. These systems keep an average of 1,000–1,500 or more of the last text messages sent to and received from that phone.

In addition, many mobile devices store information about the locations where the device travelled and when it was there. To gain this knowledge, investigators can access an average of the last 200 cell locations accessed by a mobile device. Satellite navigation systems and satellite radios in cars can provide similar information. Even photos posted to social media such as Facebook or Instagram may contain location information. 

Photos taken with a Global Positioning System (GPS)-enabled device contain file data that shows when and exactly where a photo was taken. 

Investigators can collect a great deal of history related to a device and the person using it!

DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to achieve the results that you require.

When should you consider using computer forensics?

If any form of digital information is even remotely involved in a case or legal situation, a computer forensic examination will be required. Digital information has invaded virtually every aspect of our day-to-day existence, having become a basic component of our lives, from computers, to smartphones, to social networking, digital information plays a crucial role in almost every case.

Computer forensics differs from data recovery, which is, recovery of data after an event affecting the physical data, such as a hard drive crash. Computer forensics goes much further. Computer forensics is a complete computer examination with intricate analysis of digital information being the ultimate goal.

For a successful forensics examination, you must have all the information relevant to a matter, not only to construct effective legal strategies, but also to focus your expectations and efficiently budget your services. There is nothing more difficult to address than a case which has become complicated by new facts, where you once expected the matter to proceed smoothly and without significant cost. Knowing all the facts early in a matter, allows you to better prepare for those cases that will require significant legal expertise to manage.

In response to pending litigation, analysing your relevant ESI is an excellent way to discharge your duties to preserve evidence and avoid spoliation, while also acquiring all relevant information essential to your legal theories and strategies. Similarly, as part of critical business decisions, forensically analysing relevant computers and devices can provide essential information. For example, analysing the computers of corporate officers or employees as part of the termination process can alert you to possible litigation issues such as violation of non-compete agreements, improper copying of intellectual property, etc.

To prepare for litigation, an attorney ought to determine whether a Request for Production of Documents will obtain all relevant evidence. A simple question to ask is whether you want to discover part of the relevant information (i.e. visible by your opponent’s operating system) or all of it (deleted, hidden, orphaned data, etc). It is not unrealistic to anticipate that information contained on a computer system which is helpful to a matter would be saved, while that which is harmful would be deleted, hidden, or rendered invisible. For example, in sexual harassment cases, it is not unusual to discover deleted emails and other data invisible to the operating system that significantly impacts the case. Computer forensic analysis extracts all the emails, memos, and other data that can be viewed with the operating system, as well as all invisible data. In many cases, the invisible data completely changes the nature of a claim or defense, often leading to early settlement and avoiding surprises during litigation.

In any situation in which one or more computers may have been used in an inappropriate manner, it is essential to call a forensic expert. Only a computer forensic analyst will be able to preserve, extract, and analyze the vital data that records the “tracks” left behind by inappropriate use. Taking the wrong steps in these circumstances can irrevocably destroy the vestiges of wrongful use that may result in litigation or criminal prosecution.

Digital, computer and mobile forensics requires much more than what you may think. At DLA, our seasoned investigators use a special set of skills and tools to recover or find the digital data that you need!

The Anatomy of a Mobile Attack

A mobile attack can involve the device layer, the network layer, the data centre, or a combination of these. Inherent platform vulnerabilities and social engineering continue to pose major opportunities for cyber thieves and thus significant challenges for those looking protect user data.

If you’ve been the victim of a mobile attack, don’t hesitate – contact the digital forensic experts at DLA and we can help you recover your precious cellular data quickly and effectively.

ATTACK SURFACE: DEVICE

Browser

- Phishing
- Framing
- Clickjacking
- Man-in-the-middle
- Buffer Overflow
- Data Caching

System

- No Passcode / Weak Passcode
- iOS Jailbreaking
- Android Rooting
- OS Data Caching
- Passwords & Data Accessible
- Carrier-Loaded Software
- No Encryption / Weak Encryption
- User-Initiated Code

Phone / SMS

- Baseband Attacks
- SMishing

Apps

- Sensitive Data Storage
- No Encryption / Weak Encryption
- Improper SSL Validation
- Config Manipulation
- Dynamic Runtime Injection
- Unintended Permissions
- Escalated Privileges

Malware

ATTACK SURFACE: NETWORK

- Wi-Fi (No Encryption / Weak Encryption)
- Rogue Access Point
- Packet Sniffing
- Man-In-The-Middle (MITM)
- Session Hijacking
- DNS Poisoning
- SSL Strip
- Fake SSL Certificate

ATTACK SURFACE: DATA CENTRE

Web Server

- Platform Vulnerabilities
- Server Misconfiguration
- Cross-site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Weak Input Validation
- Brute Force Attacks

Database

- SQL Injection
- Privilege Escalation
- Data Dumping
- OS Command Execution

When the Trill of a Cell phone Brings the Clang of Prison Doors

It was a crucial moment in 2007 during the trial of Paul Cortez, an actor and yoga teacher who was ultimately convicted of killing his former girlfriend Catherine Woods, a dancer who was working as a stripper.

After weeks of testimony and a parade of witnesses, the case against Mr. Cortez boiled down to this: a bloody fingerprint and data collected from a cell phone.

A record from a T-Mobile cell phone transmission tower on the day Ms. Woods was murdered showed that Mr. Cortez called her 13 times in the hour and a half before her death, and then never again. He had told the police in a written statement that he made the calls from his home.

But as he called, the record showed his cell signal hitting a tower near his apartment, and gradually shifting to towers near Ms. Woods’s apartment. At trial, when the prosecutor questioned him about the discrepancy, Mr. Cortez changed course, saying he had made some of the calls from a Starbucks.

Examining cell phone data is a technique that has moved from being a masterful surprise in trials to being a standard tool in the investigative arsenal of the police and prosecutors, with records routinely provided by cell phone companies in response to subpoenas. 

Its use in prosecutions is often challenged, for privacy reasons and for technical reasons, especially when the data comes during the morning or evening rush, when circuits are crowded and calls can be redirected to other towers. But it is often allowed and is used by both prosecutors and defence attorneys to buttress their cases.

DLA combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies for the best results.

Israeli mobile forensics firm helping FBI unlock seized iPhone

The mobile forensics firm Cellebrite of Israel is reportedly assisting the Federal Bureau of Investigation in unlocking a seized iPhone that has become the center of a legal dispute between the bureau and Apple.

The revelation comes two days after the US government tentatively withdrew its demands that Apple write code and assist the authorities to unlock a seized iPhone used by one of the San Bernardino County shooters. The FBI told a federal judge that an "outside party demonstrated to the FBI a possible method for unlocking (Syed) Farook's iPhone." A federal magistrate then tentatively stayed her order demanding that Apple assist the authorities in unlocking the phone.

That same day, according to public records, the FBI committed to a $15 278 "action obligation" with Cellebrite. An "action obligation" is the lowest amount the government has agreed to pay. No other details of the contract were available, and the Justice Department declined comment. Cellebrite, however, has reportedly assisted US authorities in accessing an iPhone.

For now, US-based security experts believe that Cellebrite does have the wherewithal to perform the task.

"I'm really not at liberty to confirm the third party, but based on the techniques I've described in my blog on the subject, I think Cellebrite, as well as many large forensics firms like it, have the capability to perform such tasks," forensic scientist Jonathan Zdziarski told Ars in an e-mail. "DriveSavers, for example, has released statements yesterday suggesting they're almost there. I think the techniques are pretty straight forward for firms like these now that the tech community has had a chance to comment."

DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to achieve the results that you require - contact DLA today!

The demand for mobile forensics is continuously growing

Every day, more and more people are using smartphones. The amount of data which is wirelessly transmitted continues to increase at an impressive rate. According to the results of a survey there has been a huge increase in the number of active smartphones since 2011.

If you think about what our cell phones are today, they’ve actually moved away from simple cell phones and evolved into smartphones which are tiny, powerful computers that people are walking around with every day.

Digital forensic experts from DLA say that the value is not just in the cell phone call history and text messages. It’s about the ability to Google search whatever you want and have information at your fingertips. Cell phones have become diaries of people’s lives.

As digital detectives, DLA is trying to find out what was happening in somebody’s life, to whom they were talking, what the contents of those conversations were, and how they relate to the crime being investigated. This is indispensable evidence that can never be overlooked.

Mobile forensics examiners describe how there is probably more probative information found on a mobile device per byte examined than on computers. 

What is “Cellular Forensics” anyway?

So, what exactly is Cellular Forensics anyway? Well, forensics means “tests and techniques used in connection with the detection of crime.” Cellular? Every ones knows that deals with mobile phones and their technology.

Cellular forensics can also be referred to as Mobile forensics. So, when someone says Cellular forensics there are describing “the utilization of technology (software, hardware, techniques) that enables an examiner to secure, acquire, document and present the data found in a mobile phone.”

What good is Cellular Forensics? As some people say – you are what you click – and a cell phone tells a bunch about a person. Contacts, WhatsApp messages, Photos, location, SMSs and call history are just a few of the tell-all items in your phone. Imagine an employee sharing company secrets with the competition or a married man messaging his secret lover on WhatsApp… the information on their phone can be very damaging and valuable.

So, is this like your favourite show, CSI Miami? No not really! There is no one piece of hardware or software that can be used for the thousands of models of phones out there. But cellular forensic experts, like the professionals at DLA certainly know how to get their hands on the data on your cellphone that you thought was long gone!

Cellular forensics is like archaeology: you dig and dig using whatever proven tools you can find, and sometimes you crack the nut and other times you come away exhausted with little to show for your efforts.

Cellular Forensics today is not really a brand new field, however as our cell phones get more and more advanced, our methods need to be too.

Using cellular forensics for internet infidelity and divorce

In today’s world a cellular device has just about replaced the computer. Today, billions of mobile devices are in use worldwide. The growth for cell phones and the growing number of PC-like features being incorporated into their design are fueling the theory that the cellphone will soon become the new laptop.

In any internet infidelity or divorce case, it is very important to review the information contained on the guilty party’s mobile phone, as long as the consent to search is present. Often times when a computer is shared in the home, the cell phone becomes the mechanism of the affair.

Some of the data that can be recovered from a cellular device is:

- Call logs (date, time, phone number, duration of calls)

- SMSs

- WhatsApp messages

- Calendar entries

- Photos 

- Videos

- Emails

- Phone details

- SIM card data

Feel free to contact us at DLA digital and cellular forensics for any further information or assistance on cellular forensics!

Mobile Phone Analysis

Mobile devices are becoming increasingly powerful and popular, with people even sometimes carrying more than one. However, their increasing capability provides more opportunity to store and circulate information.

Mobile devices have many different features, like the ability to take photos and videos. When a multimedia file is taken, many devices automatically embed GPS location of the handset at that time. This then allows the location of the user at that exact moment to be established at a later date.

Multiple communication features, such as Bluetooth, WiFi 3G and 4G enable the transfer of information that can even cross international boundaries. Users can browse the internet, send and receive emails, post blogs and even removable media cards can be inserted into the device allowing information to be exchanged.

Depending on the client, the following information can be recovered from a mobile phone:

- SMS
- Email
- Call history
- Photos
- Videos
- WhatsApp history
- Passwords

Mobile devices are similar to computers, but with far more powerful capabilities. The value of the evidence found on a smartphone or any other mobile device must never be overlooked! DLA has the cellular and digital expertise to extract and uncover the evidence you need.

The other side of mobile forensics

Mobile or cellular forensics isn’t just about finding WhatsApp messages, images and recent calls; it can also reveal much more. There’s a whole other side to it, which can include carrier data, call logs, undelivered messages and important data that reveals your exact location at the time of the incident. Matched together with the information saved to your mobile device, and mapped together with street names and landmarks, carrier data can enhance data on your device.

The best thing is, if cellular forensics is being used in an important crime case, they can be used to break the case. However, a lot of investigators overlook this critical evidence.

Most cell towers consist of poles that send and receive signals in three sectors; this makes it easier as it enables them to identify which side of the tower communicated with a cellular device.

Carriers keep detailed call records of these communications for billing purposes, so the data includes information like date, call length, whether a call was inbound, outbound, or went to voicemail.

Tower data reveals whether the device was in motion or stationary. A person dialing from one location will hit the same side of the same tower, but a person on the go will hit different towers and different sides.

In an investigation that uses mobile forensics, carrier data information can be vital. It can be used to place a phone in a certain area at a specific time, identify call patterns, establish timelines and identify suspects. 

DLA is based in Cape Town and combines the experience of two seasoned investigators with both criminal and civil backgrounds with the latest technologies to achieve the results that you require. Contact us today today!

Uncover the truth about your data with cellular forensics

A few years ago, the main source of truth came from email servers. These days, work communications have elvolved and are not limited to just laptops and PCs. They have burst onto the scene with WhatsApp messages, instant messaging and mobile sharing apps.

So, where is your data going? And where is it stored?

79% of business users use SMSs or WhatsApp messaging for business communications. Those text messages can pose a significant risk.

60% of those that allowed SMSs or WhatsApp messaging had minimal or no confidence in their ability to produce messages if requested.

Outside of audits, litigation and e-discovery requests are the #1 reason digital communications data is leveraged.

Standard questions legal has for IT during discovery of data:

- Where is the backed up data stored?
- What are our retention and archival policies?
- How is the company currently backing up the data stored on laptops, PCs and mobile devices?
- Which devices (Windows, iOS, Android, Linux) are in use?
- How do we manage data belonging to ex-employees?
- How does our existing software handle and implement data privacy and confidentiality policies?
- Can we collect and preserve delete messages?
- How can I monitor messaging communications on mobile devices for adherence to regulatory mandates or internal compliance policies?

With cellular forensics, IT can:

- Give legal information about the company’s data assets
- Educate legal on all the software IT uses to manage data
- Look for opportunities for IT to identify and collect data that can facilitate repeatable collections and reduce spoilage risk.

SMSs and instant messages are increasingly an issue in investigations. But by extracting them from cellular devices can be expensive and time consuming if you don’t know what you’re doing. Contact DLA Cellular and Digital Forensics and we can follow the digital trail on your cellular or digital device to get the evidence that you need.

Cellular Forensics

Cellular forensics has really changed things when it comes to suspect profiling. The fact that people use mobile devices so frequently these days has provided investigators with another source for profiling criminal suspects, as well as helpful insight into their personal habits and personalities.

This is not just from all the calls and SMSs that are sent and received, but also from the rich data that can be extracted from messaging apps (WhatsApp, BBM) and social media apps (Facebook, Twitter) gives digital forensic investigators the ability to develop a picture of a suspect and a criminal case.

A suspects’ social media personality can offer a more tailored overview of the character, his or her likes and dislikes and a reflection of “who” they really are. A victim’s presence on social media can also be used to find a common link to possible suspects!

The widespread use of cellular apps makes them a source of extremely critical data for digital investigators and general law enforcement officers, both in terms of evidence and investigative leads.

These days’ people use their mobile devices to access social media apps rather than using their laptop or computer. Even more so, social media data can actually be extracted from a suspect’s mobile device and provide details such as, their WhatsApp chat history, location-based data, recovery of images and frequently contacted people.

Investigators can even find out when someone was in a certain place at a certain time by looking at the WiFi all the networks they have ever connected to.

While data points such as SMSs and GPS locations can end up in a great lead in a criminal case, looking at the online social identity of a suspect will allow investigators to dig deeper into the personality of the suspect, which can help to build a case.

Suspect profiling is changing as people use more and more social apps to communicate with one another. This is providing digital investigators with another source of information to build up a complete profile of a suspected criminal.

The amount of data that is now being consumed and shared is opening up a huge amount of different opportunities for cellular forensic and digital suspect profiling cases.

At DLA digital and cellular forensics, we never lose sight of the goal of an investigation, which is to identify the suspects and find the perpetrator using digital suspect profiling.