Remote Computer Forensics
t is unfortunate that in the modern corporate arena many companies find themselves in litigation and subject to legal proceedings more and more often. Disklabs understands that for many companies preventative measures are the preferred way of ensuring that they are safeguarded against litigation due to misuse of company technology. When this use results in organisation facing legal proceedings, either from an outside source or by an employee contending disciplinary action, remote forensics allows an organisation to maintain their digital security by outsourcing to a remote forensics company. Disklabs provides full remote forensics services including intelligent monitoring and e-discovery techniques. Disklabs has a team of remote forensics analysts trained in the use of industry-standard software packages. Disklabs can provide the client company with high levels of security and data integrity by monitoring the corporate network, PCs and digital storage remotely, and if necessary surveillance practices can be bought into effect. A cost-effective and streamlined solution too many corporate IT security problems.
Intelligent monitoring consists of the practice of deploying remote software agents; these agents facilitate a remote forensics connection to each PC or server. This connection is utilised by an analyst to connect to the remote machine and collect forensically clean digital evidence including network traffic, the contents of RAM and any attached digital storage media. The remote forensics analyst will also be able to monitor for anomalous activity via the agent, triggers can be put in place to monitor the amount of data being copied to external devices, the level of network traffic across interfaces or addresses and many other forms of atypical user activity. If one of these alarms is triggered the remote forensics expert will be able to capture a screen image, turn on a key logger or enable a packet sniffer to gather intelligence data regarding the usage of the target machine in real-time.
In the USA we are witnessing an ever increasing level of legislation regarding e-discovery, especially surrounding SOX (Sarbanes-Oxley). By utilising a remote forensics agent the remote forensics analyst is able to search for defined criteria and then either save the results of the query to central storage or simply report its presence. An example of this form of remote forensics would be a situation where a company wishes to know which PCs in its organisation contain a copy of a particular document, the remote forensics analyst can instruct the agents to scan each PC for a document containing a set of keywords, additionally a date range or document type can be specified. This enables the organisation to quickly search the entire contents of its corporate network, highlighting potential data theft or other forms of resource misuse.