Digital Forensics

Digital Forensics


In the past decade there was an immense development in the field of technology and considering the present situation where everything is digitized, there is also a rise in a new class of crimes in relation with the digital or electronic domain, increasing at a rate of 100% every year and this throws new challenges for the investigator and law enforcement in preventing the frauds and identifying the fraudsters. Digital/ Multimedia forensics typically deals in obtaining, preserving and documenting digital and electronic data/ evidence from computers, mobile phones, CCTV, digital cameras, pen drives/ flash drive/ memory cards and other storage media, using various licensed software and hardware tools.
Digital Forensics are effectively used in


1. Computer Investigations 2. Multi-media Authentication 3. Mobile Phone Investigations


• Hard disk: The best evidence is the original evidence. Evidence needs to be protected, against normal accidents, accidents in the analysis process, and tampering. For this reason, the actual analysis should be done on a verified copy, a forensic duplicate, of the original hard drive. Verification of evidence before starting analysis is an important step.(read more)


Hash value of the evidence is computed and compared it with the hash value taken at the time of acquisition. If both the values are same, there is no change in the content of the evidence. If both are different, there is some change in the content. Analysis is the process of collecting digital evidence from the content of the storage media depending upon the nature of the case being examined. This involves searching for keywords, picture analysis, time line analysis, registry analysis, mailbox analysis, database analysis, cookies, temporary and Internet history files analysis, recovery of deleted items and analysis, data carving and analysis, format recovery and analysis, partition recovery and analysis, etc.


• Memory card/ Pen drive: Memory cards and pen drives may contain a vast amount of data. Any kind of file may be stored on a memory card/pen drive, from standard photographs taken by the handset camera to Microsoft Excel spread sheets containing detailed financial information, and more, to prevent any further data being written to the card, the memory card is removed before the handset is activated and is then examined using the forensic application. (read more)


This program takes a complete image of the card and verifies it using an MD5 hash, a mathematical equation that highlights any difference between the created image of the card and the data stored on the card itself. The card is searched for all relevant data types, which are logged in the analyst's notes and are can be made available in court at any time.


• Recovery of deleted files: That are deleted are actually just hidden. The only way the file to recover disappears completely is if the same physical space it occupied on the drive is overwritten. Many computer users think that this actually eliminates the information. However, depending on how the files are deleted, in many instances a forensic examiner is able to recover all or part of the original data.


• CCTV footage: also known as video surveillance and is the use of video cameras to transmit a signal to a specific place, on a limited set of monitors. At first viewing CCTV footage can often appear to be of poor image quality, a quality sometimes not sufficient to see some of the fine detail needed to make an adequate assessment of the events. Our CCTV forensic experts, using a wide variety of forensic imaging technology, can help to improve the quality and clarity of these images. (read more)


This CCTV image enhancement can be used on video footage or to capture enhanced stills from certain key parts of a CCTV recording, for example to see if a person is carrying a gun, weapon, etc. or to see more clearly a car’s registration plate. Image enhancement can often make a significant improvement to CCTV footage.


• Image enhancement: Image enhancement is the process of adjusting digital images so that the results are more suitable for display or further image analysis.


• Video/Audio enhancement: Video/Audio enhancement is the process of adjusting videos/Audios so that the results are more suitable for display or further analysis.


• Audio authentication: The authentication process determines whether or not the audio recording in question has been tampered with. The software that created the edits will be detected in the HEX information of that edited recording.


• Speaker identification: Identification of a person from characteristics of voices (voice biometrics). It is also called voice recognitionSpeaker verification is a 1:1 match where one speaker's voice is matched to one template, whereas speaker identification is a 1: N match where the voice is compared against N templates.


• Social media: Social media posts, status updates, photos, and conversations of an individual are investigated to provide information relevant to a case, to supplement evidence, establish character, support or disqualify an alibi.(read more)


We have access to high-powered software that makes for a quicker, more efficient search. We also have a strong understanding of ethics and know what data must be pulled for evidence to be admissible in court. This means we are well-versed in metadata, MD5 hash value, what is required for provability, and the rules that dictate what level of searching, friending, and following is allowed, depending on the case.