Services

Lab design:

We have developed our own methodologies based on many years of experience with different clients and with multiple types of investigations.

We have developed a modular approach to the Forensic Laboratory Design. Our experience demonstrates that almost every customer needs a set of common Forensic equipment (what we call the Core Forensic Laboratory) and on top of that, a number of additional modules. Each of those modules will address a specific need by providing the adequate tools to do the job and not all clients will need the same modules (or at least not with the same components, as some of them will need Basic, Medium or Advanced configurations).Our methodology has strong emphasis on quality, thoroughness and reporting mechanisms

Core Forensic Laboratory:

The common forensics equipment that will enable customers to preform basic forensics investigations, we provide the required consultation to design deploy and maintain a successful Core Forensics Laboratory.

Additional Modules

• Incident Response: This module is including everything needed to perform efficient incident response actuations: software to collect volatile evidence, to perform live investigations.
• Evidence Acquisition: A portable solution to provide the required flexibility for in-the-field collection and analysis and everything needed to perform a successful acquisition in a cabin-sized ultra-light case (forensic laptop and jump bag with forensic software, write blockers, hard drive duplicators, adapters, storage, etc.).
• Evidence Preservation: This module is composed of all equipment you need to keep your evidence safe and keep its chain of custody through time, like fireproof data safe, tamper proof evidence bags, anti-static bags, etc.
• Password Recovery: It includes specific hardware and software designed to recover unknown or lost passwords using multiple recovery tools and approaches (brute force, rainbow tables, dictionary attacks, hybrid,…)
• Email Investigations: It includes best software to succeed in the analysis of multiple types of email (Outlook, Thunderbird, Lotus, etc.) and webmail (Yahoo, Hotmail, Gmail, etc.).
• Browser Investigations: It includes software to perform an in-depth analysis of Internet browsers (IE, Firefox, Safari, etc.), including Browsing History, Cookies and Cache Analysis.
• Internet Investigations: All necessary to perform real world searches of identities in multiple search engines and social networks, to discover relationships with other individuals, email accounts, phone numbers, addresses.
• Optical Media: This module Includes all hardware and software needed to succeed in investigations involving Optical Media(CDs, DVDs, Blu-ray, etc.).
• Multimedia Forensics: All hardware and software to perform advanced multimedia (audio, video, and images) search in computer forensic investigations by analyzing the visual features in the image or video.
• Mobile Devices Forensics: All hardware and software necessary to perform Mobile Device Forensics in the huge number of existing different devices(cell phones, PDAs, BlackBerrys, iPods, iPhones, GPS Navigators, etc.).
• Network Forensics: The hardware and software you need to succeed in capturing and analyzing network traffic, including network sensors and analysis stations
• Malware Analysis: The hardware and software you need to succeed in the analysis of Malicious Software, allowing to perform deep forensic analysis of executable code, creating a complete reverse engineering environment.
• Media Recovery: This module includes all advanced components, hardware and software, needed in order to recover data from damaged or deleted media from all kind of file systems.

Please feel free to contact us to schedule meeting with you and evaluate your requirements.

FORENSICS TECHNOLOGY INVESTIGATIONS SERVICES

EXPERIENCE & ENGAGEMENT

Contego Solutions Consultants are highly skilled in conducting digital forensic investigations and are experienced in the use of secure imaging tools, analysis and chain of custody procedures. We analyze IT networks and computer media in incidents such as corporate fraud, hacking & data breaches, HR investigations, code of ethics violations, data and intellectual property theft.

When every second counts, our team of experienced security and digital forensic consultants can assist and advise you on next steps after suffering a security incident. They will guide you on response, containment, securing the scene and identifying and analyzing IT evidence related to the incident.

Contego Solutions can help you’re organization reduce valuable time and resources searching and analyzing electronic data. Digital Evidence can explain the Who, What, Where, When and Why of an incident. With an advanced digital forensic processing and analysis capability, our team of Consultants can serve clients requirements in a quick and secure manner and in accordance with chain of custody rule and procedures. Contego Solutions maintains a strict confidentiality policy with all clients.

“STATE OF THE ART” DIGITAL FORENSICS LAB

Contego Solutions’ Digital Forensic Lab uses the latest in Digital Forensic technology and is equipped with state of the Art forensics solutions. We can advise clients on identifying, locating & analyzing IT evidence and cybercrime investigations.

We can examine and investigate all types of computer media. Our Digital Forensics Lab is equipped with the latest technology which features advanced processing, efficiency, speed, accuracy & security. We have customized solutions for Audit, HR, IT, Compliance, Risk, Legal and Corporate Security. Contego Solutions is ready to assist you in your business requirements. We use advanced tools to analyze different types of data.

Corporate Investigations should be handled by professionals who are trained in digital forensics otherwise key IT evidence can be overlooked or ruled inadmissible in a court of law. Without using Digital Forensics, an enterprise can be left vulnerable to more incidents from the same perpetrators or from other criminals. Contego Solutions Consultants are skilled in identifying and retrieving IT related evidence.

Our team of experienced security and digital forensic consultants can assist and advise you on next steps after a security incident. They will guide you on response, containment, securing the scene and identifying and analyzing IT evidence related to the incident.

Contego Solutions can help your organization forensically analyze electronic data sources including:

• Servers, Computers or Laptops
• Email
• Mobile Phone/Smart Phones
• Office Applications
• Images
• Date & Time
• Social Media
• Internet Activity
• Domain Names
• Operating Systems
• Online Transactions
• Application Logs
• Credit Card Transactions
• Network Logs
• USB Drives/Portable Storage Media
• Operating System Logs
• Intellectual Property
• Databases
• Payroll discrepancies
• Sales receipts & Corporate Accounts manipulation

Contego Solutions can help your organization if you suspect any of the following events:

• Unauthorized Access by Employees
• Theft of Computer Equipment
• Intellectual Property Theft & Industrial Espionage
• Fraud investigations involving employees or third parties
• Disputed transactions
• Ethics and Compliance Investigations
• Regulatory and legal matters
• Asset misappropriation, financial misstatement
• To show compliance with legal and regulatory rules
• Internet Investigations and Malware Incidents
• To avoid charges of negligence or breach of contract
• Internet Scams / Phishing Investigations
• Credit Card Transactions
• To support insurance claims after a loss.
• HR Investigations & Employee Disputes
• Allegations of employee misconduct and abuse
• Source Code or Software Piracy
• Accounting discrepancies
• Audits
• Unauthorized Network Access

DIGITAL FORENSICS & DATA ANALYSIS

Contego Solutions can assist clients with their data analysis requirements. The following is a sample of the types of data that we can analyze:

• Emails
• Deleted Files
• Application Data
• Customer Lists
• Data Files
• Employee Lists
• Mobile Phone/Smart Phones
• Office Applications
• Images
• Date & Time
• Social Media
• Internet Activity (URL’s)
• Domain Names
• Operating Systems
• Online Transactions
• Logs
• Credit Card Transactions
• Network Logs
• Operating System Logs
• Databases
• Keywords
• Archives

We can also turn your complex data into simple diagrams to so that you can visualize and understand relationships. This is useful to understand any links between any objects which is helpful for conducting investigations, looking for exceptions, connections between users and identifying trends. Our Experienced technical team are able to use our local state of the art forensics lab which is capable of conducting digital forensics and data analysis including:

• Keyword Searching
• Filtering Data
• Data Extraction
• Identifying Duplicate Data
• Stripping Irrelevant Files
• Indexing Files
• Sorting Data
• Grouping by File Types
• Grouping by Date & Time
• Grouping by Object
• Establishing a Timeline of Events

Please feel free to contact us to schedule meeting with you and evaluate your requirements.

eDISCOVERY

What is Electronic Discovery?

Electronic Discovery refers to investigations, criminal and civil cases where there is an exchange of information in an electronic format, which we usually refer to as Electronically Stored Information (ESI).

Increased reliance on ESI and the large use of email as the current standard of daily communication has exploded the volume of electronic information stored on digital media. These huge amounts of electronic evidence present significant challenges for businesses faced with disputes, regulatory and other investigations.

The nature of digital data makes it well suited for investigations – digital data can be electronically searched with ease whereas paper based data must be done manually.

The Electronic Discovery process

Electronic Information can be provided by the parties or can be part of a Digital Forensic Investigation; the process of Electronic Discovery is defined in the Electronic Discovery Reference Model (EDRM).

• Management – the early assessment and management of the project from start to finish
• Identification – the identification of relevant materials and media to be collected and processed using the Electronic Discovery platform
• Preservation – to preserve any material that has been identified to ensure that no chances take place to keep the chain of custody
• Collection – the gathering of ESI for use in the electronic discovery process
• Processing – reducing the volume of ESI and converting it into the correct form
• Review – the evaluation and assessment of the reduced ESI for matter relevance
• Analysis – evaluating ESI for content and context and searching for patterns, topics of interest, key individuals and file content
• Production – delivery of the ESI to others in the appropriate

Providing Electronic Discovery services

Contego Solutions can provide a range of Electronic Discovery services, in part or full form:

• Forensic data collection
• Chain of custody
• Early case assessment
• Search and analysis
• Online review platforms
• Production
• Case management

The approach of Contego Solutions is that we believe and understand that one solution does not always fit all and as an independent consultancy we are not tied to using a set technology, therefore allowing us to make an earlycase assessment of the requirements and decide on the best technique and methodology for the investigation.

Contego Solutions can assist in all types of Investigations where digital information is available; ranging from disputes and litigation to internal and individual investigations.

Speak to our Consultants to find out more about our solutions and services.

Please feel free to contact us to schedule meeting with you and evaluate your requirements.

THE DIGITAL FORENSIC PROCESS

Overview of the Digital Forensics Process

Digital Forensics procedures can be segregated in four different phases in which different resources are needed. The first phase is the execution of an Incident Response procedure, followed by the collection and preservation of the evidence, then the analysis of information and finally, the presentation of the results.

Figure 1: Forensics Procedures

Incident Response

Incident Response is the actions performed, forensically talking, to react in front of any kind of incident or attempt. It is an organized approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that allows the responders to identify if an incident has indeed occurred, limit the impact and reduce recovery time and costs.

Acquisition

Formally, the Acquisition can be defined as the process executed to collect and identify all information stored in the suspect computer systems (memory, processes, network connections, storage –hard drives, media cards, etc.-malware …). The acquisition process must be performed strictly following forensically sound procedures so that the investigator can prove at any given moment that not even a bit has been modified or lost during the process, ensuring the reliability, completeness and accuracy of all items. All the aforementioned procedures are verifiable and able to stand in a court of law if necessary.

Digital evidence can be collected from various sources. Obvious sources include computers, cell phones, digital cameras, hard drives, CD-ROM, USB memory devices, and so on. Non-obvious sources include settings of digital thermometers, black boxes inside automobiles, RFID tags, and web pages (which must be preserved as they are subject to change).

During a Forensics Investigation acquisition process, all the activities performed should be timed and thoroughly documented

Preservation and Custody of Evidence

Special measures should be taken when conducting a Forensic Investigation if it is desired for the results to be used in a court of law. One of the most important measures is to assure that the evidence has been accurately collected, preserved and kept under appropriate Custody, preserving the Chain of Custody from the scene of the crime to the investigator and ultimately to the Court.

Chain of custody refers to the chronological documentation, and/or paper trail, showing the acquisition, custody, control, transfer, analysis, and disposition of evidence, physical or electronic.

Analysis

The Analysis phase of the Digital Forensic process addresses the extraction of the individual elements of information that may be of significant to the case. For this purpose, a myriad of specialized tools are used to discover information from different sources. There is no perfect tool for every kind of process, so in many investigations, numerous tools are used to analyze specific portions of information.

Typical Forensic Analysis includes a manual review of material on the media, reviewing the Windows registry for suspicious information, keyword searches for topics related to the incident, and extracting e-mail and images for review.

Reporting

Once the analysis is complete, a report is generated. This report may be a written report, an oral testimony or any combination of the two. The aim of this phase is to present the evidence obtained in a form that is an accurate representation of the facts and that is understandable by the intended audience.

Please feel free to contact us to schedule meeting with you and evaluate your requirements.

Our management team has a collective four decades of experience in the field of forensic security solutions. We have a proven track record in our field and can ensure the most professionalism and efficiency in delivering important data solutions to our clients.

We extend a synergistic approach that enables our clients to benefit from our forensics security solutions, at a competitive cost. The digital forensics and eDiscovery markets in the Far East and Middle East, in particular, can benefit from the expert project management that we offer to ensure our solutions are well ingrained in our clients’ organizations.

Contego Solutions Methodology to achieve the successful projects delivery of digital Forensic laboratories deployments includes the following:

The key to our approach is to assemble the right team, with the proven skills, motivation, and tools to achieve our client’s goals. We have done that by including team members who have previously successfully demonstrated the necessary skills, expertise, and experience this team is well rounded and provides at least double coverage on all key skills.

Contego Solutions eliminates a major risk by having required staff identified and in place prior to award. By establishing multi-discipline teams and providing them with a clear mission and powerful tools, the motivation to succeed becomes self-evident. It is our program management philosophy to remove administrative and bureaucratic hurdles allowing the team to focus on accomplishing the mission.

Contego Solutions will ensure that all teams receive Process Optimization Training. This will enable the team to leverage the appropriate tools and techniques throughout the implementation. This will result in our teams continually looking for process inefficiencies and opportunities to improve.

Contego Solutions aims to be the leading distributor and supplier of Digital Forensic Solutions (Hardware & Software) for enterprises and law enforcement agencies. Our portfolio of solutions address the A-to-Z in digital forensics wherewe have become a “one-stop” resource for both solutions and technical expertise. You can rely on the expertiseof our consultants who have extensive experience designing digital forensics solutions. Our Partners include Guidance Software, Access Data, Nuix, MH Services, Oxygen Software, FireEye, Evidence Talks, Micro Systemation and other Leading Digital Forensics Solution Providers.

Contego Solutions also provides Forensic Technology Investigation services. Our experiences Consultants utilize our state of the art Digital Forensics Lab which is equipped with advanced hardware and software and customized for Digital Forensics Investigations and eDiscovery Projects.

Our Professional Trainers have conducted training sessions for Law Enforcement, Enterprises and Government Agencies. We provide customized training in Cybersecurity, Incident Response and Digital Forensics.

Please feel free to contact us to schedule meeting with you and evaluate your requirements.