Valiant will apply a rigid set of protocols for cyber crime investigation case. We work closely with you up-front of any forensic investigation activity to determine the most efficient, cost-effective strategy and service deployment for the case at hand. While every case is different, there are certain protocols that apply to most matters.
Discovery Strategy Planning
In the strategy phase, based on the client input we define a list of data sources to focus on, based on the dynamics of the case. Sometimes it is necessary to go after a number of machines, but many times we can save time and money by focusing on a few key data sources. We stress forensics consultation as early as possible in the pre-trial process to prevent the accidental bargaining away of crucial digital evidence.
Collection and Preservation of Evidence
It's far more preferable to review all data and process the critical portion of the available universe of data than to allow portions of potentially critical information to disappear forever. We help clients develop a "rapid response" plan to present to the court to ensure key information is preserved, and create mirror image backups of targeted hard drives/servers/backup tapes. We are not bound by the limitations of off-the-shelf tools to harvest data; when the situation warrants, we can apply proprietary procedures and processes to solve difficult collection issues.
Valiant forensics consultants confer with client litigation team to arrive at a close understanding of the nuances of the case at hand. From this understanding, an initial set of search criteria is established. Valiant consultants hail from an investigative background, and are trained in the art/science of interrogation methods. Criteria can include key words and usage patterns (such as timeline analyses, which reveal information regarding the creation, deletion, modification, and last access of both, allocated and deleted files). All activity is carefully logged to maintain the admissibility as evidence of any findings.
Valiant have helped many clients create and execute data recovery plans, regardless of the type of data being recovered, size of the target organization, time constraints imposed by the project or whether we are collecting from an adversary’s hostile work environment. In most cases, it is preferable by far to preserve as much evidence as possible and process a small portion of the available universe of data rather than to allow portions of potentially critical information to disappear forever.
Forensic Data Reduction
Valiant use computer forensics to reduce a universe of discovery data to a more manageable subset, without overlooking potentially significant data. Forensic images of the data in question are created so the integrity of the original data / metadata is preserved. We then create custom scripts specific to each matter to weed out duplicate files, machine-created files and other dross.
Data reduction may be based on key words, file types, identification (headers/extensions), data patterns, date ranges and metadata values. Valiant processes do not rely on any one application; we can often process files outside of their native environments, which generally provides greater access to the properties associated with a file.