Digital Forensics & Data Recovery
We offer tailored forensics services to all types of industries. Whether you require data recovery or a complete forensics analysis of your networks and systems, we have a solution that will best fit your needs and budget.
Our clients use our digital forensics services for all sorts of tasks, from recovery of lost accounting documents after a drive failure to indexing and recovering evidence for legal proceedings. The other main aspect to forensics is indexing, correlating and reporting large data sets while also recovering all data that exists on the applicable hardware. We do have our limits, especially with cryptographically secure data, however we take pride in the fact that we can provide comprehensive solutions to even the most difficult tasks.
For a Free quote
Our Specialties
- Simple to advanced file recovery from working or damaged hardware
- credential discovery or bypass of locked & password protected apple, windows, and linux devices.
- Repair and one-time recovery of data from dead/bricked USB drives and hard drives
- Reconstitution of corrupted data and identification of alternative recovery methods
- Identifying vulnerabilities in the cryptography implementations of encrypted data sets
- Identification and recovery of hidden or intentionally deleted/obfuscated data.
Every company has their limits and not every job can have a positive outcome in this field. To date we have been able to maintain a 100% success rate for accepted contracts and this is why we offer a 100% satisfaction guarantee. We are always honest with ourselves and our clients in order to make sure valuable time is not put to waste with inaccurate diagnosis and estimates. Our level of expertise allows us to take on even the most demanding jobs without fear of providing inadequate results, If we believe something will not be economical or just isn't within our realm of expertise, then we will do everything we can to point you in the right direction at no cost to you.
Forensic analysis & Hidden data discovery
Data discovery and indexing is a common need of law enforcement and corporations. One of the most common reasons for a forensic data recovery is to uncover evidence left behind after a crime or some form of wrongdoing. Unfortunately, most organizations have no idea how detrimental it can be to not have a complete forensic analysis run after a crime, theft or accident takes place. People are becoming more educated every day, and the methods used to hide and delete data are growing increasingly more sophisticated. If a device is used to commit a crime, it is very common to see hidden and obfuscated data spread throughout. This data must be recovered, and missing even one string of text could completely destroy an investigation, audit or intelligence gathering operation. Anybody can go through a data set and report on it, the difficult part is that no stone is left unturned. In many criminal cases, it is common for passwords, financial information, and other secrets to be stored in ways that are so obscure that it may seem impossible to find. We have spent years developing various tools to identify the presence of this hidden information, however in most cases automation is only a tool to assist in the manual forensic analysis of the data. If there is something to find, then we can guarantee it will be recovered.
Common Components to a Forensic Analysis.
- Simple indexing, organization and reporting of visible and deleted files
- Discovery and identification of hidden and/or encrypted partitions
- Basic cryptanalysis of encrypted data
- Automated and manual iteration of all raw data to identify hidden strings & files
- Manual iteration of images, audio files, binaries, etc... to identify associations or alterations
- Automated indexing of activities on a device to form a digital paper trail
- Complete activity timeline construction for all available file system and network activities
Data recovery
Have you lost data? If so the first step is to do nothing at all unless you are certain you can complete the job on your own. In our experience, the #1 reason data may become unrecoverable is because it was altered after the corruption, deletion or failure took place. In some cases, removing a drive after a catastrophic event can render the data unrecoverable, however in some cases leaving the storage medium connected or powered could result in a larger and more permanent loss. If you are experiencing real-time data loss, or an event just took place, please call our crisis line immediately. However if the device is standalone, unable to power up, locked, or manually deleted then it is usually not a time sensitive issue in regards to the possibility of recovery.
Regardless of the cause of the data loss, it is important to seek guidance on how to properly recover the data, but more importantly how to prevent additional loss. In almost all cases, short of multi-pass secure wiping of the storage medium, the lost data can be recovered. If you wish to contact us, please call the toll free number at the top of the page or on the contact page for additional information.
Cryptanalysis and Data Integrity
In our experience, cryptanalysis is one of the most complex and sophisticated services that any company can offer. The problem with encrypted data is that there is no magic bullet, some cryptography just can not be broken in a way that is economical to even the wealthiest organizations. Something as simple as getting data from an apple device can be more difficult that decrypting intercepted TLS packets from a major banking institution. Sometimes, the more simple something is, the harder it is to break. We can in no way offer a guarantee that cryptographically secure data can be broken using the resources we have available to us (or anybody else for that matter). What we can guarantee is that if there is a way to complete the task in an economical way, we will find it. Call us and speak to an expert for a detailed explanation of what results you can expect for a given task.
Some of our common methods of attacking the cryptography
- Identification and implementation of various algorithmic attacks on a given ciphertext or set of ciphertexts
- Discovery of potential faults and vulnerabilities in the implementation of the cryptography
- Key store and HSM attacks to reveal private keys.
- Brute force attacks using proprietary AI tools to greatly increase the probability of breaking a PBKDF passphrase
- Cold boot attacks & memory dumps of saved states to obtain keys when a flawed implementation is present.
- development & modification of hardware and software to assist with live recovery of keys.
We also offer corrupted data integrity restoration using available information and/or an algorithmic approach to reconstructing the data if the corruption is small enough. Corrupted data can be restored using available parity information, ECCs & specific algorithms that help to identify data corruption and bring it as close to its integral state as possible.