Case Study: Computer Forensics For an Engineering Company
Security Brigade Logo
Services | Products | Compliance | Training | Home | Clients | Contact Us
Menu
Services
Products
Training
Compliance
Whitepapers
Case-Studies
News
Media
Contact Us

Clients / Partners

Search
Computer Forensics for an Engineering Company

Our Client’s Needs

The client was facing some problems with sensitive internal information getting leaked to competitive sources. The end-goal was to determine the source of these leaks and identify mechanisms in which access control can be implemented to prevent future information disclosure from internal sources.

Scope of Engagement

The Client decided on conducting a Computer Forensic Analysis of the servers used to hold and store the sensitive documents that were leaked.

Methodology

Taking in-consideration the Client’s requirements, Security Brigade’s consultants identified the best methodology that would cater to the Client’s goals. The process determined was a unique combination of Open-Source, Commercial and In-house Proprietary software.

A thorough analysis was carried out while meeting industry and legal requirements, while collecting evidence that could be used for future legal action against the attackers.

Deliverables

The client had already isolated one suspect system and provided it to Security Brigade's consultants to use as an Initial lead for the investigation. Along with this system, a set of specifically chosen keywords and filenames from the incriminating data were provided. These keywords were used as the search criteria for the rest of the Investigation.

Security Brigade conducted a network-wide search against these keywords and filenames with the goal of discovering other systems with the incriminating data.

Based on the results of the network search and the findings from the initial suspects system, additional systems were identified for analysis. These systems had their hard-drives replaced with copies so that users would not discover that they were under scrutiny.

The incriminating data on the duplicate disks was corrupted so that the individuals would not be able to spread it further. The original disks were physically isolated and subjected to forensic analysis.

Mirror-images of these systems have been captured to preserve the evidence available on them. Keyword searches were made on these disks and the incriminating data was discovered. Furthermore, the email data files were extracted to analyze to determine whether the information was being spread by email.

In most cases, the individuals had not had the opportunity to delete the incriminating data as the drives were swapped while they were not in the office; however one system subjected to analysis was a laptop system where evidence was recovered. It was observed that the files on this system had recently been deleted. Security Brigade has recovered the deleted information.

Based on the findings of the hard-disk investigation, it was decided that a surveillance system to be deployed on key suspect systems to monitor their activities and capture any attempts to move or delete any evidence. A covert surveillance system was deployed on six systems. This system is capturing all that the user of the system types and transmitting this information for analysis. It has been observed that some of the individuals are attempting to erase the evidence from their systems.

The evidence obtained from these investigations has been digitally preserved and documented as per industry best-practices.

Value Delivered

Our Computer Forensics Service allowed the Client to identify perpetrators that were disclosing sensitive internal information to competitors. Furthermore the Client gained the following benefits:

  • Risk Benefits: Security Brigade assisted the clients in minimizing the risk faced by internal information being disclosed to competitors.
  • Cost Savings: Security Brigade suggested cost-effective risk-mitigation measures based on the customer’s business requirements that would ensure that such incidents would be minimized in the future.
  • Customer Satisfaction: Computer Forensic Service was conducted with minimum interruption to identify the source of the leaked information.
  • Internal Data Security: The client was able to prevent future incidents where internal sensitive information was leaked. It allowed them to carry on their business without the risk of competitive attacks.
Copyright 2006 Security Brigade