Computer & Mobile Forensics
Computer forensics and forensic data analysis lie at the core of forensic investigation of business activity. The PwC forensic technology team helps clients put large datasets to use in internal investigations, court cases, and in fraud prevention.
Our forensic experts are trained in forensic acquisition and analysis of electronic evidence and are equipped with the most cutting-edge tools and technology.
Server & Network Forensics
We use forensic software and hardware to acquire and interrogate data from servers and networks and test the collected data to identify potential anomalies. We perform the following:
- Collection of Digital Evidence: The image of the virtual server is taken with a copy in accordance with forensic technology standards. When examining the electronic documents on the received forensic image, the Law on Protection of Personal Data will be complied with.
- Analysis and Analysis of Collected Digital Evidence:
- Classification of data, recovery of deleted files, removal of duplicate files, indexing in a way to search for text,
- Examination of the following logs within the date range we have determined with you:
- Connection logs to the server
- Application access / exchange logs
- Database access / exchange logs
- Checking the presence of malicious software by examining recently run programs (for Windows Server)
- Identification of electronic evidence as a result of keyword searches and analysis.
- Reporting of evidence: Preparation of a scientific expert opinion including evidence, findings, findings and observations of the investigation.
Cloud Forensics
We help you to manage the following Cyber risks associated with cloud computing:
- Data breaches
- Insufficient identity credential
- Insecure interfaces and APIs
- System and application vulnerabilities
- Account or services hijacking
- Malicious Insider
- Data loss
- Insufficient due diligence
- Denial of service
How to manage these risks
- Identify the assets you are moving to the cloud and asses their confidentiality, integrity, and availability requirements. Perform effective due diligence before selecting a cloud provider to ensure they have strict measures for their security infrastructure
- The use of multifactor authentication, strong passwords and automated rotation of cryptographic keys, passwords and certificates are all good security practice. Encrypting sensitive data can mitigate against a data breach
- To mitigate the risk of system vulnerabilities and insecure APIs you should ensure proper patching and hardening is carried out
- To minimise the risk of account hijacking through social engineering, all employees should receive security awareness training
- To prevent a malicious insider attack you should manage privileged accounts and log their actions. Threat monitoring capabilities can be used to identify suspicious user activity
- To mitigate the risk of data loss enterprises should not solely rely on one single cloud provider. It is also vital organisations have disaster recovery and business contingency plans in place