• Digital Forensics in Oklahoma City

    January 21, 2021 | Blog | admin
  • Digital forensics is one of the main reasons I started my private investigation agency 1 to 1 Risk Control & Investigations. I’ve spent over 20 years in information security and obtained a number of certifications: GSTRT, GSLC, GPEN, GCIS, GCFE, CISSP, CNSSI 4012, CNSSI 4013, CNSSI 4014, NSTISSI 4011, NSTISSI 4015.GSTRT, GSLC, GPEN, GCIH, GCFE, CISSP, CNSSI 4012, CNSSI 4013, CNSSI 4014, NSTISSI 4011, and NSTISSI 4015.

    Computer crime investigations are never dull. I work cases that include computer crime, infidelity, homicide, suicide, and other cases that involve devices you wouldn’t expect. Forensic tools have evolved over the years to uncover new evidence sources that weren’t available previously.

    As an investigation agency specializing in digital forensics in Oklahoma city we utilize forensic tools such as:

    Even with all these tools at our disposal we often resort to using open source forensic tools because they are updated more often that the forensic tool suites available on the market. Using open source forensic tools often have less overhead and processing time for less complex investigations.

    There’s a popular misconception that open source forensic tools are not admissible in a court of law. That’s not the case, as long as you can explain what the tool is doing and how it obtains the evidence, the findings are perfectly admissible.

    Chain of Custody and Drive Imaging in Digital Forensics

    Digital Forensics Drive Imaging.

    There are two other popular misconceptions in computer forensics:

    If you leave evidence out of your control for a period of time the chain of custody is no longer valid. Again this is not true. As long as you know where the evidence is located and secured there are no issues with chain of custody.

    The other misconception is drive imaging. The ongoing argument is that a drive must be full imaged in order to perform e-Discovery or forensics. This is also not true. You can perform a logical image of the drive, often called triage forensics, and still perform an effective computer forensics investigation. In fact, this approach is much quicker and especially beneficial in incident response cases.

    Cloud Forensics Abilities

    Network forensics and cloud forensics.

    Our digital forensics investigations aren’t limited to devices such as hard drives, laptops, workstations, digital cameras, and other devices. We also perform network forensics which involves analyzing packet captures to determine what happened on a network. Network forensics are especially valuable during incident response.

    Memory Forensics is another specialization here at 1 to 1 Risk Control & Investigations. Some of the most valuable evidence we acquire is obtained from the memory in a running computer system. There are numerous ways of covering your tracks on a computer, but there’s no hiding from memory forensics.

    Cloud based forensics is another specialty here at 1 to 1 Risk Control & Investigations. We often perform digital forensics in Office 365, Google Apps and email, One Drive, iCloud, Amazon AWS, and other cloud service platforms.

    Many times the cloud services investigations involve virtual machines hosted in the cloud that are very similar to actual physical computer systems. The same forensics approach as physical systems can often be taken in many cases with virtual machines hosted in the cloud.