IT Forensics, Security and Cyberlabs

SIP personnel have established National Training and Interpol Training in computer and information crime, teaching information security and MSc level qualification.

SIP keeps pace with current IT security threats; MI5 recently released to the UK business leaders (including Banks, Financial Institutions, Accountants and Legal Firms, major Corporations etc.) a warning of ‘electronic espionage attack’ by ‘a Chinese State and Russian Organisations’. Such attacks are IT related but could also involve interception of telecommunications.

NATO recently reported that “Cyber Crime is a major threat, with offences in 2013 at the rate of 14 per second and increasing; all companies are vulnerable to attack.” The current rate of offence is now believed to be three times this figure so the risk of an attack on businesses is even greater now.

SIP keeps pace with constant changes in technology that occur everyday so it can continue to maintain the high level of IT security and forensics that it is able to offer today. If clients have difficulty in being made aware of the latest threats and vulnerabilities or have previously attended expensive seminars to learn about them, SIP can help you.

SIP’s IT forensic capabilities are second to none. The head of forensics alone has given evidence relating to his forensic examinations in over 2,000 criminal prosecutions, defence and commercial cases.

SIP follows strict forensic protocols to ensure that any forensic examination evidence is compliant and acceptable in any worldwide jurisdiction that may be applicable to the case in question.

SIP Forensics Recovery techniques safeguard the integrity of potential evidence to the highest judicial standards. SIP‘s head of forensics has completed in excess of 2,000 examinations on behalf of UK government agencies as well as undertaking research for a government defence evaluation research agency.

SIP follows strict protocols when recovering evidence that have proved invaluable to an extensive number of clients; whether looking for evidence in a criminal prosecution or defence, civil action or simply determining an employee’s activities.

SIP’s forensics team has been providing a service to Police Forces, government agencies, major corporations, law firms and private clients for the many years. Analysis of systems and the recovery of deleted files can reveal, but is not limited to, the following type of information:-

  • Web sites visited
  • Whether sensitive files have been transferred
  • When files were last accessed
  • Whether any efforts have been made to add, alter, delete or conceal potential evidence

Practises and methodology have been preferred over this period of time and include:-

  • On-site seizure and preservation of data
  • Analysis and investigation of data
  • Reporting
  • Presentation
  • Advice on the preparation requests for discovery/disclosure
SIP Mobile Cellular Phone Forensics

Information extracted from mobile cellular phones can be invaluable evidence for a number of reasons whether for criminal prosecution and defence cases, civil and commercial cases, internal security or for intelligence matters. SIP is experienced in this field and has the capabilities to undertake full forensics on mobile cellular phones. SIP uses an array of advanced specialised software that can extract both active and deleted data from all makes of mobile cellular phones, Smartphones, PDA’s, GPS units and other mobile devices. SIP follows strict protocols to ensure that any evidence discovered is admissible in a court of law.

The type of information that can be recovered includes, but is not limited to:-

  • Call History Log Recovery, including dialled, received & missed
  • Text Message (SMS) Recovery
  • Pictures, Videos and Audio Recovery
  • Email and Chat Analysis, accessed via the device
  • Phone Book and Contact Extraction
  • Calendar and Task List Extraction
  • Multimedia Message Recovery
  • Internet Browsing History
  • Social Networking, accessed via the device such as Twitter, Facebook, etc.
  • Recovery of User Lock Codes
  • SIM Card Cloning & Data Extraction
  • Physical Memory (Hex) Dump
  • Phone File System Capture
  • Stored Wi-Fi connections
SIP Network Cell Site Analysis

SIP Specialist has been conducting Cell Site Analysis (CSA) for a number of years and has expert witnesses in this field. CSA involves reconstructing the physical movements of a mobile telephone or telecommunication device and is widely used in criminal prosecution cases. The evidence produced is a powerful tool in attributing contact between individuals, proximity to a scene of crime, patterns of movement of suspects, and testing the strength of alibi evidence.

SIP equally conducts Cell Site Analysis in Defence cases, either to use as supportive evidence that a suspect or defendant was at another location and/or to challenge the evidence contained in the CSA report submitted by the prosecution’s expert witness. To this end SIP CSA reports have successfully demonstrated that the calculations in the prosecutions report have been inaccurate and or other information within it is misleading and cannot be relied upon.

SIP Cell Site Analysis involves trail drives and static measurements being carried out around a specific route that is applicable to the case; often the suspect’s home/business address, places frequented or across an entire postal-code area. The trail drives measure actual mast coverage (radio frequency propagation) utilising sophisticated radio signal data assessments for accurate positioning – confirmed via satellite triangulation – powerful expert analytical tools.

The information gathered from the trail drives is then incorporated into software to produce detailed coverage maps, where the ‘spheres of service’ and ‘field strength surveys’ for individual cell sites are illustrated in graphical form.

SIP acknowledges that many companies have their own in-house IT security but as this is a very specialist area it is advisable to have an independent evaluation in the interest of long-term security.

A recent government survey highlighted this fact, i.e. “Smaller businesses assign management of insider attacks to the IT department, most likely because they lack an information security function. We found for instance, that only 20% of small companies rely on a security function to handle insider attacks, compared with 62% of large organizations. That means it’s very likely that companies with 500 employees or fewer may have only one person responsible for managing information security and IT.” This therefore makes them extremely vulnerable to attack.

SIP conduct comprehensive IT security audits, including network infrastructure, systems servers operated, third party access, exchange (email), work station/laptop security, penetration test, as well as other areas which may be appropriate once an evaluation of your IT system has been made by SIP

SIP’s IT personnel have security clearance and are ex- GCHQ, NATO, New Scotland Yard Computer Crime Department or other similar body. They are experienced in identifying email and IT security weaknesses as well as any former breaches of security that may have occurred.

IT Intrusion Detection Systems

With an ever-increasing reliance on Internet, intranet and extranet access, there is a rapidly increasing role for Intrusion Detection Technologies in enterprise wide security architecture.

With the rapidly expanding number of potential solutions available, SIP can provide vendor independent, impartial advice on all aspects of Intrusion Detection Systems (IDS) including:

  • Purchase of the correct products
  • Identification of key areas, networks and systems requiring protection
  • Siting of selected products
  • Application configuration
  • Monitoring and Incident Response
IT Incident Handling

High Technology Investigations are a skilful art requiring experience, knowledge, resources and subtlety. Unfortunately, many organisations have found themselves the victims of systems or communications tampering, information warfare, sabotage, fraud or other forms of computer misuse.

When incidents like these occur, there can be confusion or conjecture as to why or how it happened and what to do about it. Breaches of security need a methodical approach with the ability to:-

  • Understand the extent of an incident
  • Protect the systems, the networks and their ability to continue operating as intended
  • Protect systems and data
  • Understand what happened and advise accordingly
  • Collect accurate information without which you may inadvertently compromise your systems further
  • Assist with investigations to the appropriate legal standard
IT Penetration Testing

SIP has been undertaking investigations into computer misuse and major fraud for upwards of fifteen years. SIP has access to the latest technologies and methods in forensic examination and investigation techniques by working to the highest level of proof and evidence. SIP’s experience is available to support you and your organisation.

Independent testing of systems has an important part to play in verifying the continued effectiveness of IT security arrangements. The very nature of this form of active testing needs to be carried out under controlled conditions by competent personnel.

Systems vary considerably as a result of the differences in operating platforms within their configuration. As a consequence, testers need to apply procedures with an appropriate degree of rationale and common sense and not rely on a number of automated packages to provide the answers. The reviews SIP submits to its clients are accurate, concise and come with a ‘jargon free’ management summary. SIP’s recommendations are realistic, cost effective and user friendly.

Firewall Installation

SIP can provide vendor independent, impartial advice and solutions on all aspects of Firewalls, including:-

  • Security Policy Development – The firewall policy defines the application, services, systems and users that are allowed and denied access through the firewall. The firewall policy also defines the user authentication methods and protects systems within the internal networks and on DMZ networks.
  • Installation, Configuration, Testing and Documenting – SIP will install the firewall and configure the system to enforce the Firewall Security Policy. In addition, the configuration will be clearly documented and tested for network communications to ensure compliance with policy.
  • Administration Training – SIP will also provide administrators with hands-on training to enable them to perform the day-to-day management and maintenance administration of the firewall. Topics include System Architecture, configuration files, policy developments, log analysis, maintenance duties and maintenance and management services.

SIP can provide both on-site and remote firewall managements services, which are tailored to meet a client’s specific requirements.

Virtual Private Networks

SIP can help an organisation to safely, easily and cost effectively use the Internet for secure communications between individuals or sites. Using the highest levels of authentication protocols, data integrity protections and encryption algorithms, modern VPN solutions offer new benefits along with cost reductions.

SIP’s expertise in information security solutions enable it to:-

  • Develop and implement a comprehensive Virtual Private Network strategy for an organisation both in UNIX and Windows NT environments
  • Analyse and assess local and/or remote network topology and security requirements
  • Define remote access policies, user access and encryption levels for the VPN
  • Prepare a comprehensive VPN solution and integration with all elements of network topology

Plus VPN Solutions – Connectivity with security for:-

  • Branch offices
  • LAN to LAM communications
  • Travelling employees
  • Remote dial-in from any location
  • Outside consultants
  • Full authentication with dial-in or high speed lines
  • Business partners
  • Secure Extranet solutions
IT Alert Service for Corporate Clients

SIP can provide a dedicated alert service, which has been specifically designed to drastically reduce the burden on system administrators, and those tasked with keeping networks secure.

Up-to-date information is provided as per requirements, directly to those in an organisation who need it. Where applicable, the information will include:-

  • Level of risk assessment, details of systems affected, type of exploit
  • Recommendations on how best to resolve issues within your environment

SIP, unlike the majority of its competitors, has the unique capabilities and expertise to design and develop cyber labs for Government Departments & Law Enforcement worldwide. Further information is available subject to verification of the identity of an enquirer.

In addition to Government & Law Enforcement, SIP can design and develop less intrusive cyber labs for DEFENSIVE purposes based on government guidelines that will benefit banks & other financial entities, corporations etc.

Subject to requirements the cyber lab can also prove advantageous for gaining public available information that is available on the Internet. This can prove to be a valuable tool for competitive intelligence, carrying out due-diligence for compliance, investment, capital market & risk control, etc. It will be programmed with ‘intelligent investigative software’ capable of trawling the worldwide web and covering in excess of 2,000 search engines. As the majority of SIP’s due-diligence searches are worldwide, cyber lab has the capability to include all languages, including, but not limited to, those in Unicode Arabic Script, using the Cyrillic Alphabet and logograms as used by the Chinese and several other Asian Countries.

Selective keywords and/or phrases can be created into a dictionary applicable to the information sought. The software gathers all the information available on the worldwide web, including but not limited to, news and social media, forums and blog sites, new and archived data, any diplomatic communications that have been leaked to the public domain, information held by governments, quangos, etc. The system then analyses the data gathered which can then be reviewed to remove any false positives.

Once the cyber lab has been developed SIP provides a training programme to enable the clients’ own personnel to operate the cyber lab so that alerts, searches etc. can be dealt with in-house. Needless to say SIP also provides long-term maintenance and software updates to keep up-to-date with technology and potential threats.