±Forensic Focus Partners
New Today: 1
New Yesterday: 2
±Follow Forensic Focus
· DFRWS Europe 2015 Annual Conference – Recap
· DFRWS EU 2015 – Dublin 23rd – 26th March
· SQLite Database Forensics – ‘Sleep Cycle’ Case Study
· Data Recovery As A Medium For Email Forensics
· Carving out the Difference between Computer Forensics and E-Discovery
· Forensic Analysis of SQLite Databases: Free Lists, Write Ahead Log, Unallocated Space and Carving
· How Secure Is Your Password? A Friendly Advice from a Company That Breaks Passwords
· Using SQL as a date/time conversion tool
· Forensics and Bitcoin
InterviewsBack to top Back to main Skip to menu
Andrew Krauze, Managing Director, CCL
CCL came across the original Fujitsu machine by accident; it was initially built as a desktop super-computer for the gaming industry and was, pound for pound, extraordinarily powerful and reliable.
We had scoured the marketplace for forensic machines. What we found was that large IT manufacturers had tried to develop suitable forensic machines which were simply not good enough. Some smaller resellers had built machines, but without access to the technology that the large IT manufacturers have, nor the global support.
A forensic workstation needs to be powerful but affordable, reliable so it doesn’t risk breaking down in the middle of cases and quiet enough to sit on a practitioner’s desk without causing disruption.
Seeing an opportunity, I approached Fujitsu. There are currently around 60,000 digital forensic practitioners globally, who work on a three year replenishment cycle for workstations. Many of these have multiple machines. Fujitsu embraced this and together we sat down and developed the Celsius R920 range. There were only minor amends needed to get the workstation ready to market, the addition of a write blocker and additional hot swap bays made it the perfect forensic machine.
Working with a global brand like Fujitsu means we are able to offer a five year warranty on our workstations in most locations across the globe, eliminating the risk of parts being discontinued. We have considered the end users throughout the whole process, and this is reflected in the end product.
Fujitsu are about to launch the R930, which will see improved processing capabilities to support the increasing demands of practitioners and the ever-expanding volumes of data.
Tell us about the software CCL creates. What specific digital challenges faced by forensic examiners are you trying to address?
The main challenge is data, data and more data…
Whether it’s law enforcement, corporates, legal firms or barristers, large volumes of data need to be presented in a digestible, logical and understandable manner. Especially when data is taken from multiple devices, the requirement to identify associations and bring focus to the investigation is imperative.
Our R&D team are all former Forensic Analysts, and are still very much on the ‘front line’; because of this they are all acutely aware of the challenges faced by analysts during an examination, and this informs the software we develop internally. Our software debut was epilog, which was the first commercial piece of software to recover deleted data from the ubiquitous database format, SQLite, in such a flexible way.
This was born directly from seeing the increasing number of smartphones using this database format coming through our doors, and a perceived gap in the capability and flexibility of the tools which were currently available. We’ve continued in this vein, aiming to create tools which perform a particular task without hiding any of the power or flexibility from the user. We also have an ever growing internal repository of scripts (over 4,000), which our analysts use during casework. These deal with specific tasks, such as presenting data from individual smartphone apps.
In the last 18 months CCL has also formed partnerships with a number of other forensic software companies in the spheres of e-disclosure, social media, early case assessment and triage, and we’re working with these companies to pair their products with customers in the UK.
The growing amount of data also means that cyber and white collar crime is on the increase. Around two to three generations have now grown up with IT, and there are more skills to manipulate and hide data in plain sight with encryptions, passwords and technologies like ‘Dark Net’.
Your First Response Training programme looks into several areas of digital forensic investigation, including providing an overview of what digital forensics is and how to handle digital evidence. Whom is your training aimed at specifically, and what knowledge and skills does it focus on?
CCL’s First Response courses are aimed at corporates and local government; especially companies who operate under strict external compliance where they actively need to show they have policies and procedures in place to react to an investigation or incident.
The training is suitable for anyone within these organisations who would be involved in a digital investigation, from IT and HR, to Internal Audit or Risk and Compliance departments.
Our course covers what to do in the first instance of an investigation, including seizure of devices and the process to follow during an investigation to maintain the integrity of evidence.
Whether you want to outsource your requirements to a supplier or set up your own forensic laboratory – CCL can help.
What can we expect from CCL over the next couple of years? Are there any new developments we should be aware of?
Technology development is at the forefront of what we do here at CCL. We are constantly looking at the latest developments that can help us provide better service and value to our customers.
For example, we have recently developed partnerships that allow us to offer a range of social media forensics tools. We have both monitoring and forensic investigation tools. With the growing pace of social media these tools are key to the investigation of many modern day crimes including: serious incidents (murder, assaults, robbery etc.), fraud, counter terrorism, anti-social behaviour, online bullying, live court trials and any major policing events.
As previously mentioned, a common problem for all of our clients - from law enforcement and local authorities to corporates and law firms - is the sheer volume of data that they need to contend with. Whether it’s a criminal investigation, responding to a Freedom of Information or Subject Access request, or disclosing electronic documents as part of a litigation case, this all involves wading through and reviewing a lot of data. This can use up a lot of time and money. We have recently partnered with Nuix and Clearwell, to make use of their industry-leading processing and review platforms, as well as developing our own proprietary mobile review platform, to help our clients deal with large volumes of data from multiple sources quickly and easily. This is going to be a focus for CCL over the next few years.
We are also developing remote forensic tools, to help on-scene investigations, and real-time cyber forensic analysis, as well as furthering developing our consultancy offerings to cover cyber security and forensics. So watch this space!
Andrew Krauze is the Managing Director of CCL, a UK-based independent IT consultancy firm which provides digital forensic solutions for corporate and law enforcement agencies.