Digital Forensics Case Studies

Employee Theft Of Customer Info

Employee theft of customer information

QCC received a call from the worried CEO of a company whose business involved leasing high value items to private individuals. He suspected that his sales director was planning on leaving the company with a copy of the customer database to join a rival start up business. QCC were able co-ordinate with the company solicitors and execute an Anton Pillar civil search and seizure order. This involved QCC’s investigators visiting the new company’s offices and the directors homes and seizing servers, workstations, laptops and other items.

Items identified in the forensics analysis of the seized exhibits included numerous contract templates and other intellectual property created by QCC’s Client as well as their customer data base. QCC analysts were then able to present their findings to the Client’s council, leading to a successful court order limiting the planned new business operation and recovering significant compensation and costs.

Contact us for further advice or return to digital forensics services page.

Website Compromise

Web site compromise

QCC were contacted by a payment processing company and asked to investigate the possible compromise of a web server of a large travel firm. Liaising with the system administrators, QCC technicians were able to forensically gather logs, memory and disk images of the server. QCC analysts were quickly able to identify how the server was compromised, what had been taken and make recommendations to prevent repeated loss of customer data.

Malware Infection Of Servers

Malware infection of servers hosted in Swiss datacentre

QCC were contacted by a Client concerned about the suspected infection of critical servers, based in a datacentre in Switzerland. QCC were able to despatch analysts quickly to the site to perform analysis on the servers. Being located in Switzerland, various local data protection issues had to be addressed and complied with by QCC staff. The servers, running an old version of Red Hat LINUX could not be taken off-line and were configured with significant amounts of attached storage. QCC analysts performed a memory dump on the devices and were able to identify a number of suspicious processes running on the devices. Further analysis back at the QCC labs, enabled the analysts to determine the capabilities of the malware and determine how long it had been operating. QCC advised on the removal of the malware and on the implementation of controls which protect the systems from further cyber breaches.

Contact us for further advice or return to digital forensics services page.

Malware Infection On CEOs Laptop

Suspected malware infection on CEO’s laptop

A CEO had recently travelled to the Far East and was concerned that her laptop may have been compromised by foreign intelligence actors. Using advanced forensic techniques and technical knowledge, QCC forensic experts were able to analyse the laptop and communications traffic from the device and determine that the laptop had indeed been infected with malware. The CEO’s mobile phone was also forensically examined and found to be compromised with spyware. QCC cleaned the devices of all malware and spyware and provided security procedures and training to the Client for any further visits to overseas countries.

Digital Forensics Raid Reconstruction

RAID reconstruction

A Government agency had visited a company as part of an investigation. Unfortunately, while on site the government imaging technician had imaged the company’s file server’s RAID storage a disk at a time and on return to their forensics laboratory was unable to reconstruct the RAID device for forensic analysis. QCC experts were asked to assist and using advanced forensic tools, were eventually able to produce an image of the raid server for analysis.

Contact us for further advice or return to digital forensics services page.

Government Forensics

Government enquiry

A long running Government enquiry was concerned that a computer, used in the enquiry may have been tampered with by an external actor. QCC digital forensics investigators were asked to travel to the enquiry offices covertly and acquire a forensic image of the computer and attempt to determine if the device had been accessed during a specific period in time. On arrival, it was found that the hard drive of the computer had failed and the drive was seized and returned for data recovery. QCC recovered the data and were then able to prove that the computer had been accessed in the time period in question.