Digital forensic investigation
Research capabilities Digital Forensics
Does my organization need a Digital Forensic Survey?
There are several conceivable scenarios in which digital forensics can help. Has your employee leaked business-sensitive information? Do you suspect theft of intellectual property? Would you like to know whether there is a data breach requiring notification? Do you think your company’s been hacked? Is your integrity at stake? Who’s the sender of the blackmail e-mail? These are all questions that NFIR can answer with its digital forensic investigation. Society is digitized to the point that digital evidence can be found of many acts or actions. For example, almost everyone carries a smartphone in their pocket, which tracks and stores more data than you might think. Computers (both work and personal systems) also often contain treasures of information. The digital forensic investigators at NFIR can conduct investigations on all types of data carriers such as computers, phones, USB sticks and external hard drives, as well as mailboxes, digital documents and files. How successful a digital forensic investigation will be depends on the traces still present, as well as the logging on the systems.
How does NFIR work?
Every digital forensic investigation starts with securing digital traces. This is very meticulous work and a prerequisite for forensic investigation. NFIR therefore only works with internationally approved hardware and software. Technical specialists secure traces on digital data carriers (such as hard discs, flash memory and USB sticks) and make a forensic copy, which will be examined. The study always concludes with a report. The four steps of a digital forensic investigation: securing, identify, copying and report.
Project progress
During an intake, we will ask you questions about the situation and what your suspicions are based on in order to get as complete a picture as possible. As a private investigation agency, NFIR will assess on this basis whether you have a so-called legitimate interest in having this investigation carried out. This means that the suspicion must be substantiated and the company’s interest and/or harm must be great enough to violate the privacy of the person who is the subject of the investigation.
If there is a legitimate interest, we will prepare an order confirmation for you that includes the research questions, a plan of action and a cost estimate. After signing, we will start working for you and you will receive regular updates on the progress. After completion of the investigation, a report will follow which will be useful in any legal proceedings.
Certifications
NFIR has POB permit 1672 and is supervised by the Department of Justice and Security. NFIR holds an ISO-27001, ISO-27002 and an ISO-9001 certification. These international ISO standards set requirements for information security, with the aim of ensuring the confidentiality, availability and integrity of data. NFIR has been audited by BSI for implementation and compliance with these standards. With its certification for the ISO-27001 standard, NFIR proves that it deals with data in a careful and confidential manner and that it controls the information processes within the organisation. With the addition of the ISO-9001 certification, NFIR demonstrates our ability to provide the services that meet information security and quality requirements and desires of our customers. Finally, all our investigators hold the yellow pass and we are officially CERT certified.
Multidisciplinary forensic research
In digital investigations, traces and data are collected in a forensic way, which makes it possible to reconstruct what happened. The digital traces will be forensically secured and then analysed. The findings of the forensic investigation are incorporated in a clear report.
You can use our report if you want to go to court. If you want to report to another official body (such as the Data Protection Authority), you can also use this report. NFIR cooperates with tactical investigators, privacy lawyers, bailiffs and agencies such as the Police, the NCSC, the Public Prosecution Service and various international services.
Certification
NFIR holds a POB license and all employees have koprschefgoed approval. In addition, all investigators hold a yellow pass.
Professional approach
DFO trails are conducted according to strict standards and methodologies so that they are legally tenable and can serve as legally valid evidence in court.
Extensive experience
DFO is in our DNA. The DFO team combines deep expertise with a creative approach to get to the bottom of every case. We always find our way to the truth.
Clear and transparent
The reports delivered are clear, transparent and, above all, useful. If anything is unclear, we are always willing to explain our findings.
Digital Forensics & Pentesting
Willem van Oranje Onderwijsgroep
Securing your digital evidence? NFIR is here for you!
Are you dealing with a data breach, cyber incident or suspected fraud? Don’t wait any longer and contact NFIR, the specialist in digital forensics, now. Our certified experts are ready to help you secure and analyze digital evidence so that you can get to the truth and take the right steps.
- Is your reputation at stake? Protect your sensitive information and contact NFIR now for discreet and professional digital forensics.
- Trade secrets at risk? NFIR safeguards your confidentiality and helps you secure digital evidence. Contact us directly.
- Sensitive data leaked? Act quickly and prevent further damage. NFIR offers discreet digital forensics to uncover the truth.
- Integrity of your company in doubt? NFIR’s certified experts discreetly investigate and provide legally valid evidence. Contact us now for a confidential consultation.
Fill out the contact form now and get advice from our experts. Together we will ensure a secure and equitable digital environment.
Or contact NFIR by phone call: 088 323 0205
An awful lot of different types of information can be found through digital forensics. During the intake, NFIR makes an assessment of the possible tracks and then proposes a plan of action appropriate to the situation. Some examples include example traces in metadata of a file, recovery of deleted files or traces in network traffic.
Metadata can be used to determine, among other things, who the author of a document is or, in the case of a photograph, what type of camera the photograph was taken with. The date a file was created or modified can often be found in this as well.
Recovering deleted data does not always work, but in some cases it is possible. This is possible when the used space on the storage medium has not been overwritten with new data after the original data has been deleted.
Network traffic can also be examined; this may reveal anomalies, such as connections to unknown IP addresses, which are then analyzed further.
Important issues here are the sender’s e-mail address and misspellings in the text. There is often urgency in the email (“Do it now, or your debit card will be blocked!”). You are often asked to click on a link; therefore, always check carefully how the link is constructed (moving the mouse over the link without actually clicking on it often reveals the full link). It is also common to find rogue attachments attached to the e-mail. These files can infect your computer with malware as soon as you download and/or try to open them.
Good “basic hygiene” for your systems consists primarily of using common sense. Be aware of the danger that can lurk in connecting to public networks. It is possible for hackers to get between your device and the connection point, effectively communicating with the hacker instead of the WiFi hotspot. Nowadays, this happens less often because hackers are more likely to look for bigger targets, but the possibility still exists. In addition, always make sure you don’t click on links you don’t trust and don’t just download attachments. Finally, it is important to protect your device with a 6-digit PIN, a password of at least 12 characters or a passphrase.
It is important to disconnect from the Internet immediately. DO NOT turn off your computer/server, this may lose important traces in the computer’s volatile memory. In addition, you can call NFIR at the Emergency Response phone number, which is available 24/7: 088 133 0700.