• Software Products
  • Internet Security
    • Typhon III
    • DominoScan II
    • OraScan
    • NGSSniff
  • Database Security
    • NGS Auditor
    • NGSSQuirreL for SQL Server
    • NGSSQuirreL for Oracle
    • NGSSQuirreL for DB2
    • NGSSQuirreL for Sybase ASE
    • NGSSQuirreL for Informix
    • NGSSQLCrack
  • Software Partners
• Testing Consultancy Services
  • Testing & Assessment
    • Penetration Testing
    • Infrastructure Assessment
    • Application Assessment
    • Cryptology Evaluation
    • Blackberry Assessment
    • PCI Assessment
    • Wireless Assessment
  • Design & Response
    • War Dialling
    • Secure Coding
    • Security Design
    • Security Response
  • SDL Consultancy
    • SDL Frequently Asked Questions
• Forensic Investigation
• Security Training
  • Web Application (In)Security
  • Advanced Database Security Assessment
  • Network and Infrastructure Security
• Research

Forensic Services

We have one of the strongest teams of forensic consultants in the UK market.

Our consultants have Government security clearance and have advised organisations on many technical aspects of evidence retrieval and preservation.

Our services in this area can be broadly categorised into four main areas:

• Security Incident Response Services (Breach Investigation)
• Legal Support Services (Computer Misuse, E-Discovery, Expert Witness)
• Malware Investigation
• Credit Card Fraud Service

Security Incident Response

We provide investigative and advisory services in the aftermath of a security incident. This typically involves a combination of evidence protection, forensically sound investigation to determine how the breach occurred and if possible, identifi cation of those who may be responsible.

Within 24 hours we will provide on-the-spot advice on how best to deal with a breach at the point of discovery.

Sometimes clients wish to fi nd out how a security event occurred, with the aim of understanding the infrastructure vulnerabilities or the weaknesses in process which led to a breach, so that they can help prevent future incidents.

Whilst these cases do not typically reach court, they draw upon the same unique skill-set of the forensic investigator and can support any subsequent legal proceedings.

Our methodology is as follows:

Incident Identification & Assessment: This involves onsite investigation of the suspected systems to determine if a compromise has occurred. Careful attention is given to the protection of potential evidence chains and all examination of systems is done using non-intrusive methods where feasible. Where the customer has no existing incident response policies and procedures we will provide a severity assessment and create an incident log.

Recovery of evidence: We use certifi ed imaging equipment to take a forensically sound image of any disks on affected systems.

Investigation of Causes: We use industry standard tools such as EnCase and Forensic Toolkit to undertake investigations on copies of the evidential images. All work is undertaken in our ISO27001 labs where evidential integrity is maintained at all times.

Legal Support Services

Computer Misuse These services typically involve the investigation of a particular member of staff and their abuse/misuse of company resources. During such investigations, our consultants analyse data on devices in order to detect and secure evidence of the misuse. Throughout the process we follow ACPO (Association of Chief Police Offi cers) guidelines to ensure the admissibility of any evidence gathered.

E-Discovery

Our E-Discovery offering is specifically aimed at large enterprise clients & legal firms. We have a specialised team of forensic investigators who are experts in the use of secure imaging tools and procedures and the use of highly specialised software which will rapidly sift through huge volumes of ESI (Electronically Stored Information) in search of keywords, date ranges or file hashes. NGS Forensics utilises Clearwell Systems technology as its primary Early Case Assessment and review platform.

The Clearwell E-Disclosure Platform is recognised among the legal technology industry’s best. The market leaders in Early Case Assessment, Clearwell Systems is transforming the way enterprises and law firms perform electronic disclosure (e-disclosure) in response to litigation, regulatory inquiries, and internal investigations. The Clearwell E-Disclosure Platform automates the processing, analysis, review, and production phases of e-disclosure via a single, integrated product.

We are able to offer hosted review services using the Clearwell platform which allows your team to work through the culled data remotely, flagging items in accordance with your specific case requirements. Responsive documents may also be redacted or highlighted as required.

Recovering data from SAN/NAS systems, email servers, archive data sources, mobile devices and even desktop storage, we are able to find, filter, categorise and present the data in a manner which is easily reviewed by in-house legal staff or an external review team and fully complies with legal requirements. Again, these services are typically backed-up by our Expert Witness consultancy.

Expert Witness Services

Where such an investigation leads to or supports a court case our team have the expertise and rigour of process to act as an Expert Witness.

Often preceded by one of our other forensic services, our Expert Witness Services draw upon the skills of a core team of Information Security specialists. Several of the team members are registered members of the UK Register of Expert Witnesses.

Having gathered evidence in a manner compliant with ACPO guidelines, our highly skilled Expert Witness will have the qualifi cations, the experience, and crucially, the gravitas to present evidence to court.

Malware Investigation

Following the significant increase in malware incidents we have implemented a systematic investigative approach to the detection and removal of malware from our customer’s networks.

As one of the organisations listed by the Security Service as able to assist in malware investigations we have a proven methodology in determining an organisation’s exposure to such a targeted malware attack.

The methodology has already been put to use in assignments since 2007 and is a tried and tested way of ensuring your exposure and/or continued exposure is limited.

We can also provide advice and support on remediation where attacks are confi rmed as well as liaise with any authorities where appropriate.

Credit Card Fraud

Contractual obligations have been introduced by the 5 card brands that sponsor the PCI Data Security Standards (PCI DSS) upon any organisation receiving credit card payments via the web, telephone and in stores. The PCI DSS requires merchants & service providers to undergo a series of reviews with regard to its systems which handle customer credit card information.

Our large pool of PCI QSAs are experienced in undertaking investigations into security breaches pertaining to the PCI Data Security Standard. We can assist a card scheme member with their enquiry into an account data compromise and follow Visa Europe’s guidelines and scope for forensic investigation and utilise Visa Europe’s incident report template.

Using a combination of the above services we will respond to an incident and undertake all necessary investigation/liaison with acquirers and card brands. This will include but not be limited to:

• Providing on and off site Forensics support in the event of suspected breaches
• Providing next day on-site forensics support using specialist resources to investigate and confirm any breach or possible breach, and assist in short term remediation
• Providing on-site forensics support with use of correct procedures regarding seizing & securing assets in line with best practice for possible evidential use
• Providing independent expert witness advice, support and attendance at court where required

Copyright © NCC Group 2006 - 2009 | All Rights Reserved Home | Sitemap | Terms and Conditions