Despite precautions, it is possible for security incidents or system compromises to occur.
Security incidents can originate from a number of sources including internal employees or motivated external attackers. An immediate response is necessary when dealing with either an internal or external hazard to any systems and an organised and controlled reaction to an incident can mean the difference between complete recovery and total disaster.
IRM's computer forensics experts routinely access IT systems and networks to recover data and determine whether it has been tampered with, damaged or deleted. Once seized, the data is imaged and examined using the specific guidelines approved by the Association of Chief Police Officers (ACPO). This process is strictly documented and IRM always maintains the integrity of the data extracted so that it can be utilised in the event of legal action.
IRM forensic examiners have experience in managing various scenarios and dealing with diverse types of digital evidence. We have expertise in retrieving, handling and analysing evidence from many devices which include:
- Servers, desktops and laptops.
- Backup media.
- Portable storage media (USB devices, Zip drives).
- PDAs and mobile phones.
- Digital cameras.
- Network traffic and email communications.
IRM's forensic services can be used to provide expert assistance with external and internal incidents relating to:
- Data recovery.
- Fraud investigations.
- Violation of corporate policy (e.g. data theft, internet usage, discrimination).
- Employment tribunals and legal proceedings.
- Child pornography.