AccessData offers advance forensic analysis of computers, mobile devices and network communications, delivering a comprehensive view into exactly what happened and who was involved. Our services experts have extensive experience investigating criminal and civil matters, as well as data theft, fraud and other employee malfeasance issues. Because we perform integrated analysis, correlating host data with network traffic data, AccessData Professional Services can retrace and monitor a suspect’s steps, including the use of removable media, as well as social media and chat applications.

AccessData experts have assisted organizations of all sizes in exposing and investigating a variety of criminal and malicious activities, including the following:

  • Financial and other confidential databases being tampered with
  • An employee using a company laptop on public Wi-Fi to email confidential information from his web mail
  • Confidential and classified data being chatted outside the organization
  • Sensitive files being copied to removable media
  • Incriminating files and emails that have been deleted and even partially overwritten
  • Whether a file or entire hard drive had been wiped
  • Malicious binaries on a network
  • Employees accessing pornographic content
  • Employee collusion by monitoring network communications and email
  • Anomalous spikes in network activity, uncovering after-hours access to sensitive data
  • And more…

The Analysis Capabilities of AccessData Technology

Fastest Forensic Processing

We have clients who can complete comprehensive forensic processing of a terabyte of complex data in 12 hours, using FTK. Although processing speeds are also dependent on the hardware being leveraged, FTK delivers distributed processing, allowing us to divide case load among 4 processing workers. In addition, our Lab solution allows us to expand distributed processing for even greater speed. Our ability to dramatically reduce processing time streamlines your investigation. With this processing power, we can take on a massive investigation with terabytes of acquired evidence and begin analysis faster than any other service provider.

Apple® OS Support

  • Process B-Trees attributes for metadata
  • PLIST support
  • SQLite database support
  • Apple DMG and DD_DMG disk image support
  • JSON file support

Unsurpassed Memory/Volatile Analysis

  • Supports 32-bit and 64-bit Windows® OS
  • Comprehensive analysis of volatile data
  • Static RAM analysis from an image or against a live system
  • Enumerate all running processes, including those hidden by rootkits, and display associated DLLs, network sockets and handles in context.
  • Dump a process and associated DLLs for further analysis in third-party tools.
  • Memory string search allows you to identify hits in memory and automatically map them back to a given process, DLL or piece of unallocated space and dump the corresponding item.
  • FTK 4 now provides VAD tree analysis and exposes registry artifacts in memory and will parse and display handle information from memory.

Learn More about FTK Analysis Capabilities.

Network Forensics with the SilentRunner® Solution

  • Using interactive graphical representations illustrating propagation, we can efficiently analyze users, hosts, domains, applications, protocols and addresses — detecting changes or abnormalities from established network baselines.
  • Advanced visualization tools allow us to create a picture of communication flows to expose anomalies, illegal connections and security and network problems.
  • We build “integrated maps” of specific assets or users across various geographical locations to see after-hours usage spikes and to map virus/worm or confidential data spill proliferation.
  • On-demand playback allows us to conduct post-event analysis and reconstruct events in their exact sequence to immediately uncover the complete picture of activity around the time a suspicious event occurred.
  • We can show you which websites are being visited, emails, chats and social media content.

Mobile Device Analysis

  • Supports 3500+ mobile devices.
  • Physical and logical acquisition of iPhone® (both CDMA and GSM), iPad® and iPod Touch®, without jail breaking the iOS device.
  • Acquire physical and logical data simultaneously, without the need for iTunes®.
  • Logical viewing and image acquisition of Android™, Windows Mobile® and Blackberry® devices to include device file systems
  • Full user data Extraction from Rooted Android® devices
  • On-the-fly decryption of the operating system and logical data on iOS devices.
  • SIM and USIM support, with Forensic SIM cloner to allow phone processing without altering data.
  • Carve data for embedded phone-specific data.
  • File systems on supported phones are immediately viewable and can be parsed in MPE+ to locate lock code, EXIF and any data contained in the mobile phone’s file system.

Learn more about mobile device analysis with MPE+.