Shortcut (LNK) Files

Shortcut files, also known as LNK files, are created by windows automatically whenever a user opens a file. They allow the operating system to quickly and securely access a file. In some cases a LNK file is created by the user for quick access to a location. A LNK file contains metadata that can then …

Dates and Times

When sifting through the evidence of USB devices on a machine, an important factor is identifying when each device was used. This is a key part of putting a user behind the keyboard or when we need to be able to correlate the USB activity to other personally identifying activity on the device. The first …

Browser Usage

Forensic analysis of web browsers can uncover a large range of artifacts that can be used in both forensic and incident response investigations. These artifacts can include search history, webpage history, downloaded files, auto-complete data, saved passwords and cached web pages. Some examples of evidence that can be found when analysing the artifacts of a …

Account Usage

Account usage can tell us a lot about a users activity while using a computer. This can include everything from when the user last logged in to when they last changed their password or used a remote access tool. When conducting a forensic or incident response, we look look for a range of evidence related …

Program Execution

User activity will almost always leave behind a trace. As most files require the launching of a ‘program’ to view the contents, it is useful to examine computer systems for artefacts of program execution. This type of artefact is increasingly proving to be useful when responding to cyber attacks, as each cybercriminal group tends to …

File Download

In both incident response and forensic investigations, artifacts related to downloaded files can be a valuable source of evidence. In both cases, we often find key evidence including: The name and size of downloaded filesThe website from which the files were downloadedWhen downloaded files are attachments to an email, the tool used for sending the …

External Device Usage

There are many different types of external storage devices that can be connected to a computer system, but based on our extensive experience of conducting forensic examinations, by far the most common type of device is the common Universal Serial Bus (USB) drive. Coming in many shapes and sizes, you can purchase a USB device …

Cartel Criminalisation and Electronic Document Reviews

A cartel is where two or more businesses agree not to compete with each other. Examples of conduct include price fixing, allocating markets, rigging bids or restricting output of goods and services. Starting 8 April 2021, new law means that cartel conduct could be punished with up to 7 years' imprisonment. Given the increasingly serious …

Investigation requiring forensic standard electronic document review

Using Nuix, Incident Response Solutions processed 6 TB of data and provided contracted investigators with the ability to review millions of unstructured records for evidence of wrongdoing A large New Zealand company needed to investigate an employment matter. Allegations had been made in relation to misconduct by past and present employees. They determined that relevant …