Welcome
Login  |  Register
Thursday, April 24, 2014
  Search

Our phone number 907-338-8188
Give us a call we can help
(907) 338-8188 ph.
(907) 333-5869 fax
Download our Screen Sharing Application

Need to Know

WHAT YOU NEED TO KNOW ABOUT DIGITAL EVIDENCE:

If find yourself in a situation where your recovered data might be relevant in a legal dispute hopefully you have discussed chain of custody and digital data preservation measures with your attorneys and all interested parties.

If you have not already done so you should immediately stop using any workstations and media that may be involved in the dispute to minimize the possibility that evidence will be altered or destroyed. Once a computer or electronic media is imaged it can be safely put back into service so as to minimize the impact on day-to-day business operations.

Services we Provide

If you have a technology-related problem chances are we can help you. Over the years we've seen just about everything, try to stump us! Below are just a few of the services we provide to clients on a daily basis!

  • Technobabble Translation
  • Executive Computer Training
  • Computer System Design
  • Purchasing Advice
  • Accounting System Support
  • Network Design and Support
  • Computer Upgrades & Repairs
  • Custom Programming
  • Database work
  • Conversion
  • Data Recovery
  • Computer Forensics
  • Web Design
  • Internet Commerce Service
  • Wide Area Networking
  • Systems Security
  • Disaster planning
  • Custom Computer Controlled Devices

 

We Offer Forensic Computer Services

 

 

The techniques that we use to collect electronic evidence are court tested. We take every precaution to ensure that the data is collected and stored in a manner that maintains the integrity of the information on the computer.

We have been doing computer investigations , data recovery and consulting continually since 1992.  In the modern world it is becoming common for important documents to be stored and distributed digitally. When a dispute arises it can be helpful to have assistance with locating and authenticating such documents and perhaps creating a time line.

Bright Solutions Inc has assisted with collection and  analysis of digital evidence relating to a wide range of Legal cases.

 

We have done relevant work with the police, the Army and the Airforce as well as  state and federal public defender agencies. Over time we have assisted with analysis of digital evidence relating to a wide range of cases such as:

  • corporate espionage
  • suspicious spouses
  • sexual abuse of a minor
  • internal affairs ( within the federal court system and police department)
  • sexual harassment in the workplace
  • partnership disputes
  • distribution of child pornography
  • murder

We secure and analyze “Bit for Bit“ digital Images of workstations and other digital media that may become part of a legal dispute, review those images for details that may be relevant to the situation and presenting an interpretation of the findings to interested parties.

The forensic examiner must not make any changes to the data that is being collected, must store several copies of the collected data in a way that can prove the chain of custody/integrity of the evidence and must be able to interpret and present the collected information to answer the questions that the court needs to have addressed.

Bright Solutions  became a member of
International Information Systems Forensics Association in 2005.

You are probably wondering about some of the other clients we have helped. Several clients we have performed similar services to what you are likely to need are listed below. We have included references for your convenience.

 

Public Defender Agency (anchorage)

 Doug Moody / Rich Norgard /Margie  Mock /Cindy Brewster

Public Defender (Palmer)

Josh Fannon

Mark Bledsoe Attorney

Mark Bledsoe Attorney

Hughes Bauman Pfiffner Gorski  & Seedorf

Jimmy White / Kimberlee  Colbo

Tern Technologies

Marty Kruger / Tim Kincade

Central Bering Sea fishermans association

Roger Debrock Attorney

Alaska Pacific University

Dr Ted Munch

Anchorage Police Department (internal affairs investigation)

Carmin L. Gutierrez / Mike Braddock

State Troopers (computer and financial crime unit)

Curtis Harris

St. Paul Department of Public Safety

Anita Stewart

Yakutat Department of Public Safety

Chief John Nichols

State of Alaska

Department of Public Safety

Scientific Crime Detection Laboratory

Jeanne Swartz / Chris Beheim /George Taft / Karen Tabios

 

 

Computer Forensic Resources

 

  • Netintercept
     
  • Forensics and Incident Response bootable Linux CDs
    • You probably allready know KNOPPIX. The bootable CD with a collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. Knoppix STD (STD: Security Tools Distribution) is a special security tools distribution with lots of forensic tools.
    • F.I.R.E Forensic and Incident Response Environment Bootable CD (known as biatchux) out of maintenance!
    • F.I.R.E. enhancements
    • Helix is a customized distribution of the Knoppix Live Linux CD
    • The Penguin Sleuth Kit Bootable CD
    • Trinux
    • Plan-B
    • PHLAK Professional Hackers Linux Assault Kit (well, not a special forensics distro -) )
    • Local Area Security Linux
    • LNX-BBC
    • INSERT (Inside Security Rescue Toolkit)
    • FCCU GNU/Linux Forensic Boot CD from the Belgian Police Computer Crime Unit
    • Farmer’s Boot CD
  • Computer Forensics Software
    • Statically Stripped Incident Response and Forensic Binaries
    • Free Forensic Tools from NTI (New Technologies Inc.), Free Law Enforcement Suite
    • Alphabetical List of Computer Forensics Products
    • Forensic Software Sources
    • ResponseKits First Aid Kits for Unix & Windows
    • EnCase Forensic Solutions
    • ListDLLs is able to show you the full path names of loaded modules
    • Handle is a utility that displays information about open handles for any process in the system.
    • PsList is utility that shows you a combination of the information obtainable individually with pmon and pstat. You can view process CPU and memory information, or thread statistics.
    • Procdmp.pl is a script the correlates the output of several commands that are usually run during incident response activities.
    • dd for Windows
    • cryptcat = netcat encryption
    • Forensic Tools and Utilities
    • Recover is a utility which automates some steps as described in the Ext2fs-Undeletion howto in order to recover a lost file
    • e2undel is an interactive console tool that recovers the data of deleted files on an ext2 file system under Linux
    • mac-robber is a forensics and incident response program that collects Modified, Access, and Change (MAC) times from files.
    • mac_daddy MAC Time collector for forensic incident response. This toolset is a modified version of the two programs tree.pl and mactime from the Coroner’s Toolkit. This program is portable and can be run directly from a floppy or a cdrom with a perl interpreter.
    • The Coroner’s Toolkit TCT is a collection of programs by Dan Farmer and Wietse Venema for a post-mortem analysis of a UNIX system after break-in
    • Computer Forensics Software TCTUTILs is a collection of utilities that adds functionality to The Coroners Toolkit and the Autopsy Forensic Browser
    • The Autopsy Forensic Browser is a graphical interface to utilities found in The Coroners Toolkit (TCT) and TCTUTILs. It allows drive images to be analyzed at a file, block, and inode level. It also allows easy searches for strings in images.
    • New Versions: The @stake Sleuth Kit (TASK) and Autopsy Forensic Browser
    • pdd (Palm dd) is a Windows-based tool for for memory imaging and forensic acquisition of data from the Palm OS family of PDAs. pdd will preserve the crime scene by obtaining a bit-for-bit image or “snapshot” of the Palm device’s memory contents. Such data can be used by forensic investigators, incident response teams, and criminal and civil prosecutors.
    • foremost automatic file recovering
    • ILook Investigator a forensic analysis tool
    • Streak - the secure forensic imaging tool
    • md5deep is a cross-platform program to compute MD5 message digests on an arbitrary number of files with the following features: Recursive operation, Time estimation and Comparison mode
    • SectorSpy is a forensics analysis and text data recovery tool for computer hard drives and diskettes
    • Win32 First Responder’s Analyzer Tookit is a batch file developed on a SecurityFocus article highlighting the use of simple scripts on Windows32 platforms to perform basic security tasks. This script uses various Windows and 3rd Party tools to provide an effective forensic snapshot of your computer.
    • PenguinBackup formerly known as “The PalmPilot single-floppy backup system”
    • FTimes is a system baselining and evidence collection tool. The primary purpose of FTimes is to gather and/or develop information about specified directories and files in a manner conducive to intrusion analysis.
    • HashDig technology is a collection of utilities designed to help practitioners automate the process of resolving MD5 hashes.
    • IEHist dumps Internet Explorer history from index.dat files into delimited files suitable for import into other tools.
    • Data recovery tools
    • LADS - List Alternate DataStreams
    • ASR Data - Computer Forensic Tools (SMART)
    • PLAC (Portable Linux Auditing CD) is a business card sized bootable cdrom running linux. It has network auditing, disk recovery, and forensic analysis tools.
    • Forensic Acquisition Utilities
    • DCFL-DD - (an enhanced dd with MD5 hashing)
    • Fatback- undelete files from FAT filesystems
    • odessa “Open Digital Evidence Search and Seizure Architecture”
    • Disk Investigator. Who needs another one?
    • Perl Script to find Alternate Data Streams on NTFS
    • FileDisk is a virtual disk driver for Windows NT/2000/XP that uses one or more files to emulate physical disks. A console application is included that let you dynamically mount and unmount files. With FileDisk you can mount forensic dd-images read only for further analysis.
    • Evidor is a particularly easy and convenient way for any investigator to find and gather digital evidence on computer media.
    • WinHex is a universal hexadecimal editor, particularly helpful in the realm of computer forensics, data recovery, low-level data processing
    • Paraben’s E-Mail examiner supports many mailbox formats
    • NT registry filesystem for linux
    • PropertiesPlus can modify file attributes, file extensions, and the time stamps of single files, multiple files, or files contained within the folders and display the bytes allocated
    • Antiword for reading ascii content of world files
    • Metadata Assistant: Finding hidden data in word and excel files
    • Mount Image Pro is a tool for Computer Forensic investigations. It enables you to mount ENCASE®, Unix DD, or SMART forensic images as a drive letter on your file system.
    • Like dd, dd_rescue does copy data from one file or block device to another.
    • AIR - Automated Image and Restore
    • chaosreader can trace TCP or UDP sessions and fetch application data from tcpdump or snoop logs
    • cryogenic freezes the process state of a running system
    • faust (File AUdit Security Toolkit) is a perl script that helps to bash scripts and elf binaries
    • FLAG Forensic and Log Analysis GUI
    • FileSystem Investigator (fstools) is a platform independent file system viewer and data extraction tool written in Java
    • PDASeizure is a comprehensive tool that allows PDA (PocketPC, PalmOS and Blackberry!) data to be acquired, viewed, and reported.
    • File Date Time Extractor
    • MailNavigator allows to read multiple Mailbox file formats
    • Protected Storage Explorer is a freeware utility which allows you to view the protected storage in Windows 2000, Windows XP and Windows 2003 in an ‘explorer style’ fashion.
    • CD/DVD Inspector is for forensic analysis, recovery and reporting for forensic and law enforcement use.
    • accuhash for calculating checksumms
    • rda (Remote Data Acquisition utility) is a command line Linux tool to remotely acquire data (like disk cloning or disk/partition imaging) and verify the transfer using md5 and/or crc32 checksums
    • .dat-viewer for analyzing Kazaa Traces
    • DataLifter contains 10 tools to assist with Computer Forensics, Information Auditing, Information Security and Data Recovery.
    • Sterilize sterilizes the media to be used for working / examination copies.
    • TestDisk: Tool to check and undelete partition
    • X-Ways Forensics. Must have tool if you rely on windows
    • Ext2IFS mounting ext2 and ext3 volumes under windows r/w
    • pmdump.exe is a tool that dumps memory for a specified process to a file (as opposed to tools like memdump and dd which dump all of the RAM at once). It is useful for analysing things that might store hidden information in memory (for example, Bots, Trojan horses or VPN clients, email clients, and instant-messaging applications).
    • UndeleteSMS if you have to undelete Short Text Messages (SMS) from SIM cards
    • Web Historian assists users in reviewing websites (URLs) that are stored in the history files of the most commonly used browsers.
    • misc Computer Forensics Software for Criminal Investigators and Consumers from Robware.com
    • CDRoller is a powerful toolset for CD/DVD data recovery.
    • SilentRunners checks a windows system for trojans and other malicous software
    • Paraben Forensics cell phone and SIM card investigation toolbox
    • Windows Forensics and Incident Recovery: The First Responder Utility (FRU)
    • Windows Forensic Toolchest (WFT)
    • tcpxtract is a tool for extracting files from network traffic based on file signatures.
    • Mount Image Pro is a tool for Computer Forensics investigations. It enables the mounting of EnCase, Unix DD or SMART forensic images as a drive letter on your Windows.
    • Scalpel is a fast file carver that reads a database of header and footer definitions and extracts matching files from a set of image files or raw device files.
    • Unmask is a demonstration of how to fingerprint users based only on their emails or IRC postings.
    • ptfinder.pl from Andreas Schuster is a Perl script that parses through a dump of Windows physical memory searching for the different structures
    • Memory forensics tools from trapkit.de: Process Dumper allows you to make a dump of a running process and Memory Parser can be used to analyse process dumps made with pd.
    • Live View is a graphical forensics tool that creates a VMware virtual machine out of a raw (dd-style) disk image or physical disk.
    • MacForensicsLab is a complete suite of forensics and analysis tools.
    • TULP2G is a free program helps to examine cell phones and SIM cards.
    • Volatools enables one to analyze memory dumps in raw (or dd) format for performing digital investigations on volatile memory images.
  • The Honeynet Project To learn the tools, tactics, and motives of the blackhat community, and share those lessons learned.

    Intrusion Detection Systems

    some IDS tools

  • Windows NT Intruder Detection Checklist from CERT/CC
  • Intrusion Detection Level Analysis of Nmap and Queso Article in LinuxSecurity/SecurityFocus
  • Dshield.org Distributed Intrusion Detection System
  • doshelp.com Intrusion & attack reporting center
  • Virtual Burglar Alarm - Intrusion Detection Systems
  • 50 Ways to Defeat Your Intrusion Detection System
  • IDSWakeup is a false positive alarm generator for network based IDS
  • Honeyd is a small daemon that creates virtual hosts on a network
  • The “Know Your Enemy” Series from the honeynet project: I II III
  • Justifying the Expense of IDS
  • Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics
  • Honeypots: Tracking Hackers
  •  

     
    Copyright(c) Bright Solutions Inc.