Computer Crime Consultants - Services

Computer Crime Consultants - Services

The vast majority of services provied by Computer Crime Consultants (CCC) are in-house. However, some complimentary services, primarily in relation to due diligence enquiries with a global reach are provided by a long standing trusted partner.

CCC has access to a unique independent commercial intelligence service. Through which it is possible to undertake extensive bespoke qualitative due diligence services for selected clients, with a leaning towards emerging frontier economies, with a focus on Eastern Europe, the Caspian and West Africa. Through which we can offer an unparalleled insight into markets where information streams are scarce and unreliable and where rules may be skewed against external investors.

Combined with our due diligence service, we are able to offer pre-entry analysis to clients wishing to enter or expand further into such markets. With a focus on political, business, and criminal issues that may impact on client investment strategies, providing a qualified overall risk assessment.

In many frontier economies, the above categories are not mutually exclusive, our analysis is aimed at identifying nuances and other synchronicities that may exist between host governments, local managers and organised crime influences.

These bespoke services focus on client specific areas and requirements.

Political

Our Political overview offers insightful analysis and reporting on several key areas such as

  • The political environment
  • Regime stability
  • Continuity of governance
  • The key powerbrokers
  • Government attitude to foreign partners
  • Identification of individuals politically exposed
  • Identification of relevant treaties
  • Regional and local security
Business

Our business overview offers an in-depth evaluation of legacy and contemporary factors that may impact upon entry strategy and in-country operations, including:

  • Comprehensive due diligence of local partners
  • Verification of shareholder structures
  • Analysis of clan and oligarch structures
  • Identification of principals
  • Identification of historical issues faced by foreign partners
  • Assessment of local attitudes
  • Assessment of infrastructure
  • Profiling
  • Bespoke event risk
  • International trade blocs
Criminal

Relying on our extensive network of embedded contacts, we offer clients:

  • Comprehensive due diligence of local partners
  • Identification of prevalent criminal structures
  • Identification of internal corruption issues

For more information please email contact@ccc-ltd.com

CCC has been providing high-quality investigation services to clients since 1996. Where the experience of former members of new Scotland Yard’s Computer Crime Unit and Company Fraud Department come to bear. As detectives working at NSY, they were involved with some of the largest and most complex crimes of their times. Where circumstances have dictated, officers worked independently, while being part of a team. That experience remains with those at CCC equally at home, working either independently or as part of a team. The investigations we have undertaken are many and varied, and include the following areas:

  • Asset Tracing
  • Asset Stripping
  • Banking, On-shore & Off-shore
  • Blackmail
  • Company Fraud
  • Computer Forensics
  • Domestic Violence
  • Due Diligence
  • Hostile Takeover
  • Industrial Espionage
  • Intellectual Property (IP Theft)
  • Mergers & Acquisitions
  • Murder
  • Sexual Abuse
  • Share Ownership
  • Shipping Frauds
  • Unauthorised Access to computer networks

We understand how sensitive inquiries of any kind can be to all parties and that badly handled or insensitive investigations can cause more damage than the original incident. All our investigations are undertaken in a considered and controlled manner, where the potential risk to reputation is always at the forefront of our thoughts when making suggestions as to a particular course of action that may be required.

We also appreciate that in many, if not all cases where it may not be possible to conclusively prove that an individual was responsible for an incident. It is just as important to prove they were not responsible. Especially where there is an need for trust between the parties to remain.

Although many of our investigations start with the examination of digital devices. We can also undertake more traditional elements of investigations, such as due diligence or risk assessments. As well as having access to other investigative services that include bespoke qualitative due diligence services internationally, bug sweeps or TSCM (Technical Surveillance Counter-Measures), covert surveillance, vehicle tracking, through a long-standing trusted partner.

For more information on any of our capabilities, please email contact@ccc-ltd.com

Computer security education is an important element of providing a safe environment for digital assets.

CCC has provided a variety of education and awareness programs on differing aspects of computer security, these include:

  • advising on how to undertake internal investigations, the requirements for gathering evidence and the potential pitfalls that may be encountered.
  • educating employees on company policies and procedures.
  • ensuring employees understand the potential consequences of a breach, hence the reason for policies and procedures.

Get users to ‘buy into’ security…

I.T. Security Awareness

Talks and presentations should be aimed at raising staff and client awareness. We have found that a combination of question-and-answer sessions, combined with providing examples and giving demonstrations, has been the best approach.

Users with little or no technical abilities, who do not ‘buy into’ policies and procedures, looking to take shortcuts will increase the risk of compromise. Whereas those that understand the need to comply are likely to improve security. We have frequently found users circumventing or bypassing security measures simply because they were unaware of the implications or the measures were so restrictive that it prevented them from doing their work efficiently. Resulting in them looking for ways to get around those security measures.

We have also found it beneficial to break down the areas of education and awareness into the following groups.

  • Computer Security
  • Policies & Procedures
  • Malicious Programs
  • Wireless Exploitation
  • Password Security

One of the many gripes we have found employees to have are the password policies implemented by many companies, which are often poorly thought out. Resulting in users having difficulty remembering them because of their complexity or the frequency with which they are changed. It is quite possible that the reason for this is a lack of knowledge by the policymakers in relation to the real lifespan of a password, with decryption frequently cited as the main reason for policy.

Most policymakers have no experience of what is required to break a password. As a result, a ‘belt and braces’ approach is often taken, without fully understanding the impact on users or the increase in risk this may have. Forcing users to change their passwords every month can have a detrimental effect.

For example, a user may have a password that complies with policy, an example of which may be TheCanaries@01, with monthly changes resulting the password incrementally changing to TheCanaries@02, TheCanaries@03 etc.

Experience has shown that as time passes, users tend to forget the number they have reached, leading to frustration with passwords being written down. In reality,  good quality passwords can take years to decrypt even with the fastest and most sophisticated of attacks. Where, depending on circumstances, a more rational approach may be possible once company specific factors have been taken into consideration. Extending the life of a good quality password that meets company requirements has often been found to have a positive effect on users with no additional risk to the organisation.

Finally, senior management also needs to be seen to be complying with policy.

For more information email contact@ccc-ltd.com

Computer Security, I.T. Security or Cyber Security relates to the physical and nonphysical protection of electronic systems. Where tangible assets such as the hardware need to be protected from theft or damage. As well as intangible assets such as the software and data, which also need protection, to ensure the functionality of systems and the confidentiality, accuracy and availability of data. Such protection should also extend to preventing the misuse of or disruption to service.

The definition of a good hack - Nobody knows it happened…

Our lives are becoming more entwined with the digital era, to such a degree, that any significant failures in availability or loss of data can become headline news within minutes. Such is our reliance on this technology, whether banking, buying online, social media or just accessing e-mail. As a result, it is not inconceivable that in the relatively near future, we may well live in a ‘cashless’ society, giving cyber security an even greater role to play in our daily lives.

CCC can provide a comprehensive range of cyber security services, covering analysis, investigation, review and recommendation, for systems and networks alike.

Cyberspace

“Cyberspace” is a term used to describe networks and the devices attached to them which store, process and communicate information that cyber security protects.

Buzzwords for a buzzlight year!

With businesses moving on-line to keep pace with the modern day demands means that the data they need to access and manipulate these services also needs to be stored in cyberspace. With the data often becoming the target of attackers, whether to ransom or utilise in some other way. The data has value.

In today’s world, cyber security affects us all, with critical national infrastructures (CNIs), corporate networks and individual users having to rely on the availability, confidentiality and integrity of the data.

From experience, CCC knows that malicious activities aimed at human and physical aspects of our world often lead to applied security measures getting by-passed.

Some long-standing examples include:

  • Tricking individuals to open documents or links that lead to malicious code being executed.
  • Gaining employment with a company which provides physical access to systems.
  • Searching corporate waste for information that will ultimately help in gaining access to target data or systems.

‘dustbin diving’  - it still happens.

When assessing the cyber security status of an environment, the physical, personnel and digital elements all need to be evaluated as one. Assessing elements on their own is likely to lead to weaknesses that can and will be exploited by attackers.

For more information regarding this service, please email contact@ccc-ltd.com

The original discipline in a growing group of electronic devices and storage media that are now the subject of digital forensics. CCC has and continues to provide investigative services and expert testimony covering the full range of disciplines for both criminal and civil cases, with clients including police forces, government agencies, corporate clients, the legal profession and individuals alike.

Where there is a potential for the results of an examination being used in legal proceedings, examinations are undertaken in accordance with ACPO guidelines.

Examples of the types of information or data capable of recovery from a computer would include:

  • Audio
  • Backups
  • Calendar events
  • Chat
  • Cloud
  • Digital assistant reminders.
  • E-mail
  • Encrypted
  • Files - documents, spreadsheets etc.
  • File
  • Internet activity
  • Media
  • Messaging
  • Peer-to-Peer
  • Pictures
  • Remote
  • Keyword search results
  • Social networking
    – Facebook, Twitter etc.
  • Timezone data
  • User Account
  • Videos
  • Virtual environments
  • Wi-Fi
  • Xbox
  • Virtual environments
    - MS teams, Zoom etc.

 

With advances in solid state technologies, mobile devices have increased their capabilities significantly, where apart contact, voice and text communications existing, social media technologies, audio, video and graphics can now also be found on the same device. Increasing the need for comprehensive mobile forensics to be undertaken.

The examination of mobile devices and other hand-held devices have increased significantly as the number of applications capable of use and volume of recoverable data has also increased. For many, these devices act as organisers, storing additional personal information. Such as significant dates, events, meetings, contact information, even passwords.

CCC provide a comprehensive range of mobile forensic services, for evidential, intelligence, or data recovery purposes.

Examples of the type of data available mobile phones and other handheld devices can include:

Background

In the continuing evolution of IT technology, the vast majority of today’s devices now have built-in wireless capabilities. As a result, wireless technologies can now be found in most homes, as well as being adopted by most organisations, due to its cost effectiveness, ease of use and deployment capabilities. Making it a viable solution for corporate networks large and small, wishing to ensure cost effective connectivity with any satellite elements of their businesses.

The definition of ‘handshake’; a form of friendly greeting or a way of capturing Wi-Fi passwords!

Unfortunately, this deployment has led to a significant increase in the number of targeted attacks on systems where poor configuration or a quality assurance on updates has led to attackers identifying vulnerabilities that have allowed access to networks. Individuals at home, who may be executives associated with target corporations, need to know that wireless access points, both at home and at work, are frequently seen as a means by which attackers can gain access systems with little risk to themselves. Furthermore, by subverting either, there is a high probability that the attacker will be able to gain access to other internal elements of a target network. It should also be noted that any decent hacker who has gained access to a network using the wireless network as a point of entry will have passively monitored the network, looking to garner sufficient information about the identify authorised users and their devices so as to emulate them during an attack. Making it harder for security systems to detect their presence.

It is important to verify that wireless security measures commensurate with the environment are not only in place but also current, applied correctly and relevant.

Testing

CCC, wireless testing is undertaken by experts using a combination of in-house tools and techniques together with industry standard equipment.

Never heard of Zero-day warez? You need to?

For more information regarding this service, please email contact@ccc-ltd.com

Open Source Intelligence (OSINT) is the application of information gathering from public sources, which includes the collection, processing and analysis of data. With a view to utilising the results in the best possible way. At CCC, we understand the diversity of data sources and how to apply information identified.

Sources information include databases, published records, patent records and other data available to the public, effectively garnering such information, may require a variety of specialist techniques.

Where sources of information are likely to include social media and there is a possibility that the information could be used for litigation, there is a need to ensure that this information is from a legitimate source, accurate and has been obtained in an acceptable manner, with appropriate records being kept. Simply taking a series of screenshots while taking notes on a site may not be either sound or acceptable. Social media platforms are not designed to be ‘imaged or copied’ using conventional methods. Our tools and techniques meet those needs.

Most intelligence gathering exercises typically fall into the following areas:

  • Corporate
  • Criminal
  • Personal
  • Political

As such, these elements often form part of a case. Whether a fraud investigation, asset tracing enquiry or part of a larger and more comprehensive due diligence exercise. It is a discipline that we have become proficient at priding ourselves on being able to provide bespoke services that concentrate on a client's specific needs within their specific arenas.

The aggregation of data from a variety of sources exponentially increases value

For more information regarding this service, please email contact@ccc-ltd.com

Clients we have worked for

Much as we’d like to, we just can’t say, client confidentiality is paramount at CCC.

Have a case in mind?

computer forensic expert

Need our help?

Not found the service you are looking for?

Contact us, and we’ll try to help to point you in the right direction.

Scroll to Top