A cyber security incident can be in the form of an intrusion from the outside or from a disgruntled employee stealing your trade secrets inside your network.
The problem facing management is how to determine where the data went, who is responsible and how to mitigate further risks and loss.
In order to effectively combat incidents in today's electronically interconnected world, a company must be able to move seamlessly among many technology platforms like employee laptop, desktop, mobile phone and social media.
When an employee exits a company, it is essential to identify and preserve critical information that the employee possessed before it is lost forever, and to ensure that no sensitive data walked out of the door with the former employee.
Blackroot Technologies provides extensive expertise in all areas of cyber security, technology, high-tech digital investigations and litigation support.
Our experts at Blackroot Technologies can provide immediate cyber security incident response and expert analysis to any crisis or situation facing corporations today.
From internal or external theft of proprietary corporate information, to pro-actively conducting internal audits of a company network systems.

It is hard to deny the booming popularity of social networking sites, the type of sites that facilitate a high degree of user personalization, and user intercommunication. These site are huge, Facebook has more than 900 million active users. Twitter has more than 300 million users posting more than 100 million tweets a day. There's a huge amount of information about users personal life's being posted every day. People frequently post information about the more mundane aspects of their lives that they would probably not share with someone during verbal conversation. Additionally, users may share their status, news stories, notes, photos, videos, and allow their friends or friends of friends to comment on them. Some individuals even use these platforms to post evidence or intent of criminal activity. This information can be very valuable to forensic investigators.

Swift and Decisive Action Against Ransomware and Multifaceted Extortion Minimize the impact of ransomware and extortion attacks with expert assistance from Blackroot Technologies. Our incident response specialists are ready to help you rapidly and effectively tackle ransomware incidents.

What We Offer:

In-Depth Attack Analysis: Our experts thoroughly investigate the attack to understand its scope and impact.

Crisis Management: We manage the situation across the entire attack lifecycle, ensuring coordinated and effective response efforts.

Business Recovery: Post-breach, we help you restore and secure your business operations swiftly.

Trust Blackroot Technologies to reduce the damage of ransomware attacks with our comprehensive and immediate response solutions.

ransomware protection , ransomware detection , ransomware detection , ransomware investigation, ransomware forensics , ransomware investigation, ransomware investigation, ransomware recovery, ransomware monitoring , ransomware negotiation, ransomware negotiation , ransomware, ransomware analysis

Mobile Forensics, is a form of science concerned with the systematic examination of mobile phone handsets and all attached media, such as SIM cards and memory storage cards. It is similar to Computer Forensics in that a wide variety of data can be retrieved, including messages, incoming, outgoing, missed calls, images, video, audio, Email, instant-messaging and etc. A mobile phone can potentially contain a large amount of information related to the user’s actions, determined by their communication patterns; information acquired from mobile phones is increasingly required as evidence in criminal investigations.

Mobile Forensics Evidence

Model, IMEI, SIM S/N. , PIN
Messages (SMS, MMS, WhatsApp or other messaging apps)
Last numbers dialed
Last numbers received
Missed calls
Phone book contact numbers
Time & Date of last numbers dialed
Time & Date of last numbers received
Internet browser history
Task list, notes
Calendars
Audio clips
Voice memos
Emails
Word documents
FAX
Personal information management
Video clips
MAPS
GPS
Application
Service profiles
Deleted Data

Blackroot Technologies is the leading specialist in the recovery of deleted data from handset and SIM card memory. We are able to recover any form of deleted user data from all makes of handset including phonebook entries, call logs, text messages, pictures and videos etc. Our highly experienced security cleared team are happy to discuss any requirements in relation to a specific make and model of phone.

Blackroot Technologies is EXPERTS at finding LOST, HIDDEN or even DELETED SMS/MMS/Email/photo on any mobile device like iPhone, Samsung, BlackBerry, Nokia and windows mobile.

1. Recover deleted incoming, outgoing, missed call history – SMS/MMS/Email
2. Recover sent & received messaged history
3. Analysis contact information
4. Recover list of assigned speed dials
5. Calendar event, tasks and notes review
6. GPS navigator/ Internet history
7. Instant messaging deleted message recovery (WhatsApp, Line, Viber, Skype)
Advanced capabilities for:

iOS

Bypassing simple and complex passcode while performing physical and file system extraction on selected devices running iOS 3.0 or higher including iOS 6 Real-time decryption and decoding of data, applications, and keychain real-time decryption while revealing user passwords Advanced decoding of applications

BlackBerry

Advanced decoding of BlackBerry Messenger (BBM), emails, locations, applications and more Real-time decryption of protected content from selected BlackBerry devices running OS 4+ using a given password

Android

Advanced decoding of all physical extractions performed on devices running any Android versions Advanced decoding of applications and application files

GPS

Portable GPS devices extraction and decoding

Exclusive – Physical extraction of Tom Tom trip-log files

Modern litigation places organizations at potential legal, financial and publicity risk if disclosure is not fully and correctly provided. Failure to comply with eDiscovery rules can be costly.

Blackroot Technologies offers corporations litigation readiness programs, which are designed to reduce enterprise risk while improving the daily flow and management of critical information. Our team of internationally recognized e-discovery professionals have diverse backgrounds that include experience in law firms, major corporations and top technology and consulting firms. We can help you carry out a defensible and robust process for e-discovery that focuses not only on the technical tools, but also on the policies and procedures that support the process.

We assist our clients in rapidly reducing large data sets to case relevant information which can be reviewed and produced in a structured manner.

Our services include:

Pre-collection planning and data analysis
Data collection
Data processing, filtering and reporting
Hosted review tools
Structured data extraction, including SharePoint, Dynamics and many document management systems
Custom report generation for eDiscovery processing and review tools

The definition of what constitutes computer fraud becomes ever more complex with the ingenuity of people who intend to deceive, misrepresent, destroy, steal information, or cause harm to others by accessing information through deceptive and illegal means.

Emails requesting money in return for “small deposits.”
Pyramid schemes or investment schemes via computer with the intent to take and use someone else’s money.
Emails attempting to gather personal information to be used to access and use credit cards or Social Security numbers.
Using someone else’s computer to access personal information with the intent to use such fraudulently.
Using the computer to solicit minors into sexual alliances.
Violating copyright laws by copying information with the intent to sell it.
Hacking into computer systems to gather large amounts of information for illegal purposes.
Hacking into or illegally using a computer to change information, such as grades, work reports, etc.
Sending computer viruses or worms with the intent to destroy or ruin someone else’s computer.

Audio Forensics / Voice Investigation / Voice Forensics is the field of forensic science relating to the acquisition, analysis, and evaluation of sound recordings that may ultimately be presented as admissible evidence in a court of law or some other official venue

The primary aspects of audio forensics are:

Establishing the authenticity of audio evidence
Performing enhancement of audio recordings to improve speech intelligibility and the audibility of low-level sounds
Interpreting and documenting sonic evidence, such as identifying talkers, transcribing dialog, and reconstructing crime or accident scenes and timelines
As an Audio Forensic Expert and Expert Witness, Blackroot Technologies has analyzed hundreds of audio recordings for authentication, clarification and voice identification in both analogue and digital formats.

The following list describes types of forensic services Blackroot Technologies offer as an expert witness:

Forensic Audio Expert Witness Services
Audio Enhancement and Clarification
Audio Authenticity and Chain of Custody
Forensic Transcription
Sound Restoration
Forensic Consulting Services
Background Noise Removal
Voice Identification

Video Forensic Analysis / Video Image Investigation is the scientific examination, comparison and/or evaluation of video in legal matters.

Reliably digitize video tape footage onto a computer system. (This is commonly done via Non-Linear Editor (NLE) software.)
Be able to demultiplex or separate camera views from multiplexed CCTV footage.
Convert digital video from DVR (Digital Video Recorder) devices into digital video formats usable for forensic analysis.
Perform clarification techniques such as frame averaging.
Highlight someone or something of interest in the video.
Enlarge portions of the video for areas of interest.
Measure heights of individuals or distances between points seen in the video.

What Blackroot Technologies can offer?

Frame Averaging removes video noise, graininess and hidden details.
Highlighting/Masking the analyst can highlight an area of video to bring it attention or obscure an area to hide sensitive information.
Resizing Video Enlarge (zoom of magnify) footage. Video may also be reduced in size to expose the cropped are, about 10%, that are commonly hidden from view by a typical televisions under scan.
Image Stabilization stabilizes unstable or shaky video.
Color Correction tools are used to analyze and correct poor lighting and compensate for camera dome filters to recover the accurate colors of the scene.
Clarify dark and poor quality security and surveillance footage.
Picture-in-Picture displays one moving image within another offering dynamic, side-by-side comparisons, demonstration consistencies between know images and suspect images.
Comparative Analysis Reverse Projection and reliable height analysis by superimposing images.
Titling or labelling is used to identify and explain video evidence.
Timecode AVX allows the Forensic Video Analyst to timestamp security video images to within 1/60th of a second.
Locators quickly and easily annotate video evidence.
MetaSunc the Avid Systems provide twenty-four tracks for synchronized metadata, linking any digital investigative asset directly to the video evidence. Assets include word processing documents, spreadsheets, e-mail, digital photos or virtually any digital file can be accessed on a computer.

Audio recording may be used in the court as evidence, but sometime the recording may have loud background noise that cause the recording to be useless.

At Blackroot Technologies, we have specialist for audio enhancement. His job is to remove static background noise and improve overall audio clarity and intelligibility.

Disk cloning is the process of copying the contents of one computer hard disk to another disk or to an "image" file. This may be done straight from one disk to another, but more often, the contents of the first disk are written to an image file as an intermediate step, then the second disk is loaded with the contents of the image. Typically, this is done for archiving purposes, to restore lost or damaged data, or to move wanted data into a new disk, though other reasons also exist.

Unlike standard copying functions, disk cloning involves copying hidden and in-use files, and thus presents special challenges, as those types of files are typically not available for copying. Additional complications arise when the process is used for networked computers, as the network must be able to distinguish between different computers.

Computer hackers are unauthorized users who break into computer systems in order to steal, change or destroy information, often by installing dangerous malware without user knowledge or consent. Blackroot Technologies is a highly experienced to helps Corporations, Small Businesses, and Individuals address unwanted cyber intrusions and hacking incidents where the client wants to pursue the incident criminally or civilly.

Hack Investigation

Virus, Trojan, Malware
Virus or trojans are malicious software programs which get installed into the victim’s system and keeps sending the victims data to the hacker.
Denial of Service (DoS\DDoS)
A Denial of Service attack is a hacking technique to take down a site or server by flooding that site or server with a lot of traffic that the server is unable to process all the requests in the real time and finally crashes down. For DDoS attacks, hackers often deploy botnets or zombie computers which have got the only work to flood your system with request packets.
Website defacement
A website defacement is an attack on a website that changes the visual appearance of the site or a webpage. These are typically the work of system hackers, who break into a web server and replace the hosted website with one of their own.
Social engineering attack
Social engineering is the art of manipulating people so they give up confidential information.
Remote code execution
System or application vulnerabilities can provide an attacker with the ability to execute malicious code and take complete control of an affected system with the privileges of the user running the application. After gaining access to the system, attackers will often attempt to elevate their privileges.

Even an organization most advance defenses such as antivirus, firewall and IPS are no match for the sophisticated attacks deployed today. Malware forensics analysis is the study or process of determining the functionality, origin and potential impact of a given malware sample such as a virus, worm, Trojan horse, rootkit, or backdoor.

Malware Analyses Steps
Analysis of suspicious web code and executable files
Performs deep forensic analysis through the full attack life cycle
Disassembly analysis that examines elements of the code
Our Approach

The following first-level analysis is conducted to quickly tally threat scores.

Product Name
Product Version
Company Name, etc.
Functions included in the Import Table
Network
Process
Security
Registry
Dynamic Loading, etc.
Does the binary have high entropy (obfuscated)?
Does the binary have signatures of:
Internet Relay Chat ("IRC")
Shellcode
Cryptography ("Crypto")
Does the binary contain strings associated with autoruns?
Digital Signature Verification
Stage two:

Stage two involves more complex disassembly analysis to give you more detailed behavioral information. This simulation and data flow analysis is possible without running binaries in a sandbox, and there is no reliance on white lists or signatures.
Integrated disassembly engine
If using network functionality, potentially what host it is communicating with and over what protocol(s)
If using network functionality, can it bypass proxy servers?
For functions that require usernames and/or passwords, does the executable contain a static string, indicating insider or advanced knowledge?
More advanced Functionality Interpretation
IP addresses and Domain Names Used
Debugger and Sandbox avoidance
Command and Control Functionality
Hooking Techniques
Arbitrary Code Execution
Host Forensic Artifacts
Registry Settings
Temp Files
Configuration Files