Imaging and Analysis

The process of collecting data and media imaging can be tricky.  The most critical factor in this process is preservation of the source data in its pristine format.  Any attempt at collecting data or media imaging that is not done following proper preservation steps and with the necessary equipment, can both disrupt the original data and not create an exact image of the original media.

We have the ability to perform either on-site or in-lab, forensic data collection and media imaging services.  Our collection and media imaging services are performed using with sound forensic methods and industry accepted practices.  This includes utilizing only industry accepted hardware and software for all collection and imaging process.

The collection / imaging process involves all the necessary write-blocking devices and duplication equipment needed to create what is known as a bit-stream image of your media.  A bit-stream copy is an exact “bit-for-bit” copy of your original media. This includes not only normal files, but files that reside in the area know as unallocated space where many deleted files and file fragments can exist.  Furthermore, we can create images in various formats including:

  •     DD (Raw)
  •     E01 (EnCase)
  •     AD1 (AccessData)
  •     AFF
  •     SMART
  •     Single Capture

Plus various others.

All images created are verified with the industry standard MD5, SHA1, and/or SHA256 hashes to assure you that you have an exact copy of the source media.

Digital Forensics Analysis

Offline Host Analysis
This is usually the most appropriate method following a breach of an organizational policy, such as theft of intellectual property, use of an organizations assets or resources for illicit or illegal purposes, or system compromise due to malware or a targeted attack. Investigation techniques used include analysis of deleted emails (including those sent using web-based email systems like Hotmail or Gmail) and email attachments; registry analysis covering the use of USB devices; file system analysis incorporating recovery of deleted files; file signature searches and manual file system reviews; timeline analysis; keyword analysis; and a detailed analysis of Internet usage.

Live Host Analysis

This is usually most relevant in situations where it seems likely that evidence is contained inside the system memory, which would become inaccessible if the system is powered down; or if the system in question is so important to an organization that powering it down would create an unacceptable level of disruption.

To seek out malware which is operating at low levels of the operating system and can modify native functions without the knowledge of that operating system, we use the following techniques:

  •     Memory analysis
  •     Network connections and traffic analysis
  •     Registry analysis (including use of USB devices)
  •     Running process analysis
  •     Rootkit detection

Sandbox Testing

In addition to the off-line analysis of media, CFK investigators are able to carry out ‘behavioral’ analysis. This involves connecting the media to a virtual machine in a virtual environment without being connected to the Internet. This technique is particularly useful in malware investigations where malware will try to call out to command and control infrastructure.

At the end of any digital forensics investigation CFK will provide the client with a thorough report of the incident, signatures of any malware extracted, an assessment of the potential damage sustained in an incident, and recommendations to avoid a potential repetition of the incident.

CFK News Scroller

CFK associates is a pan African consulting firm with its headquarter in Nairobi Kenya. We are leaders in digital risks and investigations in the region. We have strong network of associates specializing in different areas of profession.

Our vision is to be the leader and set pace in digital forensics in Africa

Our mission is to provide our clients with world class experience through service provision.

Our slogan: "We deliver on promise"

What is Digital Forensics?

Digital forensics is the scientific process of capturing (imaging) and analyzing information stored in any electronic format, for the purpose of investigating allegations, to find the truth, with no predisposition as to the outcome. It is a highly technical discipline requiring a combination of unique skills relating to computer technology and software, formal investigative experience (law enforcement), proper evidence handling methods, and judgment. Computer forensics can be the key to:

  • Learning the truth
  • Taking appropriate action based on the facts
  • Winning the case.

At CFK we specialize in the listed services:

  • Digital Forensics (Computers and Mobile devices)
  • CyberSecurity Strategies and Management
  • Inappropriate Data Duplication
  • Private Investigation of Cellphone/Mobile Phone
  • Cyber Fraud and Money Laundering Investigation
  • Documents examination
  • Industrial Espionage
  • Online Brand Protection
  • Internal Corporate Investigation
  • Breach of Contract
  • Computer Break-ins
  • Digital Pornography
  • Inappropriate Internet Usage
  • Internet Abuse
  • Inappropriate Email Usage

Area of operation

We operate in the whole of Africa through our extensive network of associates who represents us in their respective countries