Our Services

We build genuine partnerships with our clients

• e-Crime
  • Targeted Attack Detection Service
  • Digital Forensics
  • Malware Analysis Service
  • Digital Intelligence and Investigation Services
• Penetration testing
  • Application Testing
  • Internal Infrastructure Testing
    • Network Testing
    • Mobile Testing
    • VOIP Testing
    • Wireless Testing
  • External Infrastructure Testing
    • Network Testing
    • PCI ASV
    • Telecoms
    • Physical Testing
    • Vulnerability Analysis
  • Red Teaming
• Security Architecture and Design Assurance
  • Build Reviews
  • Firewall Rule-Base Reviews
  • cloud security assessment service
• Software Engineering Security Assurance
  • Secure Development Lifecycle
  • Code Review
  • Product Evaluation
• Training
  • Infrastructure Penetration Testing
  • Web Application Testing
  • Secure Development and Coding
  • ISO27001 Training

Digital Forensics Services use a bespoke methodology – because each incident takes place in a unique set of circumstances – but investigations basically fall into two main areas: Off-line Host Analysis, which entails removal of a system drive or storage media from a powered down system for analysis; or Live Host Analysis, conducted while a system is still in operation.

Context investigators hold UK government security clearances and have experience and knowledge of managing the aftermath of security incidents and forensic investigations using best practice procedures and techniques, in accordance with ACPO guidelines where appropriate. We can also support clients in liaising with law enforcement and government agencies or legal representation.

Off-line Host Analysis

This is usually the most appropriate method following a breach of an organisational policy, such as theft of intellectual property, use of an organisation’s assets or resources for illicit or illegal purposes, or system compromise due to malware or a targeted attack. Investigation techniques used include analysis of deleted emails (including those sent using web-based email systems like Hotmail or Gmail) and email attachments; registry analysis, this covers use of USB devices; file system analysis, incorporating recovery of deleted files, file signature searches and manual file system reviews; timeline analysis; keyword analysis; and a detailed analysis of internet usage.

Live Host Analysis

This is usually most relevant in situations where it seems likely that evidence is contained inside the system memory (inaccessible if the system is powered down), or if the system in question is so important to an organisation that powering it down would create an unacceptable level of disruption. Techniques used include memory analysis; network connections and traffic analysis; registry analysis (again covering use of USB devices); running process analysis; and rootkit detection, to seek out malware operating at low levels of the operating system able to modify native functions without the knowledge of that operating system.

Sandbox Testing

Context may also make a forensic copy of a systems hard disk during off-line analysis then run it through a virtual machine in a safe ‘sandbox’ environment. This is a useful technique if a system has been compromised through malware or a targeted attack.

© Copyright 2012 Context Information Security.

Main Navigation

• Home /
• Our Company /
• Security Solutions /
• Research /
• Media /
• Contact Us