Forensic Control focuses on the prevention, detection and investigation of insider threat through psychoanalytical analysis (addressing the human side) and cyber forensics (addressing the digital realm).
Very often businesses rely solely on technology to identify and address insider threats. However, as such threats are fundamentally a people issue, technical solutions alone are insufficient. We believe that only a holistic approach is adequate in comprehensively protecting a business’s assets.
To secure your company’s reputation, intellectual property and valuable digital assets we offer clients insider threat risk assessments and strategic planning advice, training and education, alongside behavioural and cyber forensic investigation services. Our approach aims to help management understand the strengths and weaknesses revealed in an insider threat risk analysis, and introduce programs to address such issues.
A director and his wife at an insurance company had been receiving anonymous letters and emails alleging that he was having an affair. The details listed in the communications indicated that the sender was within the office.
Interviewing staff, getting a detailed background of life at the company, we identified six potential suspects. We visited the office one evening after staff had left and forensically collected data from their computers. On analysing it, we realised that due to the way the computers were set up, there was very little digital evidence available to be analysed. This is where most forensic companies would draw a blank conclusion.
Forensic Control’s psychoanalytical expert, using material as diverse as noting how people decorated their desks and psycholinguistic content analysis of emails, established the personalities of the six suspects and potential motives. It lead us to believe that one person in particular was the most likely candidate. We reported our findings to the client with advice on how to present them to the suspect. On being shown the evidence the employee tendered their resignation, saving our client the time and cost of taking the case to tribunal.
Using the methodology used by the world-leaders in insider risk detection and mitigation at the CERT Center at Carnegie Mellon University, Forensic Control examine 19 areas of a business within the areas of HR, legal, IT, data ownership, physical security and software engineering that organisations should implement to better prevent and detect insider threats.
We offer three levels of assessment in this area:
1. An assisted questionnaire, filled in by the client and assessed by Forensic Control. Results are provided in a report.
2. On site interviews with key personnel, allowing a deeper understanding of the business. Risk level assessed and provided to the client in a report.
3. As in 2, but with the interviewees producing evidence of their answers. Risk level assessed and provided to the client in a report.
“Forensic Control provided us with invaluable help in dealing with a complex investigation relating to a contested breach of contract matter. The response to our request for independent expert advice was professional, discrete and swift: our needs and the highly sensitive situation we faced were quickly grasped and, most importantly, the report on the IT data analysis was provided in an accessible, readily understood format. A superb service.”
“We have used a number of services from Forensics Control with excellent results and in a timely manner. We found Jonathan and his team to be professional and creative utilizing leading edge technology and subject matter expertise to achieve the desired outcome.”
“We are completely indebted to Forensic Control. Following what could have been a real business disaster when both our server and back up disk became corrupted we potentially faced losing all our client files. Jonathan calmly and efficiently got us back up and running within 24 hours. We can wholeheartedly recommend Forensic Control for their true professionalism and in our case, calmness in a storm!”
“Forensic Control assisted us with the investigation into a civil case that consisted of highly intricate and concealed IT issues. They produced two expert reports that were very well presented and dealt with the issues in a clear and succinct manner.”