TECHNICAL OPERATIONSThe RMS Technical Operations team is a unique group of professionals that have technical certifications and training in the field. Some of our team members have professional certification on counter surveillance and privacy intrusion detection; some of our team maintain certifications in the data management, security and recovery areas. Additional team members are considered subject matter experts in the are of mobile forensics and maintain certifications from the worlds leading mobile infrastructure organizations.
Counter Surveillance and Privacy Intrusion Detection
Counter Surveillance and Privacy Intrusion Detection is the process to technically and physically detect and locate devices that capture and transmit communications and data and send that information out to a listening, viewing or receiving party. In many cases, businesses can also have devices that are passive in which those devices must be retrieved and data extracted.
This process is often referred to as a Bug Sweep. “Bug Sweeps” is the slang term that is commonly used but can only be achieved through the use and understanding of technical equipment and the operator who is properly trained. Most “bugs” today use and operate off of cutting-edge TSCM technology such as Bluetooth®, cellular, and WI-FI. With that said, only the highest grade eavesdropping detection technology can detect these devices and our company is that provider. Technical bug sweeps provided by RMS can not only detect and locate bugging devices that are active, but also devices that are not transmitting.
The experts we employ on the RMS Technical team in this field receive the highest level of training and their backgrounds are military and law enforcement that specialized in this technology.
Get a Quote to have a Digital Sweep of Your Location
Network Traffic Monitoring, Analyzing and Alerts (Network)
Our Integrated DNS, DHCP, and IP Address Management (DDI) allows our clients to monitor and analyze their network traffic through a convenient dashboard they can access from any internet connection. In addition we can arrange an algorithm that our team, your team or your IT staff is alerted based upon.
The system actively identifies IPv4 and IPv6 addresses, using active scanning to discover and track subnets and associated address blocks. Finding an available address is as simple as navigating to a target subnet, viewing, and selecting an available IP address. Also, view transient IP addresses to easily identify orphaned IP addresses and reclaim them.
Working with your multi-vendor DHCP and DNS services—no additional proprietary software or hardware is required. You can easily unify and manage all of your Microsoft, Cisco, and ISC open source DHCP servers as well as your BIND and Microsoft DNS servers. This includes the ability to create, edit, or remove DHCP scopes as well as DNS zones and records. All DHCP and DNS changes you make in IPAM are seamlessly propagated to the respective servers, enabling you to easily find and configure IP addresses from a single management console.
RMS offers centralized monitoring of subnets/scopes utilization, IP address conflicts, DNS record mismatches, and more from a customizable dashboard. In addition, IPAM will provide automated alerts on issues including depleted subnets/scopes or IP conflicts so you can quickly respond to an IP-related issue.
HDD Data Extractions
The RMS team of technicians can quickly access, copy and extract data from any Windows, Linux or Mac operating system device. Additionally our team can restructure some damaged devices to access data on the partitions that were recoverable.
Mobile Logical Extractions
The quickest and most supported extraction method, but also the most limited, is a logical extraction. In a logical extraction, the forensic tools communicate with the operating system of the mobile device using our API (Application Programming Interface), which specifies how software components interact. The forensic teams uses these API’s to communicate with the mobile device’s operating system and request the data from the system. This process allows for the acquisition of most of the live data on the device, much like that of a live targeted collection of computer. The extracted data is output into a readable format.
The typical data available via a logical extraction are call logs, SMS (Short Messaging Service, commonly known as text messages), MMS (Multimedia Messaging Service, which are generally text messages with attachments or group text messages), images, videos, audio files, contacts, calendars and application data. It is possible to specify specific categories to collect, such as only SMS and MMS, but you cannot specify particular items in that category to only export. For example you can choose to extract SMS data, but all SMS will be collected not just conversations between specific people or phone numbers. All the data exported in these categories will be live data and will not have the possibility of containing any deleted data.
Mobile Filesystem Extractions
The next step up in extraction abilities is a filesystem extraction. The primary differentiator between logical extractions and filesystem extractions is the ability for the forensic tools to access the files on the mobile device’s internal memory directly instead of having to communicate through API’s for each type of data. This direct access allows the forensic tools to extract all files present in the internal memory including database files, system files and logs. Filesystem extractions are useful for examining the file structure, web browsing history and app usage history of a mobile device.
The most important part of a filesystem extraction is the full access to the database files on a mobile device. Numerous applications, such as iMessage, SMS, MMS, Calendar and others, store their information in database files. When a user deletes data that is part of a database, such as SMS, the entry within this database is marked as deleted and is no longer visible to the user. This deleted data remains intact within the database and is recoverable until the database performs routine maintenance and is cleaned up. Once this process occurs the data is no longer recoverable.
Mobile Physical Extractions
The most extensive but least supported extraction method is the physical extraction. Physical extraction is least supported because getting full access to the internal memory of a mobile device is completely dependent upon the operating system and security measures employed by the manufacturer like Apple and Samsung. A physical extraction from a mobile device shares the same basic concept as the physical forensic imaging of a computer hard drive. A physical extraction performs a bit-by-bit copy of the entire contents of the flash memory of a mobile device. This extraction allows for the collection of all live data and also data that has been deleted or is hidden.
By having a bit-by-bit copy, deleted data can be potentially recovered .This means that data that resides outside of the active user data and database files, such as: images, videos, installed applications, location information, emails, and more are able to be extracted and deleted versions of these items may be recovered as well.