Digital Forensic Services

Digital Forensic Services is an electronic discovery technique used to determine and reveal technical crimes. We provide services to our clients in such a way that information can be protected and secured from unauthorized access.

We offer guidance and assistance with complex technology challenges. Digital Forensic services help to provide protection from economic crime, financial loss, and reputational loss. Hence, this service is highly critical for the business and as information is an asset to an organization, digital forensic services protect those assets for better productivity.

Digital forensic services include:

  • Network Forensic
  • Small-scale digital devices
  • Computer Forensic
  • Code Analysis

How we can help

We can protect you from economic crime, financial crime and reputational loss

  • Counter with different threats for your reputation
  • Maintain Confidentiality and integrity of your business
  • Provide Investigation reports
  • Helping in providing solution to business profitability
  • Assess new external to protect internal assets

We can help you manage crisis

  • Provide Experts support and taking critical actions
  • Technical Support to manage risk
  • Protection from the difficult situation in future

Incidence Response

When an incident occurs in the organization then the incident response team is responsible for taking action on the basis of risk prioritization. They may take the following decision as per organizations’ policy:

  1. They may Mitigate the risk
  2. They may Ignore the risk
  3. They may Transfer the risk
  4. They may Accept the risk

Incident response (IR) plans are designed to test your company’s ability to respond to a security incident. The ultimate goal is to handle the situation so that it limits the damage to the business while reducing recovery time and costs.

Approaches we follow for successful incident response

  • Address business vulnerability and assign roles and responsibility
  • Identify relevant business departments and get them involved
  • Identify Key Performance Indicators(KPIs) to measure the event
  • Testing of the plan
  • Review the plan constantly
  • Determine incident
  • Team formation and lead by IR analyst
  • Right tools implementation
  • Establishment of communication strategy

Forensic as a Service

Forensic as a service model aims to establish a cloud forensic investigative process, which can be implemented within a cloud ecosystem, integrated with tools that should ensure relevant information is gathered, verified, and stored in a manner that is forensically sound and legally defensible.

Forensic service would help to consider the company’s important sensitive information from getting exploited by unauthorized access.

Why forensic service

  • Identify Critical information against the unauthorized user
  • Refine critical information from destruct mobile devices
  • Necessary legal action could be taken against unauthorized access

Malware Analysis

The goal of malware analysis is to gain an understanding of how a specific piece of malware functions so that defenses can be built to protect an organization’s network. There are two key questions that must be answered.

The first: how did this machine become infected with this piece of malware?

The second: what exactly does this malware do?

Countermeasures of malware

After a lot of malware analysis different approaches, we follow for malware defense

  • Firewall System
  • Web filtering system
  • Intrusion/Prevention Detection System (IPS/IDS)
  • Host-based Intrusion Prevention System(HIPS)

These technologies help to protect the sensitive information from getting exploited by malware.

Email Forensic

E-mail has emerged as the most important application on the Internet for communication of messages, delivery of documents and carrying out of transactions and is used not only from computers but many other electronic gadgets like mobile phones etc. Pyramid Email forensic services offer a unique solution for email forensics on email messages attainable from disk or other storage; Our services include

• Process, search, review and analyze email and ESI in a forensically sound manner maintaining chain of
• Our unique approach and tool allow us to find out critical data, visualize relevant relationships, and drill down to the most pertinent data.
• Process and search multiple email sources, file types, and metadata. View results in a visual layout of your choice and export the documents of interest in a wide variety of file formats.
• Discover the history of a message and the identity of all involved entities.
• Investigate client or server computer suspected of being used or misused for e-mail forgery. It may involve inspection of Internet favourites, Cookies, History, Typed URL’s, Temporary Internet Files, Auto-completion Entries, Bookmarks, Contacts, Preferences, Cache, etc
• Skin tone detected, regular expression based search, bookmarking of potential evidence, email data classification, detailed reporting of investigation stages etc.
Our tools and approach for email forensic is based on industry best practices and landmarks which are completely scalable, focused, and flexible to accomplish the need of the client.

Disk Forensic

Pyramid cyber is a specialized digital forensic company offering industry best services in computer forensic and investigation which includes disk forensic, cloud forensic and other digital storage media forensic like USB devices, Firewire devices, CD, DVD, Flash drives, Floppy disks etc. Pyramid digital forensic team comprises of core technical and techno-legal background professional carrying years of experience and industry certification in the cyber forensic investigation, and have the experience to solve a variety of cases related to IPR theft, corporate policy violation, child pornography, terrorism, data theft, financial fraud and staking etc. We are using a standard tool to dig into deep of data maintaining chain of custody and standard guidelines. Tools we are using are Forensic Falcon, Access Data FTK, Magnet IEF, WestoneStegohunt etc. for a complete cycle of investigation and reporting.


  • Imaging and authentication of digital evidence
  • Data indexing, processing and keyword searching.
  • Find every file on the computer system, including files that are encrypted, protected by passwords, hidden or deleted, but not yet overwritten
  • Ensuring investigations preserved all the information on the computer system without changing or damaging it.
  • Recover as much deleted information as possible using applications that can detect and retrieve deleted data.
  • Reveal the contents of all hidden files with programs designed to detect the presence of hidden data.
  • Decrypt and access protected files.
  • Analyze special areas of the computer’s disks, including parts that are normally inaccessible. (In computer terms, unused space on a computer’s drive is called unallocated space. That space could contain files or parts of files that are relevant to the case.)
  • Testify in court as an expert witness in computer forensics.

Mobile Forensic

Cell phone forensic is quickly emerging field within the digital forensic, today’s mobile devices are getting smarter, cheaper and more easily available for common daily use. Courtrooms are relying more and more on the information inside a cell phone as vital evidence in cases of all types. Despite that, the practice of mobile phone forensics is still in its relative infancy. Given the pace at which mobile technology grows and the variety of complexities produced by today’s mobile data, forensics examiners Pyramid specialized cell phone forensic services offer a unique solution that best tackle cell phone analysis. Our approach to investigate cell phone is in three folds;

  1. Seizure,
  2. isolation, and
  3. documentation

Which is further followed by?

  • Achieve and maintain network isolation (Faraday bag, RF-shielded box, and/or RF-shielded room).
  • Thoroughly document the device, noting all the information available. Using photography to support documentation.
  • If a SIM card is in place, remove, read, and image the SIM card.
  • Clone the SIM card.
  • Physical/logical extraction of the cell device.
  • Analyze/review/keyword search of parsed data from physical/logical extraction.
  • Carve raw image for various file types or strings of data.
  • Report of findings.


Data and Password Recovery

Data Recovery

It is a process of salvaging (retrieving) inaccessible, lost, corrupted, damaged or formatted data from secondary storageremovable media or files, when the data stored in them cannot be accessed in a normal way.

Phases of data recovery

Usually, there are four phases when it comes to successful data recovery, though that can vary depending on the type of data corruption and recovery required.

(a) Phase 1(Repair the hard disk drive): Repair the hard disk drive so it is running in some form, or at least in a state suitable for reading the data from it. For example, if the PCB is faulty then it needs to be fixed or replaced

(b) Phase 2 (Image the drive to a new drive or a disk image file): When a hard disk drive fails, the importance of getting the data off the drive is the top priority. The longer a faulty drive is used, the more likely further data loss is to occur.

Creating an image of the drive will ensure that there is a secondary copy of the data on another device, on which it is safe to perform testing and recovery procedures without harming the source.

 (c) Phase 3 (Logical recovery of files, partition): After the drive has been cloned to a new drive, it is suitable to attempt the retrieval of lost data. If the drive has failed logically, there are a number of reasons for that. Using the clone it may be possible to repair the partition table

(d) Phase 4 (Repair damaged files that were retrieved): Data damage can be caused when, for example, a file is written to a sector on the drive that has been damaged. This is the most common cause in a failing drive, meaning that data needs to be reconstructed to become readable

Password Recovery

Password recovery becomes necessary when the user of a system is no longer able to authenticate them because they have lost or forgotten their password. Any systems that require authentication will need to have some policy or procedure for password recovery.

Specific Techniques

The technique which helps to the customer for resetting their password using the following techniques:

  • In Person Identification
  • Faxed Documentation
  • Simple Email Recovery
  • Encrypted Email Recovery
  • Question & Answer
  • Call Back

Online and Network Forensic

Network forensics is categorized as a single branch of digital forensics; it includes the areas of monitoring and analyzing computer network traffic and allows individuals to gather information, compile evidence, and/or detect intrusions.

Two systems are commonly used to collect network data; a brute force “catch it as you can” and a more intelligent “stop look listen” method.

  • “Catch-it-as-you-can”
  • All packets are captured
  • Large storage needed
  • Analysis in batch mode
  • Usually at packet level
  •    For later analysis
  • “Stop, look and listen”
  • Requires faster processor for incoming traffic
  • Each analyzed in memory
  • Certain ones are stored
  • Usually at packet level
  • Real-time filtering