CCL Group Ltd are the UK’s leading specialist digital investigations and cyber security provider.
We pride ourselves on our investigative standards and ability to solve tomorrow’s problems today.
Working internationally, we provide a broad range of ISO17025 (lab testing number 4543) accredited digital forensics services to law enforcement and government, the legal profession and private sector organisations. We have recently achieved accreditation to the FSR Codes. We also have ISO9001 (quality) and ISO27001 (information security) certifications.
Specialist Courier Service
CCL Group can provide a secure collection and delivery service that ensures continuity of evidence. Deliveries and collections can be on a specific schedule for contracted clients, or on an ad-hoc basis as required, and non-evidential items can be delivered with a dedicated same-day courier service. Alternatively, they can also be arranged out of hours by our Forensic Case Team, or through the on-call number.
All CCL’s drivers are directly employed by CCL Group, security cleared to NPPV3 + SC + Met Police level, and are trained and experienced in evidence handling. Our unmarked vehicles are fitted with an online checking facility and as part of the security procedure, the driver is not permitted to leave the exhibits unsupervised at any time while in their custody.
We work in an industry based on confidentiality, trust and integrity, and have pioneered the introduction of standards to digital investigation.
Our approach places these qualities at the heart of everything we do. We value your security and information as if it were our own because we understand how costly a data breach or miscarriage of justice can be.
CCL Case Study: Client Cyber Review
CCL Group was engaged by the client to perform a review of their cyber security.
CCL Group used the engagement model ‘OCTAVE’ (Operationally Critical Threat, Asset, and Vulnerability Evaluation), a security framework for determining risk level and planning defences against cyber assaults, involving a review of the organisations processes, people and technology. This framework helps organisations minimise exposure to likely threats, determine the likely consequences of an attack and deal with attacks that succeed.
CCL conducted structured one to one interviews with a cross section of staff and ran a series of workshops with the IT team to construct profiles of the threats the organisation faced, based on the relative risks posed. An initial report was then produced including SWOT analysis and a high level ‘Statement of Cyber & Information Governance Requirements’ was created, including Gap Analysis, between current status and good practice.
The report was used to engage with senior management to develop a series of recommendations, and an action plan to address the issues identified. In developing the action plan, CCL Group and the client took account of the severity of each threat, the likelihood of occurrence and the impact. The action plan also reflected the cost of remediation and budgetary constraints, the ease with which the organisation could complete the changes, as well as staff availability and skills to implement the changes.
CCL Case Study: Search & Seizure
Private Limited Company in the Technology Sector
Following the termination of an employment contract, our client suspected their former employee of supplying classified and sensitive intellectual property to a close competitor.
Overcoming the Challenge: After successfully obtaining a ‘Search and Seizure’ order, our client instructed CCL Group to take a forensic copy of the electronic devices and removable media that were seized from the property.
CCL Group acted as ‘independent’ data processors and facilitated a review of privileged information on behalf of the applicant. Once all privileged material had been excluded, a search using keywords provided by the client was undertaken and responsive data for review was provided.
Analysis of the responsive data from their former employee’s personal devices showed that they had supplied their competitor with intellectual property in the form of customer and contract details. This information was then used by the competitor to approach clients and offer more favourable terms.
The case was settled during the pre-action phase. In addition and thanks to the advice of CCL Group the client now operates a “No Bring Your Own Device Into Work” policy to protect this event occurring in the future.
CCL Case Study: Deleted Skype Messages
Law Enforcement Agency
An individual was suspected of smuggling large quantities of garlic disguised as ginger (which is exempt from tax) into the UK, in order to avoid paying tax on it. CCL Group was asked to analyse the suspect’s computers.
Overcoming the Challenge: CCL created forensically-sound exact copies of the hard drives on numerous computers belonging to the suspect and others suspected of being involved in the smuggling activity. CCL Group then processed the files using one of their review platforms, making them easily viewable for the officer in charge.
CCL Group securely hosted the data and provided support to the officers reviewing the data by assisting with keyword searches and identifying deleted areas that may contain potentially useful evidence. One of the keyword searches resulted in hits in the Skype history on a number of the hard drives. CCL was able to extract this data and recover all messages in the Skype history, including times, dates and user account details. It showed the suspect planning the entire smuggling process, even down to the temperatures at which the garlic should be stored. CCL Group was also able to retrieve the files that the suspect had sent as attachments to his messages.
On one of the exhibits the Skype history had been deleted. In order to recover this deleted data, CCL Group’s analyst was able to recover the file records which pointed towards the deleted data. CCL Group then rebuilt, extracted and presented this deleted data in order to build a bigger picture of how the suspects were planning and discussing the details of the case.
CCL Group were able to identify Skype records from the computers which positively revealed that he was knowingly involved in a systematic tax evasion; through conversations arranging the deal with contacts in China.
When the Skype conversations were subsequently presented in court, the jury could relate to the evidence which was key to the entire case. He was convicted on one charge of being knowingly concerned in the fraudulent evasion of duty payable on goods and was sentenced to be incarcerated for six years.