Blue Lights Digital

Cloud Forensics_BLD

A digital forensics service that supports extraction of data from global cloud services such as AWS, Google and iCloud, along with a large variety of other cloud services. Supporting extraction of email, data from IoT devices and provides users with an automated web capture feature and real-time extraction monitoring.

Features

• Email extraction
• Social Media Extraction
• Specializes in East Asian cloud services
• Acquisition of cloud based IoT device data.
• Provides automated web capture feature.
• User-friendly interface.
• Hash based data integrity assurance.
• Report generation.

Benefits

• Event view
• Note View
• Contact View
• SNS View
• Web capture
• Search view
• Report Options

£5,100 to £60,000 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at claire.stanley@bluelightsdigital.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

206021631619817

Contact

Claire Stanley
07847258384
claire.stanley@bluelightsdigital.com

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: End point device digital forensics, tools from MD Red, Cellebrite, Belkasoft, Oxygen & other. Education available.
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: Addressed through the appropriate lawful use, authorisation and LEA policies consideration should be given to the following constraints. ; ; Legal and ethical considerations, Data ownership and access rights; cloud service provider policies, technical limitations, ; data protection and privacy concerns. ; ; Cloud forensics also has resource constraints on trained, skilled and competent staff in the use of cloud forensic tooling and scripts. ; Collaboration and coordination with digital forensics units and officers in charge with full transparency and accountability of usage of this technology.
• System requirements:
  • Software licence
  • OS: Windows 8/10(All 64 bit)
  • CPU: i7 or faster
  • RAM: 8GB or above
  • Network: Internet connection via wired or wireless LAN
  • Storage: 1TB or above
  • Display: 1024x768 or higher
  • USB: 1 or more USB 2.0 ports
  • Microsoft.Net Framework 4.6.2

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Office hours within line of BLD policy
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: We operate a graded response to support queries to deliver a cost and performance effective service. This ranges from critical incidents requiring an immediate response to those that are non-urgent and can be responded to within a defined timescale. We will work with our clients to define the specific service level required.; ; All IT systems and processes used by BLD are GDPR compliant and we have Cyber Essentials certification. The data generated by our service will be secured and accessible on a ‘needs-only’ basis, air-gapped from BLD staff unless they are involved within the client’s investigation. ; ; We will discuss data management with the client at the initial consultation to understand how you want and need data to be managed. BLD will do everything possible to ensure continued service and data integrity.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: BLD believe in educating people and organisations so they can develop digital investigation skills in-house. With technological developments and the daily use of technology within personal and professional environments, we believe digital elements of an investigation should now be business-as-usual. ; ; BLD can supplement our investigation capability with an extensive training programme so that internal client teams can learn how to perform this work themselves, providing an additional return on your investment. ; ; 3.3 Investigation Support; We are available to support our clients in their investigations in the initial stages of deployment as well at later stages as the investigation progresses
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
  • Other
• Other documentation formats: MDF
• End-of-contract data extraction: Outputs are in multiple formats and driven by the user and for ingestion into their network
• End-of-contract process: Renewal possible or end of licence and access unavailable

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: Features a simple, intuitive, and effective user experience that warrants little training.
• Accessibility standards: None or don’t know
• Description of accessibility: .
• Accessibility testing: .
• API: Yes
• What users can and can't do using the API: IoT data extraction from AI Speakers and Smart Home equipment. Supports authentication via both public and unofficial APIs
• API documentation: No
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: Bundles of DF capability can be customised for the service and capability

Scaling

• Independence of resources: Provided to the user on their own network. Software licence mean the product is available

Analytics

• Service usage metrics: Yes
• Metrics types: Audits fro actions and system logs
• Reporting types:
  • API access
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Belkasoft, Cellebrite, GMD, Oxygen & Investigation services partners

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: Through API into other Hancom products or into their own systems/network
• Data export formats:
  • CSV
  • ODF
  • Other
• Other data export formats: MDF
• Data import formats:
  • CSV
  • ODF
  • Other
• Other data import formats:
  • PDF
  • MDF

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: .
• Approach to resilience: This is a software licence being supplied with capability to the user
• Outage reporting: Email alerts

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: User licences are assigned and for an annual period to know entities.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 18 September 2015
• What the ISO/IEC 27001 doesn’t cover: Detailed technical specifications or solutions; Specific software or hardware configurations; Compliance with other standards not directly related to information security; Non-information security-related processes or procedures within BLD Group
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: CSA CCM version 3.0
• Information security policies and processes: Internal BLD policies and process inline with the standards guidance to ensure the correct reporting structure

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The configuration and change management are managed by Hancom with regular inputs and updates through BLD tracking the performance and results of the software
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Managed through internal BLD policy and reporting to Hancom
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Through documented approach available on request and also regular Hancom engagement
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Users can report incidents to the Support service of BLD. Reports provided by Hancom are shared with all of the users

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  The delivery of solutions and software from BLD can significantly contribute to fighting climate change through various means. Implementing BLD Cloud Forensics can optimise energy usage in government buildings or law enforcement facilities which can lead to reduced carbon emissions. Additionally, integrating smart technologies to replace the transportation of physical media to and from Cloud Hosting facilities reduces fuel consumption and greenhouse gas emissions. Furthermore, software solutions that facilitate remote work and virtual meetings can help reduce the need for unnecessary international travel for data recovery, thus lowering carbon footprints.; ; The social value of these contributions can be measured by quantifying the reduction in carbon emissions resulting from the implementation of BLD Cloud Forensics . This can involve calculating the energy savings achieved by optimising processes and systems, as well as estimating the reduction in vehicle and air miles travelled due to the adoption of Cloud Forensics technologies.

  Covid-19 recovery

  The delivery of solutions and software as a systems integrator plays a crucial role in supporting post-Covid-19 recovery efforts, particularly in addressing the multifaceted challenges individuals encounter upon returning to work. Beyond health concerns, there is a pressing need to mitigate the negative outcomes exacerbated by the pandemic, such as increased vulnerability to fraud. During the lockdown periods, many individuals were targeted by fraudulent schemes exploiting the uncertainties and disruptions caused by the pandemic. These were often manifested through breaches and then obfuscation of activities within cloud solutions and their providers. ; ; The social value of these contributions can be measured by assessing the effectiveness of fraud detection and prevention measures implemented through software solutions that reach beyond borders and physical communication networks. This involves quantifying the reduction in fraudulent activities targeting individuals returning to work, as well as evaluating the efficiency of response mechanisms in addressing reported cases. Additionally, feedback from affected individuals and stakeholders can provide insights into the perceived impact of these initiatives on restoring trust and confidence in economic activities post-pandemic.

  Tackling economic inequality

  The delivery of Cloud Forensics from BLD can contribute to tackling economic inequality by enhancing access to essential services and opportunities for marginalised communities. For example, implementing digital platforms for government services can streamline processes and reduce barriers to access for individuals with limited mobility or internet connectivity. If these online services are corrupted or attacked, then harm is often amplified on the most vulnerable in the community. Additionally, providing training and support for digital literacy can empower underserved populations to participate more fully in the digital economy. BLD provide access through level 4 Apprenticeships in Digital Forensics Examiners that include skills and competences in BLD Cloud Forensics systems. ; ; The social value of these contributions can be measured by assessing the extent to which they contribute to reducing disparities in access to government services employment, educational opportunities for new workforce entrants, and economic resources among different police forces.

  Equal opportunity

  The delivery of Cloud Forensics services from BLD can promote equal opportunity by removing barriers to access and participation for individuals from diverse backgrounds. For example, implementing inclusive design principles in Cloud Forensics investgative development can ensure that digital products and services are accessible to people with disabilities. Additionally, providing training and support for digital skills development can empower individuals from underserved communities to pursue career opportunities in technology fields. BLD provide access through level 4 Apprenticeships in Digital Forensics Examiners that include skills and competences in BLD Cloud Forensics systems. ; ; The social value of these contributions can be measured by assessing the degree to which they promote inclusion and diversity within the workforce and society at large. This can involve tracking metrics such as the representation of marginalised groups in technology-related fields, the level of accessibility and usability of digital products and services, and the impact on social attitudes and perceptions toward diversity and inclusion.

  Wellbeing

  Implementing the automation of cloud forensics, cloud data discovery prioritises work-life balance and flexibility. This supports emotional wellbeing by reduces stress and burnout associated with overwork and excessive job demands. Cloud data resides in data centres around the world and accessing that data is often lengthy and costly in terms of time and travel for an individual. BLD Cloud Forensics allows for workflow design around from the users work location, appended to other data discovery lawful processes and enhances the examiners work life balances. ; ; The social value of these contributions can be measured by assessing their impact on key indicators of individual wellbeing, such as physical health, mental health, work-life balance, and overall satisfaction with life. This can involve tracking metrics such as employee engagement and productivity levels, absenteeism and turnover rates, and self-reported measures of happiness and fulfilment.

Pricing

• Price: £5,100 to £60,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: 30 day trial is available to Law Enforcement, Government Department and Educational users.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at claire.stanley@bluelightsdigital.com. Tell them what format you need. It will help if you say what assistive technology you use.