Digital Forensics / Incident Response

Our Digital Forensics/Incident Response service aims to be a one-stop service where we can respond to targeted attacks against an organization from external threats, defacement of web pages, and other unauthorized access incidents.

We offer support from the initial stages of response, through to detailed forensics investigations, malware analysis, log analysis, as well as assistance in restoring normal operation and advice on future preventative measures.

Features

Sophisticated forensic technology

With the ever-increasing complexity of cyber-attacks, highly experienced forensic engineers are essential for determining and the root cause, and fully assessing the extent of the damage caused.

Our incident response service is performed by forensic experts who have extensive experience in training security professionals from both law enforcement agencies and privately-owned companies.

Comprehensive analytical skills

Incidents are resolved by bringing together the knowledge of our forensic engineers, malware analysts, and penetration testers well-versed in the mindset behind an attack in a comprehensive analysis of any possible situation.

Support for CSIRT operations

We provide a wide range of support for CSIRT operations, including initial response, advice on conducting simple forensic investigations in-house, as well as vulnerability assessment, cyber exercises, and provisioning of incident response tools.

Cases

Investigation of client PCs

This is an advanced course designed to teach "practical and useful" exploit techniques. This course is designed for security professionals to learn the knowledge and skills needed to effectively find vulnerabilities and create attack code.

Server Investigation

From traces left on disk and in memory, we investigate the type of attack that led to the breach, how it was carried out, and what vulnerabilities were used by the attacker. From there the potential impact and scope for theft of any data is also investigated.

Thorough investigation of the server based on the traces of malware files and program execution histories is also conducted to determine the full picture of actions taken by an attacker during the intrusion.

Investigation of logs of network devices and security products

Based on logs from security appliances such as firewalls and proxy servers, we evaluate whether information has been extracted by the attacker by analyzing the attacks and correlating them with items identified in the investigation of client PCs, servers, and other devices.

Packet analysis

Analysis is also performed on packet data collected by network security appliances installed in the customer’s environment in order to ascertain what attacks took place, and the activities of the attacker while inside the network.

This data is correlated with items and artifacts found on client PCs and servers to evaluate whether or not theft and extraction of any information has also occurred.

Malware analysis

Analysis of malware samples collected by the customer, samples discovered during our investigation of client PCs and servers, as well as malware samples extracted from packet analysis are subject to static or dynamic analysis to reveal the functionality of the malware, detection by security applications and if it was utilized in the attack.