Digital Forensics and Investigations

 
 

Digital Forensics and Investigations

Identify root cause and timeline of a cyber security incident by analysing digital evidence

Improsec offers computer forensic investigation services of malicious outbreaks or cybercrimes, such as intellectual property theft, scams or vandalism. We can furthermore acquire and analyse digital evidence to be used in criminal or civil court.

Our team of cyber forensics experts have a vast experience in providing forensic analysis services and leverage the latest tools and technologies to carry out detailed computer forensic investigation.

Value

  • Identify root cause and timeline of a cyber security incident by analysing digital evidence

  • Acquisition of digital evidence to be used in criminal or civil court

  • Identify insider or unknown party’s malicious intents or actions

  • Establish the consequences of the cyber security incident, such as stolen user credentials or intellectual property

Product

The deliverable of the analysis is a written report containing the following:

  • A non-technical section with an Executive Summary for management and decision makers

  • A technical section describing the performed analysis and the outcome of it

  • Recommendations and next steps (if applicable)

Method

The process consists of three stages – acquisition, analysis and reporting:

  • During the acquisition stage, we perform forensically sound images of e.g. hard drives by utilizing tools such as hardware write blockers to preserve the state of the original evidence. Memory dumps, network and other logs are also obtained if available (and applicable).

  • During the analysis phase, we perform digital investigation on a physical drive, or an image of such, to recover deleted files, identify suspicious files and discover what actions took place (e.g. if data was stolen) by analysing various forensic system artefacts. Furthermore, we can analyse memory dumps to detect advanced malware that leave no traces elsewhere, as well as analyse network traffic to identify potentially suspicious behaviour and detect other intrusions

  • All our findings will be documented and reported. After the report presentation, all acquired data and evidences will be handed over to you, after which we will permanently destroy our copy of the data and evidences.

Involvement

The delivery requires minimal involvement of your technical staff.


 
 

Download full description as PDF file