Incident investigation and forensics

Home / Services / Security audit and testing / Incident investigation and forensics

Who has penetrated your system? When, how and why?

We provide comprehensive forensic examination and analysis of servers, systems, mobile devices, and media. We know how to investigate difficult cases and employ cutting-edge techniques such as analysis of Random-Access Memory (RAM), registry, shadow volumes, timeline analysis, and other methods. We also prepare organizations for future investigations by developing procedures for incident response and evidence collection in accordance with the most stringent formal requirements. For example, SWIFT requirements.

Over the last few years, we have witnessed an increase in computer crimes. Criminals are becoming more aware of digital forensic and investigation capabilities, therefore use more sophisticated methods to commit their crimes without leaving the usual evidence. To identify, respond, examine, analyze, and report computer security incidents, computer forensics and digital investigation methods are constantly evolving.

Our skills:

Acquiring Data and Evidence.
Live Incident Response and Volatile Evidence Collection.
Advanced Forensic Evidence Acquisition and Imaging.
File System Timeline Analysis.
Advanced File & Registry Analysis including Unallocated Metadata and File Content Types.
Discovering Malware on a Host.
Recovering Files.
Application Footprinting and Software Forensics.
Data Preservation.
System Media and Artifact Analysis.
Database Forensics.
Mobile Forensics.

Service summary

⏳ Duration of project	In average, 3 to 5 days. In complex cases, the duration can be several weeks.
🎁 Can it be free or have a testing period?	Free consultation and initial analysis of business requirements.
💼 What type of business needs it?	Financial institutions, healthcare organizations, government agencies, manufacturing companies, retail companies and any other business that suffers from cyber attacks, data breaches, or fraud incidents.
💡 When is this service needed?	When you face a cybersecurity incident. Suspicious activity, data breaches, malware infections, system outage, and regulatory requirements, etc.
📈 Your profit	Prevent future incidents, reduced downtime and operational costs, improved compliance and reputation.
⚙️ Our methods and tools	Interviews and documentation, data analysis, digital forensics, malware analysis, network analysis tools, etc.
📑 Deliverables	Incident report, evidence logs, dumps, forensic analysis report, recommendations for prevention, incident response plans, legal documentation, etc.

REQUEST A QUOTE

Related services

Our capabilities and responsibilities

During a computer security incident response and investigation, we perform the following actions:

Conduct a technical analysis of large amounts of structured and unstructured data, including user activity data and alerts, to uncover anomalies.
Discern obscure patterns and attributes to produce investigative leads, identify indicators of compromise, and uncover loss causing events.
Lead highly sensitive, complex, and confidential threat investigations into technology misuse, incidents of data loss and intellectual property theft, conflict of interest, counterintelligence concerns, and security policy violations.
Review data to assist with security inquiries and loss prevention efforts. Compile analysis results into high-level reports to support the stakeholders’ decision-making, and assist in creating detection and mitigation strategies.
Provide timely notice of imminent or hostile intentions or activities that may impact the objectives of your organization, resources, or capabilities.
Create new tools, tactics, and procedures (TTPs) to identify insiders. Provide proactive identification of new collection methodologies. Brief security team members on emerging threats to support the continued improvement of the customer’s Threat Management Program.
Build threat models to quantify the security risks against known adversarial and malicious behaviours and campaigns.
Complete risk assessments, communication campaigns, post-incident follow-ups, and any special analytical projects according to the customer’s objectives.
Collect and preserve evidence admissible in court.