Computer Forensics

Detect and substantiate computer misuse in a court-proof way

Targeted, court-proof systems analysis and data on the prevention, detection and treatment of computer abuse cases, using standardized methods. The quality of this analysis can be a useful evidence in court. Core of our service offering is an integrated process of analysis, proving a consistent and conclusive investigation path. Our analysis process includes the following sub-processes:

Information Recovery

  • Identification of the objects of study: data recovery, forensic duplicate
  • Incident Detection: Detect system anomalies
  • Securing disks and devices (harddrives, floppy disks, Zip disks, CD, USB devices, cell phones, cameras, PDA, etc.)
  • Analysis of main memory buffers
  • to ensure integrity of the evidence about a genuineness of the evidence: Imaging

System Analysis

  • Complete investigation of computer abuse cases, reconstructing malicious events
  • Log-File Analysis: Investigation of trace to the perpetrator and his approach
  • Incident Response Utilization: Tool-based system and event analysis
  • Attack tools: identification and analysis of attack tools
  • Backtracing: trace and identify the perpetrator
    • Monitoring of attacks in real time
    • Recommendations: Recommendations for improving the safety performance of IT systems and specifically to – preventing such abuses – Safety measures
    • Presentation: Preparation of progress (fully documented) results, final report of investigation, if necessary with: identity of the perpetrator, fact-date period, causes (attack tools that exploited security vulnerabilities), scope of action, extent of damage.
  • Review of research objects

Live and post-mortem analysis

  • Investigation on the live system or a secured copy
  • Report and action recommendations in case of damage
computer forensics