Computer Forensics
Detect and substantiate computer misuse in a court-proof wayTargeted, court-proof systems analysis and data on the prevention, detection, and treatment of computer abuse cases, using standardized methods. The quality of this analysis can be useful evidence in court. Core of our service offering is an integrated process of analysis, proving a consistent and conclusive investigation path. Our analysis process includes the following sub-processes:
Information Recovery
- Identification of the objects of study: data recovery, forensic duplicate
- Incident Detection: Detect system anomalies
- Securing disks and devices (harddrives, floppy disks, Zip disks, CD, USB devices, cell phones, cameras, PDA, etc.)
- Analysis of main memory buffers
- to ensure integrity of the evidence about a genuineness of the evidence: Imaging
System Analysis
- Complete investigation of computer abuse cases, reconstructing malicious events
- Log-File Analysis: Investigation of trace to the perpetrator and his approach
- Incident Response Utilization: Tool-based system and event analysis
- Attack tools: identification and analysis of attack tools
- Backtracing: trace and identify the perpetrator
- Monitoring of attacks in real-time
- Recommendations: Recommendations for improving the safety performance of IT systems and specifically to – preventing such abuses – Safety measures
- Presentation: Preparation of progress (fully documented) results, final report of investigation, if necessary with identity of the perpetrator, fact-date period, causes (attack tools that exploited security vulnerabilities), scope of action, extent of damage.
- Review of research objects
Live and post-mortem analysis
- Investigation on the live system or a secured copy
- Report and action recommendations in case of damage