Computer Forensics

Targeted, court-proof systems analysis and data on the prevention, detection and treatment of computer abuse cases, using standardized methods. The quality of this analysis can be a useful evidence in court. Core of our service offering is an integrated process of analysis, proving a consistent and conclusive investigation path. Our analysis process includes the following sub-processes:

Information Recovery

• Identification of the objects of study: data recovery, forensic duplicate
• Incident Detection: Detect system anomalies
• Securing disks and devices (harddrives, floppy disks, Zip disks, CD, USB devices, cell phones, cameras, PDA, etc.)
• Analysis of main memory buffers
• to ensure integrity of the evidence about a genuineness of the evidence: Imaging

System Analysis

• Complete investigation of computer abuse cases, reconstructing malicious events
• Log-File Analysis: Investigation of trace to the perpetrator and his approach
• Incident Response Utilization: Tool-based system and event analysis
• Attack tools: identification and analysis of attack tools
• Backtracing: trace and identify the perpetrator
  • Monitoring of attacks in real time
  • Recommendations: Recommendations for improving the safety performance of IT systems and specifically to – preventing such abuses – Safety measures
  • Presentation: Preparation of progress (fully documented) results, final report of investigation, if necessary with: identity of the perpetrator, fact-date period, causes (attack tools that exploited security vulnerabilities), scope of action, extent of damage.
• Review of research objects

Live and post-mortem analysis

• Investigation on the live system or a secured copy
• Report and action recommendations in case of damage