Computer Forensics
Detect and substantiate computer misuse in a court-proof wayTargeted, court-proof systems analysis and data on the prevention, detection and treatment of computer abuse cases, using standardized methods. The quality of this analysis can be a useful evidence in court. Core of our service offering is an integrated process of analysis, proving a consistent and conclusive investigation path. Our analysis process includes the following sub-processes:
Information Recovery
- Identification of the objects of study: data recovery, forensic duplicate
- Incident Detection: Detect system anomalies
- Securing disks and devices (harddrives, floppy disks, Zip disks, CD, USB devices, cell phones, cameras, PDA, etc.)
- Analysis of main memory buffers
- to ensure integrity of the evidence about a genuineness of the evidence: Imaging
System Analysis
- Complete investigation of computer abuse cases, reconstructing malicious events
- Log-File Analysis: Investigation of trace to the perpetrator and his approach
- Incident Response Utilization: Tool-based system and event analysis
- Attack tools: identification and analysis of attack tools
- Backtracing: trace and identify the perpetrator
- Monitoring of attacks in real time
- Recommendations: Recommendations for improving the safety performance of IT systems and specifically to – preventing such abuses – Safety measures
- Presentation: Preparation of progress (fully documented) results, final report of investigation, if necessary with: identity of the perpetrator, fact-date period, causes (attack tools that exploited security vulnerabilities), scope of action, extent of damage.
- Review of research objects
Live and post-mortem analysis
- Investigation on the live system or a secured copy
- Report and action recommendations in case of damage