INCIDENT RESPONSE

Forensic Analysis

Essentials

Forensic Analysis is the use of controlled and documented analytical and investigative techniques to identify, collect, examine, and preserve digital information. When a situation requires forensic data analysis, your organization will want the industry’s foremost forensic experts to perform that service.

When SecureState is called in to perform a Forensic Analysis, your organization’s digital information is in capable hands. SecureState:

Provides a thorough, manual approach to the forensic methodology, for both reviews and investigations
Ensures the devices, data, events, times, acquisition tools, storage, and analysis are forensically sound
Uses only industry and regulatory-approved tools for incident response, and data acquisition and analysis
Works as an extension of the organization’s response team
Provides proven methods to quickly identify, verify, collect, and analyze information and threat events
Works closely to help to facilitate investigative, legal, and regulatory requirements
Ensures relevant and efficient analysis production

Benefits

In the event of an adverse incident involving an organization, whether it is an external breach, an internal intellectual property theft, or an employee Internet abuse case, data must be preserved and analyzed in order to determine the actions, motives, vectors, effects, in addition to collecting evidence. This is true for Internet-based or internally-based incidents, mistreatment, or fraudulent activities. Forensic Analysis delves even deeper, determining what system actions are being performed, what systems are running and communicating, or what systems might be divulging information to external sources or unauthorized destinations; which are all vital pieces of information in the case of an incident.

Expertise

With top industry certifications and clearances, SecureState’s Computer Forensics Team can assist in the forensics of computer investigations, email, IP theft/corporate espionage, and deleted file recovery. SecureState approaches Computer Forensics by exceeding the methodologies set forth by industry standards and regulatory requirements. In fact, SecureState develops its own policies and investigation protocols through a well-integrated mix of best practices, case law, and subject matter experts in the areas of audit and compliance, risk, and ethical hacking.

We have helped develop, implement, and sustain organizational policies and government regulations that require Computer Forensic investigations and have been the case lead and primary technical point of contact for investigating system intrusions, fraud, system abuse, intellectual property theft, harassment, regulatory compliance, and many other Internet and insider-based crimes.

Get Scoping Questions Now!

Fill in your details and you can download a FREE questionnaire to ask your vendors.

Your Name

Your Phone

Your Email

Your Company

We will not share or distribute your email to anyone. It will be used solely to contact you about the service you have inquired about.

Did You Know?

Common Misconception:
Most organizations do not have the expertise and necessary tools to perform repeatable and defensible investigations.
Reality:
Organizations have personnel that can technically troubleshoot network and system issues, but rarely understand forensically-sound analysis
Frequency:
Forensic investigations, principles, and techniques are driven by policies or regulation. Implementing a forensic methodology within investigations and IR will ensure the integrity of the analysis and evidence.

Our Approach and Methodology

The primary scope for Forensic analysis is to identify unauthorized or anomalous indicators that exist past or present, how they were deployed, and what capabilities they might have had on the system. After identifying if a successful compromise or malicious software exists, SecureState’s primary focus would be directed at determining applicable next steps relating to regulatory or legal compliance, as well as business impact and risk. Applicable next steps would involve additional forensic acquisition and documentation, collecting and identifying the initial intent of the compromise, remediation, and determining if any private, regulatory or sensitive data was captured or modified. Below are the details of the investigation methodology involved in typical engagements:

Ensure integrity of system output; SecureState uses statically compiled analysis tools on copies of images, and thoroughly documented procedures and system actions
Sweep of file-system layer for anomalous data types, rogue processes or services, and malicious file handles
Determine, if possible, if company data was copied, deleted, or uploaded either from disk or in transit
Conduct a timeline of activity, files, and data
Determine integrity of system files and processes, as well as account permissions and ownership Analysis and extraction of system, process, and network logs

The following are the specific techniques and actions for a typical investigation:

Plot timeline against dates and times of the suspected compromise to obtain evidence pertinent to the assessment
Provide a detailed analysis of common start-up techniques used by applications and files, and validated any that were set to run automatically
Search for any runtime boot executables or modules
Examine and validate any scheduled or reoccurring tasks
Search for any hidden modules and files
Search for any hidden modules and files
Investigate any program, file, user, or group attribute inconsistencies with suspected security
Investigate user, system and network artifacts
Utilize a toolset of trusted, static binaries to conduct a thorough analysis of system logs, accounts, services, and timestamps of files and programs
Search for any rogue network providers or security permissions
Conduct a dependency analysis to monitor and list processes, services, threads, handles, and system calls for processes set to run automatically
Conduct a thorough encryption and executable-packing signature analysis across the entire disk to detect any protection of code sections often used by malware to evade detection.
Analyze network sockets traces and logs for outbound traffic initiated from suspected compromised systems to any external addresses
Analyze all hidden and root-privileged files and directories
Analyze all files and directories per user-ownership, group-ownership, expected permissions, expected file types, and INODE values
Search across all data on disk for pertinent keywords, data tags, or characteristics relating to the compromise as well as files used by the attacker
Perform a deleted data analysis and information investigation on all unallocated space within image files

What Makes Us Different

SecureState offers many digital forensic services, including computer forensics, network forensics, mobile device forensics, media forensics, and forensic data analysis.
SecureState’s Computer Forensics Team works closely with the other teams at SecureState by integrating services, expertise, industry-approved policies and methodologies, and regulatory or government regulations.

Related Services

Downloads

We Can Help You

Generate New Image

Enter the code from above.