Incident investigation

Who, when, how and why has penetrated your system?

We provide comprehensive forensic examination and analysis of servers, systems, mobile devices, and media. We know how to investigate difficult cases and employ cutting-edge techniques such as analysis of Random-Access Memory (RAM), registry, shadow volumes, timeline analysis, and other methods. We also prepare organizations for future investigations by developing procedures for incident response and evidence collection in accordance with the most stringent formal requirements.

Over the last few years, we have witnessed an increase in computer crimes. Criminals are becoming more aware of digital forensic and investigation capabilities, therefore use more sophisticated methods to commit their crimes without leaving the usual evidence. To identify, respond, examine, analyze, and report computer security incidents, computer forensics and digital investigation methods are constantly evolving.

Our skills:

  1. Acquiring Data and Evidence.
  2. Live Incident Response and Volatile Evidence Collection.
  3. Advanced Forensic Evidence Acquisition and Imaging.
  4. File System Timeline Analysis.
  5. Advanced File & Registry Analysis including Unallocated Metadata and File Content Types.
  6. Discovering Malware on a Host.
  7. Recovering Files.
  8. Application Footprinting and Software Forensics.
  9. Data Preservation.
  10. System Media and Artifact Analysis.
  11. Database Forensics.
  12. Mobile Forensics.

Our capabilities and responsibilities

During the computer security incident response and investigation, we perform the following actions:

  • Conducting technical analysis of large amounts of structured and unstructured data, including user activity data and alerts, to uncover anomalies.
  • Discerning obscure patterns and attributes to produce investigative leads, identify indicators of compromise, and uncover loss causing events.
  • Leading highly sensitive, complex, and confidential threat investigations into technology misuse, incidents of data loss and intellectual property theft, conflict of interest, counterintelligence concerns, and security policy violations.
  • Reviewing data in support of security inquiries and loss prevention efforts, and compiling analysis results into a variety of finished intelligence products to support stakeholders’ decision-making, and assist in creating detection and mitigation strategies.
  • Providing timely notice of imminent or hostile intentions or activities that may impact the objectives of your organization, resources, or capabilities.
  • Creating new tools, tactics, and procedures (TTPs) for identifying insiders, including proactive identification of new collection methodologies and briefing security team members on emerging threats to support the continued improvement of the customer’s Threat Management Program.
  • Building threat models to quantify the security risks against known adversarial and malicious behaviors and campaigns.
  • Completing risk assessments, communication campaigns, post-incident follow-ups, and any special analytical projects according to the customer’s objectives.
  • Collecting and preserving evidence admissible in court.

Check out our additional services and business cases. Submit the form below to request an incident investigation. Get a free consultation.

Business cases of projects we completed

Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases