Digital Forensics

Digital Forensics

Secure systems, secure products

What is Digital Forensics?

Digital Forensics aims to investigate a state-of-the-art incident of data acquisition, preservation, retrieval and analysis methods, investigating its causes and culprits, indicating where security should be reinforced by the client, and providing evidence for training, awareness and penalization of offenders.

Digital forensic services enable clients and their legal advisors to rely on computational resources or computerized systems for action proposals that require the advance production of evidence or technical assistance for action follow-up. Digital forensic expertise services are also required by the various spheres of the judiciary.

In order to investigate events in the IT environment, it is important to focus on the preservation of the evidence, following a careful process to avoid the loss of important information for reconstituting the scenario of these occurrences. Digital forensic is a process of search and preservation of evidence to support legal proceedings, though such evidence may or may not become evidence. Digital forensic services may gather evidence of following incidents:

  • Evasion (theft, robbery, etc.) of information
  • Computer Invasion Analysis
  • Analysis of breaches of intellectual property violated
  • Control of corporate information security policies and standards
  • Establishing the chronological order of events occurring on computers

BENEFITS

Understanding the Incident

Characterization of the cause of the incident, its activities and responsible.

Tracking vectors

Efficient tracking of malicious artifacts and potential intruders.

Organization Protection

Protection of business value and reputation of the organization.

Improved Defenses

Guidance to avoid recurring incidents in the organization’s networks, systems, and applications.

We will meticulously investigate the incident and help you suppress the threat and minimize the impact on your business. Our experts will also share the information with you through the whole process and help you understand the best ways to approach the solution.

METHODOLOGY

The Open Web Application Security Project (OWASP)

OWASP represents an enormous step forward in the area of IT security, testing and data protection. This is a non-profit project and its intention is to inform groups, companies and individuals from all over the world about application security. Everyone is free to join OWASP online community and each user will have the access to all relevant information, articles, tools, researches and methodologies related to web application security.
The usage of OWASP provides us with many different tools. Some of them are suitable for automatic vulnerability scanning (commercial and open source tools), while others are being used for penetration testing (information gathering tools, authentication testing tools, data validation testing tools, web services testing tools, etc.). OWASP Top 10 publishes annual lists of the most common vulnerabilities, most dangerous threats, most critical security risks, and other, and they regularly report about these topics.

Penetration Testing Execution Standard (PTES)

This new standard originates in 2009, back when the discussion about the necessity of penetration testing and the insufficient awareness of this necessity began. The penetration testing execution standard is divided in 7 phases, and it starts with asking and answering questions in order to get to know the system properly. This phase is known as pre-engagement interaction. It is followed by intelligence gathering, which is particularly important because it eases the following phases, and future penetration tests. The third phase is threat modeling and it defines the approach that will later on be used to test potential threats and vulnerabilities. Vulnerability analysis will discover all errors and malfunctions in the system. This vulnerability analysis can vary, depending on threats and vulnerabilities we are facing at this stage. Exploitation identifies ways to attack the system based on prior vulnerability analysis. Post-exploitation is being done in order to maintain the control and protect the system. Reporting is the seventh and final section of penetration testing according to the standard. It should contain the full summary with all important details and insights about the entire testing process.

Get in touch with us.