Digital Forensics and Incident Response (DFIR)

What can a digital investigator do for your case?

Cyber investigators use various tactics and methods for obtaining evidence and getting to the bottom of your case. Some of the methods we use for investigating cyber matters are:

  • Investigate system event and security logs to determine the origin and the specific cause associated with the event at hand.

  • Acquire erased or purged digital documents, photos, and files by digital forensic examination technology.

  • Research potentially malicious applications, software, and code to determine it’s intent and and the degree of impact on a system and an organization.

  • Preserve the integrity of data and digital evidence for administrative bodies by evidence integrity controls such as hashing and data duplication.

  • Tracing and confirming unknown individuals by combing traditional investigative tactics with modern cyber security tools. 

What is a digital investigation?

A cyber investigation is any investigation that takes place on digital devices or information assets. Such information include computers, smartphones, tablets, servers, IoT devices, modems, routers, and even sprinkler systems. Any device that has an internet connection and a circuit board can be compromised by hackers. If you believe your network has been compromised, reach out for a free consultation. 

Types of digital investigations?

There are various types of cyber investigations. Some of the most common ones are:

Access Auditing: Access auditing is an umbrella term that refers to the investigation of digital or logical access to an information system. This can be authorized or unauthorized access by an individual for a malicious means. The cyber investigator will review audit and access logs in order to determine if a specific individual had access to a given information asset at a specific time. This is usually used in support of other investigations. 

Device Monitoring: Device monitoring is a service offered by a cyber security company that monitors certain aspects of your device. This is usually reserved for companies with information assets needing to protect. However, for private clients with potentially high risk of cyber crimes, the service can be implemented as part of a long term cyber investigation. 

Digital Forensics: Digital forensics or a digital forensics examination is the act of acquiring digital information that has been erased or purged beyond the scope of normal cyber investigations. Digital forensics is normally an expensive and time consuming process and is usually only used in criminal cases for which exploitation or white collar fraud is the cause. 

Digital Intrusion: A digital intrusion investigation looks for digital intrusion attempts or successes into electronic devices such as phones, computers, servers, or any other device with access to the internet. This is often achieved by remote access using malicious software, or other legitimate software used in a malicious way. With any intrusion, evidence is always left behind to potentially lead back to the threat actor.

Malware / Spyware: Malware is malicious and authorized software. The most common forms of malware are spyware, viruses and ransomware. What makes malware, malware, is the fact that it is doing something it shouldn’t, such as stealing your personal information and files. Most malware is easily preventable by using reliable anti-malware / anti-virus, however a proper investigation should still be conducted if your information assets contain sensitive information.

What can digital forensics & investigations do for your organization?

Digital forensics and digital investigations review evidence of intrusion, tampering, unauthorized access, and other evidence left behind by cyber crimes. When an intrusion or theft occurs, preserving and creating a chain of custody for evidence is imperative for a successful remediation. 

  • Review the incident with senior management and discuss DFIR options. 

  • Preserve, make copies, and hash the digital evidence for preservation. 

  • Conduct digital examination of logs, deleted files, and other evidence left behind. 

  • Prepare a court admissible report on findings and discuss remediation options.