Incident Handling & Forensics
Although organizations tend to shy away from digital forensics because of its association with an information security breach whose source and/or real impact cannot always be determined, it cannot and should not be avoided. After a breach, the forensics process is often used to satisfy legal requirements, law enforcement evidence collection and archiving requirements. It is expected to provide the raw data for the analytical process of the attacker, the attacker’s toolbox and the actual extent of the breach, which can span multiple realms such as computer systems, mobile devices, networks and databases.
As modern information security incidents are rarely limited in impact to a single information asset or system, organizations must quickly identify the actual impact of an incident on the business, intellectual property, partners and customers. Such an analysis can often be performed by employing advanced digital forensic capabilities that identify the full timeline of the incident, as well as the actual information being accessed, the tools used to access it and what information has been leaked/modified/deleted.
Security Art's digital forensic services provide organizations the best of both worlds – evidence collection that adheres to law enforcement standards, as well as expert analysis of the forensic data that provides organizations with business insight that can be used to draw conclusions and act upon them.
Security Art’s services focus on several areas of digital forensics:
- Computer forensics (cross-drive analysis, live analysis, deleted files, log correlation and analysis)
- Mobile device forensics (physical acquisition, logical acquisition, manual acquisition, external memory, internal memory)
- Network forensics (traffic analysis, open source intelligence)
- Database forensics
- Advanced malware analysis (cross-domain expertise)