unveiling a chain of evidence

Digital Forensic Investigation

Our expert forensic analysts identify, collect and examine digital evidence to ensure its integrity and furthermore, help you find out what really happened to your information systems.

Systematically examining your environment to determine the nature and source of malicious activity

A thorough investigation can assist your team in strengthening preventative security measures

When one thinks of the most important elements of Digital Forensics and Incident Response, a few things might come to mind. Perhaps: instant response, swift containment and speedy return to business as usual. These are all critical parts of effective DFIR, however, true incident response engagements hinge on comprehensive analysis and systematic forensic investigation.

Digital forensics is fundamental to the response process as it helps uncover attacker footsteps. Ultimately, this allows you to understand an internal or external threat actor’s strategy, motives and target. It further assists in preserving the integrity of any evidence discovered, and will support your organisation in legal-proceedings.

During a security incident, it's not always clear what's occurred to your information systems.

Often times, hacker objectives are not immediately apparent and in a time of crisis, you can't rely on just 'he said, she said.'

Forensic investigations help retrieve any digital evidence left by activities performed on your information systems. It can:

Firstly, help your organisation determine what information was stolen and the likely impact it’ll have on your business.
Second, it’ll clarify whether or not you’re obliged to report the incident by law.
Third, it’ll limit recovery efforts by clearing up which systems were impacted and thus require prioritised remediation efforts.
Lastly, digital forensics help obtain court admissible evidence for a range of incident types.

Our Digital Forensics team identifies, collects and analyses digital artefacts across your entire business environment

The Content Security team has vast experience in the identification, collection, preservation, processing, review, analysis and presentation of evidence over a wide range of cases, including but not limited to:

Fraud

Confidential/Intellectual Property (IP) Theft

Employee Malfeasance

Conflicts of Interest

Sexual Harrassment

Personal Information (PI) Discovery

Leaks to the Media

Data Loss and Destruction

When incidents occur, stress rises and poor decisions are made

Even when the skills are available in-house, external experts can act rationally and without bias to give your leadership the right information to make the right choices

We cover the industry spectrum end-to-end, meaning, we can assist you during any type of cyber security incident and beyond

This includes data breaches, malware outbreaks, internal frauds and system
misuse, cloud compromises, phishing, sexual harassment or other industrial relation disputes involving information systems.

Moreover, our services extend beyond just critical incident response. We specialise in Security Assurance Services, Governance, Risk and Compliance, and Enterprise Services, partnering with Strategic Vendors to protect your business.

Following in attackers' footsteps to uncover and understand their strategy, motives and targets

In addition to helping you remediate current attacks, our goal is to protect your organisation from now into the future

With detailed reporting, expert guidance and recommendations as well as tailor-made IR plans, we help you bolster protection from future potential attacks. As a key element of our DFIR process, our forensic investigations help to:

Collect all relevant evidence & maintain a Chain of Custody

Maintaining a Chain of Custody (CoC) is critical to evidence documentation as it ensures the integrity of the digital artefacts. This is key to presenting authentic evidence to a court of law and delineating who handled what systems, data and devices.

Take forensically sound bitstream copies of devices for processing

This involves processing the file system and memory for artefacts such as deleted, altered, hidden, encrypted or potentially malicious files and their metadata; communications via email, instant messaging or other methods; and OS and application logs stored on the system.

Determine context based on activity times

The entire digital forensics process is performed in order to gain a sense of clarity on what happened during an incident. Our expert investigator will determine the incident context based on creation, access, modification and deletion times.

Form a timeline of events that occurred around time of the event

All activities are documented and organised in order to form a timeline of events leading up to the security incident. This timeline provides the investigator and your team with a more complete understanding of how the incident could have occurred and how the malicious threat actor operated prior to the breach, malware outbreak etc.

Derive conclusions based on evidence artefacts gathered

From the contextualised evidence, we’re then able to derive more informed conclusions on attacker motives, strategies and targets. Above all, this helps you determine the nature of the malicious activity and the extent of the compromise. Furthermore, it shows you how to best remediate and protect your systems in the future.

Act as an Expert Witness in legal proceedings

As your trusted partner in all things cyber security, we are prepared to support you throughout the entire incident response process. With vast experience in DFIR, we understand that breaches and other security incidents extend beyond the recovery and post-incident handling stages. Thus, we’re able to act as Expert Witnesses to assist you in legal proceedings.