IT Forensics
The term IT forensics (also known as computer forensics) refers to the analysis and investigation of security incidents or obscure circumstances in the field of information technologies. Typical examples are hacker attacks on critical IT systems or data leakage by internal offenders. Forensic analyses are not only appropriate for specific security incidents but can also help solve general cases of suspicion.
Our company supports you with specific security incidents as well as with suspected cases within all necessary activities. In addition to the forensic analysis, our team can also advise you strategically in the event of an acute security incident, for example to identify and coordinate possible immediate measures. In addition, we support you in setting up a process for incident response management .
Objective
Analysis and (as far as possible) clarification of IT security incidents or suspicious IT issues
Question
What was the process or the approach of the attacker in the context of an IT security incident and what are the impacts?
Scope
All affected IT systems and components
Detection and Investigation
Our team secures possible crime scenes, tools and evidence for you. The precise recording of all data and framework conditions relevant to an incident results in a complete picture of the processes and possible participants in a security incident. By using the appropriate hardware and software, the current status of IT systems can be backed up completely and without changes, so that the corresponding system environment can then be subjected to a detailed analysis. Even while illegal or unauthorized processes are still active, it is possible to use appropriate analysis tools to secure evidence and to clarify the processes. In such cases, we are also available to advise you on the containment and control of incidents, for example through technical ad-hoc measures or through communication with law enforcement authorities.
Analysis
The preservation of evidence is followed by an analysis which is aligned to contract objectives. As an example, this can include forensic analyses in the following areas:
- Data carriers and system images
- Recorded network traffic
- Log files
- User data like documents, e-mails or media files
Through the precise analysis of secured evidence, a security incident can be investigated in detail. The goal is to answer the following questions:
- What happened?
- What was the sequence of events?
- Which individuals are possibly involved?
- Which systems and files are affected (data leakage, manipulation of information, etc.)?
- What is the impact?
- What needs to be done?
Documentation
Any information collected during a forensics operation is documented and evaluated by our team. If required, a presentation of the results is prepared and tailored to the respective target group. If you would like to involve prosecution authorities and courts, we will work together with these institutions during the incident investigation and transfer our knowledge.