Suspicions or indications of cyber intrusion?
Companies that are victims of a cyber intrusion or ransomware can call on us for a forensic audit. It's important to find the cybercrimes and the malware so that you can restore the security of your network.
Thanks to our forensic techniques, we are going to uncover traces that show what intrusions have been carried out. We carry out full forensic investigations or support you in forensic analysis of your company computers, company network and company data where necessary.
Our digital forensic investigators mainly focus on:
- Confirming suspicions of malicious or ethically objectionable actions conducted within the company. For example, a (former) employee who is suspected of having stolen or transferred business-sensitive information to third parties.
- Collect evidence of hacking or malware infection. For example: check whether hackers still have access to systems and/or whether these still contain potentially dangerous code (e.g. an installed backdoor, crypto locker,...).
For each of these situations, there are some important questions that need to be answered such as:
- Have data or files been deleted or modified?
- Has there been a file transfer to external media?
- Has software been installed?
- Have configurations been changed?
- What is the browser history?
- Has there been any evidence of withheld or destroyed evidence?
- Who had access to certain data at any given time?
- Has any data been leaked from the system (via a network, data carriers, printouts,...)?
Our forensic audit provides a clear answer to the above questions. In order to discover the traces left behind, an analysis of the storage media as well as of the volatile memory of the systems will be carried out. In this way, we can unmask advanced malware with built-in anti-forensic techniques.
Afterwards, you will receive a report with a complete overview of all traces discovered during the course of the investigation. All (relevant) historical actions are displayed in a timeline in order to be able to easily form a global picture of what happened.
Furthermore, recovery of deleted files is also possible as long as they have not been overwritten. If this is within the scope of the report, these files will of course also be handed over together with the report.
Note: Forensic investigations will always try to give a picture as truthful as possible of what happened on the basis of technical traces. The interpretation of these traces is not an exact science and strongly depends on the researcher. As a result, the report will only give an overview of the traces and one possible interpretation of them (without any guarantee that this is the absolute truth).
Most Popular Ethical Hacking
Hacking facts and figures
Hacking is a serious problem for companies.