If you ever fall victim to a cyberattack, you should stay calm, immediately consult experts and under no circumstances destroy any evidence.
This evidence is not only important for law enforcement, but also to back up the legitimacy of any insurance and service claims. By reconstructing the course of events surrounding the attack, you can also identify and then eliminate vulnerabilities in your IT infrastructure.
SECUINFRA provides effective, direct assistance with the investigation of cyberattacks and other IT security incidents. In the process, we identify, collect, analyze and document digital evidence that will stand up in court, help you respond to the incident, and advise you in how to improve your cyber resilience.
The SECUINFRA approach – Digital Forensics
In the first phase of a digital forensics assignment, the identification phase, our forensic experts obtain an initial overview of the security incident. To do this, they coordinate closely with the client, conduct initial interviews and search for potential sources of relevant evidence.
The preservation phase is the second phase of a digital forensics assignment. During the preservation phase, our forensic experts ensure that evidence recorded and analyzed in later phases forms a chain of custody that can be traced at any time and cannot be manipulated. On the one hand, this is absolutely necessary for any insurance claims, claims for damages or criminal prosecution. On the other hand, it is the only way to reconstruct the exact course of events and to subsequently improve cyber resilience.
During the collection phase, the third phase of a digital forensics assignment, our forensic experts collect evidence for later evaluation. Depending on the security incident, this can be a wide variety of evidence. Among other things, infected laptops, hard drives, system images, phones, log data, downloads, network traffic recordings or mailbox contents. This phase, like the analysis phase, can be repeated several times if the analysis of the evidence reveals indications of further sources of relevant evidence.
In the analysis phase of a digital forensics assignment, the collected evidence is analyzed in detail and systematically. Evidence found is then evaluated and conclusions are drawn based on the evidence found. As evidence is found, further evidence may need to be collected to confirm or refute the conclusions drawn.
Documentation is a continuous process throughout the entire digital forensics deployment. Continuous documentation ensures that the entire forensic operation can be traced down to the last detail. Starting with the recording of the case, through the results of the initial interviews, the recording and analysis of the evidence and the resulting conclusions, to the final reconstruction of the crime scene. Only through detailed and complete documentation can a traceable chain of custody be formed.
During the final phase of the digital forensics assignment, the presentation phase, the course of events is reconstructed as accurately as possible on the basis of the evidence found and the resulting conclusions. In doing so, our forensic experts take care to create an incontrovertible chain of custody and, if desired, make suggestions for improvements to strengthen cyber resilience at a later stage.
Also read our blog posts and technical articles on the subject of Digital Forensics!
References in the field of Digital Forensics
SECUINFRA does not publish a client list or references.
Our clients’ right to privacy always trumps our marketing interests.
- SUCCESS THROUGH EXPERIENCE
The SECUINFRA DFIR teams have supported companies in the field of digital forensics and incident response (DFIR) day in and day out for years. More than 7,000 companies in Germany have placed their trust in SECUINFRA as a specialist in this area – either directly or through partners.
- REFERENCES ON REQUEST
If you’re interested in our services, we’ll happily put you in touch with suitable reference clients.