Skip to main content
Cyber Security Audit - C3SA CORP

Forensics

Forensics

C3SA's CyberFIRE™ team offers a number of both proactive and responsive solutions to directly address any forensic challenge that an organization may wish to undertake in their ongoing efforts to mitigate and respond to potential compromises by advanced threats, employee-misconduct and other similar and related threats.

Forensic Benchmarking

C3SA can conduct a comprehensive benchmark in a forensically sound fashion of any IT asset such as servers, workstations, databases, laptops and mobile devices to quickly enable individuals responsible for an organization's security to identify and detect potential compromises and to contain any threat, regardless of its level of sophistication, in a timely fashion.

Foreign Deployments

Traveling to a hostile location such as countries that possess a sophisticated and aggressive intelligence service is a well-documented risk to the sensitive assets, such as laptops and mobile devices that accompany the traveler. As these assets become forced to leverage the connectivity of untrusted networks and interfaces or are physically left unattended in areas that can be accessed by potentially malicious individuals, they can subsequently be searched for sensitive data or subverted with malware to compromise the corporate environment upon return. In tandem with C3SA's Forensic Benchmarking service, C3SA can assist organizations in creating an encompassing baseline of any asset that will be deployed in a hostile environment and provide an in-depth post-travel analysis to detect any unauthorized changes and accesses to a given asset along with the data that it contains.

Network Forensics

One of the most crucial steps in incident detection and response is for an institution to be able to detect and review network-based attacks against critical resources and assets followed by a comprehensive analysis of the collected information to produce actionable intelligence. By harnessing an organization's existing deployed network safeguard mechanisms such (e.g., firewalls, IDS/IPS and SIEM technology), C3SA can assist organizations in conducting a comprehensive forensic review and analysis of captured security events and related material such as packet captures to detect potential compromises in addition to providing insights that can aid in conducting Intrusion and Malware Analysis. Furthermore, we can recommend additional safeguards, measures and technological components fitted to your specific requirements that can be leveraged in order improve the overall security posture of your infrastructure.

Intrusion & Malware Analysis

When a potential compromise is detected, time quickly becomes of the essence to identify a number of facts so as to minimize any business impacts and efficiently contain and eradicate the threat. Specifically, organizations must quickly detect and identify:

    • The source of the attack and it's precise target(s)
    • The attack vector such as the exploit(s) that were used to penetrate the target
    • The malware(s) along with its functionality (e.g., keystroke logging, microphone and camera snapshotting, cookie stealing, process injection, etc.) that was used to establish persistence on hosts that were of interest to the threat actor
    • Lateral movement by the threat actor across the network infrastructure such as other hosts that may have been subsequently compromised
    • Data that may have been stolen and where it may have been sent to (e.g., the IP address/domain name of the server used by the attacker to collect stolen information)

Using highly advanced processes such as reverse engineering and memory capture analysis combined with our proprietary technology that can be seamlessly integrated into your environment and processes, C3SA can quickly assist organizations in answering the above questions so that effective mitigated steps can be undertaken across the infrastructure to limit the scope of compromise scope and allow IT practitioners to implement lasting measures that will prevent future breaches.

Computer Forensics

Employee misuse of corporate assets can not only lead to a net reduction in productivity for an organization but expose it to a loss in customer and shareholder trust and confidence in addition to expensive and damaging lawsuits. From the threat of malicious insiders to employees engaged in fraud and other activities that are in violation of the law or an organization's policy on the acceptable use of electronic networks, the harm to an institution's reputation, credibility, data and assets may come from countless sources. Using first-class forensic analysts, processes and technology, C3SA can help organizations uncover, document and tackle such wrongdoings through a forensically sound process that can withstand the test of court should legal proceedings ever be initiated.

Mobile Forensics

The role of mobile devices in crime has widely been recognized for a number of years. From miscreants using smart phones as an extension of a computer to further enable their criminal activities to well-meaning users unwittingly installing malicious applications on their phones which could compromise an organization's sensitive data and infrastructure, mobile devices now pose a risk to companies that can no longer be ignored. Leveraging its extensive experience in the field of digital forensics, C3SA can assist institutions in conducting a thorough forensic analysis of any mobile device to uncover and document artefacts that may be evidence of wrongdoing or potential misuse of a given mobile asset.

Recent Clients